diff options
219 files changed, 4407 insertions, 1353 deletions
@@ -10,6 +10,11 @@ newline. Entries should be separated by a newline. Changes to this file should not be MFCed. +1349a733cf28: + Add a driver supporting a new storage controller interface, + Universal Flash Storage Host Controller Interface, supporting + version 4.1 and earlier, via ufshci(4). + f1f230439fa4: FreeBSD now implements the inotify(2) family of system calls. @@ -27,6 +27,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20250724: + The Kerberos packages which are built when WITH_MITKRB5 is enabled + have been renamed from FreeBSD-krb5* to FreeBSD-kerberos*. This + affects pkgbase users who manually enabled WITH_MITKRB5, *or* use + the default value of WITH_MITKRB5 and updated past c7da9fb90b0b + (20250721) which made WITH_MITKRB5 the default. + + In either case, if you have FreeBSD-krb5* packages installed, you + should remove them and (re)install the equivalent FreeBSD-kerberos* + packages instead. + 20250721: WITH_MITKRB5 is now enabled by default. MIT KRB5 has replaced Heimdal in base. Ports that use USES=gssapi must be rebuilt. diff --git a/contrib/llvm-project/clang/include/clang/Sema/Sema.h b/contrib/llvm-project/clang/include/clang/Sema/Sema.h index 7bfdaaae45a9..a59a9342341d 100644 --- a/contrib/llvm-project/clang/include/clang/Sema/Sema.h +++ b/contrib/llvm-project/clang/include/clang/Sema/Sema.h @@ -13052,12 +13052,19 @@ public: /// ForConstraintInstantiation indicates we should continue looking when /// encountering a lambda generic call operator, and continue looking for /// arguments on an enclosing class template. + /// + /// \param SkipForSpecialization when specified, any template specializations + /// in a traversal would be ignored. + /// \param ForDefaultArgumentSubstitution indicates we should continue looking + /// when encountering a specialized member function template, rather than + /// returning immediately. MultiLevelTemplateArgumentList getTemplateInstantiationArgs( const NamedDecl *D, const DeclContext *DC = nullptr, bool Final = false, std::optional<ArrayRef<TemplateArgument>> Innermost = std::nullopt, bool RelativeToPrimary = false, const FunctionDecl *Pattern = nullptr, bool ForConstraintInstantiation = false, - bool SkipForSpecialization = false); + bool SkipForSpecialization = false, + bool ForDefaultArgumentSubstitution = false); /// RAII object to handle the state changes required to synthesize /// a function body. diff --git a/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiate.cpp b/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiate.cpp index a09e3be83c45..c2e8ed0c602e 100644 --- a/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiate.cpp +++ b/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiate.cpp @@ -269,7 +269,8 @@ HandleClassTemplateSpec(const ClassTemplateSpecializationDecl *ClassTemplSpec, Response HandleFunction(Sema &SemaRef, const FunctionDecl *Function, MultiLevelTemplateArgumentList &Result, const FunctionDecl *Pattern, bool RelativeToPrimary, - bool ForConstraintInstantiation) { + bool ForConstraintInstantiation, + bool ForDefaultArgumentSubstitution) { // Add template arguments from a function template specialization. if (!RelativeToPrimary && Function->getTemplateSpecializationKindForInstantiation() == @@ -299,7 +300,8 @@ Response HandleFunction(Sema &SemaRef, const FunctionDecl *Function, // If this function was instantiated from a specialized member that is // a function template, we're done. assert(Function->getPrimaryTemplate() && "No function template?"); - if (Function->getPrimaryTemplate()->isMemberSpecialization()) + if (!ForDefaultArgumentSubstitution && + Function->getPrimaryTemplate()->isMemberSpecialization()) return Response::Done(); // If this function is a generic lambda specialization, we are done. @@ -465,7 +467,7 @@ MultiLevelTemplateArgumentList Sema::getTemplateInstantiationArgs( const NamedDecl *ND, const DeclContext *DC, bool Final, std::optional<ArrayRef<TemplateArgument>> Innermost, bool RelativeToPrimary, const FunctionDecl *Pattern, bool ForConstraintInstantiation, - bool SkipForSpecialization) { + bool SkipForSpecialization, bool ForDefaultArgumentSubstitution) { assert((ND || DC) && "Can't find arguments for a decl if one isn't provided"); // Accumulate the set of template argument lists in this structure. MultiLevelTemplateArgumentList Result; @@ -507,7 +509,8 @@ MultiLevelTemplateArgumentList Sema::getTemplateInstantiationArgs( SkipForSpecialization); } else if (const auto *Function = dyn_cast<FunctionDecl>(CurDecl)) { R = HandleFunction(*this, Function, Result, Pattern, RelativeToPrimary, - ForConstraintInstantiation); + ForConstraintInstantiation, + ForDefaultArgumentSubstitution); } else if (const auto *Rec = dyn_cast<CXXRecordDecl>(CurDecl)) { R = HandleRecordDecl(*this, Rec, Result, Context, ForConstraintInstantiation); @@ -3231,7 +3234,6 @@ bool Sema::SubstDefaultArgument( // default argument expression appears. ContextRAII SavedContext(*this, FD); std::unique_ptr<LocalInstantiationScope> LIS; - MultiLevelTemplateArgumentList NewTemplateArgs = TemplateArgs; if (ForCallExpr) { // When instantiating a default argument due to use in a call expression, @@ -3244,19 +3246,10 @@ bool Sema::SubstDefaultArgument( /*ForDefinition*/ false); if (addInstantiatedParametersToScope(FD, PatternFD, *LIS, TemplateArgs)) return true; - const FunctionTemplateDecl *PrimaryTemplate = FD->getPrimaryTemplate(); - if (PrimaryTemplate && PrimaryTemplate->isOutOfLine()) { - TemplateArgumentList *CurrentTemplateArgumentList = - TemplateArgumentList::CreateCopy(getASTContext(), - TemplateArgs.getInnermost()); - NewTemplateArgs = getTemplateInstantiationArgs( - FD, FD->getDeclContext(), /*Final=*/false, - CurrentTemplateArgumentList->asArray(), /*RelativeToPrimary=*/true); - } } runWithSufficientStackSpace(Loc, [&] { - Result = SubstInitializer(PatternExpr, NewTemplateArgs, + Result = SubstInitializer(PatternExpr, TemplateArgs, /*DirectInit*/ false); }); } diff --git a/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp b/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp index a12d2eff1d2c..614e6ea12541 100644 --- a/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp +++ b/contrib/llvm-project/clang/lib/Sema/SemaTemplateInstantiateDecl.cpp @@ -4659,10 +4659,12 @@ bool Sema::InstantiateDefaultArgument(SourceLocation CallLoc, FunctionDecl *FD, // // template<typename T> // A<T> Foo(int a = A<T>::FooImpl()); - MultiLevelTemplateArgumentList TemplateArgs = - getTemplateInstantiationArgs(FD, FD->getLexicalDeclContext(), - /*Final=*/false, /*Innermost=*/std::nullopt, - /*RelativeToPrimary=*/true); + MultiLevelTemplateArgumentList TemplateArgs = getTemplateInstantiationArgs( + FD, FD->getLexicalDeclContext(), + /*Final=*/false, /*Innermost=*/std::nullopt, + /*RelativeToPrimary=*/true, /*Pattern=*/nullptr, + /*ForConstraintInstantiation=*/false, /*SkipForSpecialization=*/false, + /*ForDefaultArgumentSubstitution=*/true); if (SubstDefaultArgument(CallLoc, Param, TemplateArgs, /*ForCallExpr*/ true)) return true; diff --git a/include/rpc/des.h b/include/rpc/des.h index 5056e4b1545c..df4ab75d9bf0 100644 --- a/include/rpc/des.h +++ b/include/rpc/des.h @@ -56,26 +56,6 @@ struct desparams { # define des_buf UDES.UDES_buf /* otherwise, pointer to data */ }; -#ifdef notdef - -/* - * These ioctls are only implemented in SunOS. Maybe someday - * if somebody writes a driver for DES hardware that works - * with FreeBSD, we can being that back. - */ - -/* - * Encrypt an arbitrary sized buffer - */ -#define DESIOCBLOCK _IOWR('d', 6, struct desparams) - -/* - * Encrypt of small amount of data, quickly - */ -#define DESIOCQUICK _IOWR('d', 7, struct desparams) - -#endif - /* * Software DES. */ diff --git a/krb5/include/Makefile b/krb5/include/Makefile index 0a2ceaebb689..c7b3f0f10a99 100644 --- a/krb5/include/Makefile +++ b/krb5/include/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-lib .include <src.opts.mk> diff --git a/krb5/lib/Makefile.inc b/krb5/lib/Makefile.inc index 8df7b76410a2..6d86e7a35146 100644 --- a/krb5/lib/Makefile.inc +++ b/krb5/lib/Makefile.inc @@ -9,6 +9,8 @@ .include "../Makefile.inc" +PACKAGE?= kerberos-lib + KRB5_KRB5LIBDIR= ${KRB5_SRCLIBDIR}/krb5 KRB5_K5CRYPTODIR= ${KRB5_SRCLIBDIR}/crypto diff --git a/krb5/lib/apputils/Makefile b/krb5/lib/apputils/Makefile index 62ef36f0615e..cf430eb3cd27 100644 --- a/krb5/lib/apputils/Makefile +++ b/krb5/lib/apputils/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5-lib - .include <src.opts.mk> .include "../Makefile.inc" diff --git a/krb5/lib/crypto/Makefile b/krb5/lib/crypto/Makefile index 5087a2fb559b..4dda0d85da54 100644 --- a/krb5/lib/crypto/Makefile +++ b/krb5/lib/crypto/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= k5crypto # SHLIB_MAJOR= 3 LDFLAGS=-Wl,--no-undefined LIBADD= com_err krb5support crypto +VERSION_MAP= ${.CURDIR}/version.map # XXX The following doesn't work. Even though the pathnames are the same # XXX we need to use the alternative .include statements. @@ -24,10 +23,6 @@ LIBADD= com_err krb5support crypto # .include "${KRB5_CRYPTOLIBDIR}/builtin/Makefile.inc" # .include "${KRB5_CRYPTOLIBDIR}/openssl/Makefile.inc" -.include "${KRB5_SRCTOP}/lib/krb5/error_tables/Makefile.inc" - -SRCS+= ${GEN_ET} - .include "${KRB5_SRCTOP}/lib/crypto/krb/Makefile.inc" .include "${KRB5_SRCTOP}/lib/crypto/builtin/Makefile.inc" .include "${KRB5_SRCTOP}/lib/crypto/openssl/Makefile.inc" diff --git a/krb5/lib/crypto/version.map b/krb5/lib/crypto/version.map new file mode 100644 index 000000000000..57448f6d85fa --- /dev/null +++ b/krb5/lib/crypto/version.map @@ -0,0 +1,109 @@ +k5crypto_3_MIT { + global: + krb5_c_make_random_key; + krb5_c_encrypt_length; + krb5_process_key; + krb5_string_to_cksumtype; + krb5_c_valid_enctype; + krb5_c_valid_cksumtype; + krb5_string_to_key; + krb5_c_encrypt_iov; + krb5_c_checksum_length; + is_keyed_cksum; + krb5_c_padding_length; + is_coll_proof_cksum; + krb5_init_random_key; + krb5_c_string_to_key_with_params; + krb5_c_random_make_octets; + krb5_c_random_os_entropy; + krb5_c_decrypt; + krb5_c_crypto_length; + krb5_c_block_size; + krb5_cksumtype_to_string; + krb5_c_keyed_checksum_types; + krb5_c_is_keyed_cksum; + krb5_c_crypto_length_iov; + valid_cksumtype; + krb5_c_random_seed; + krb5_c_random_to_key; + krb5_verify_checksum; + krb5_c_free_state; + krb5_c_verify_checksum; + krb5_c_random_add_entropy; + krb5_c_decrypt_iov; + krb5_c_make_checksum; + krb5_checksum_size; + krb5_free_cksumtypes; + krb5_finish_key; + krb5_encrypt_size; + krb5_c_keylengths; + krb5_c_prf; + krb5_encrypt; + krb5_string_to_enctype; + krb5_c_is_coll_proof_cksum; + krb5_c_init_state; + krb5_eblock_enctype; + krb5_decrypt; + krb5_c_encrypt; + krb5_c_enctype_compare; + krb5_c_verify_checksum_iov; + valid_enctype; + krb5_enctype_to_string; + krb5_enctype_to_name; + krb5_c_make_checksum_iov; + krb5_calculate_checksum; + krb5_c_string_to_key; + krb5_use_enctype; + krb5_random_key; + krb5_finish_random_key; + krb5_c_prf_length; + krb5int_c_mandatory_cksumtype; + krb5_c_fx_cf2_simple; + krb5int_c_weak_enctype; + krb5_encrypt_data; + krb5int_c_copy_keyblock; + krb5int_c_copy_keyblock_contents; + krb5int_c_free_keyblock_contents; + krb5int_c_free_keyblock; + krb5int_c_init_keyblock; + krb5int_hash_md4; + krb5int_hash_md5; + krb5int_hash_sha256; + krb5int_hash_sha384; + krb5int_enc_arcfour; + krb5int_hmac; + krb5_k_create_key; + krb5_k_decrypt; + krb5_k_decrypt_iov; + krb5_k_encrypt; + krb5_k_encrypt_iov; + krb5_k_free_key; + krb5_k_key_enctype; + krb5_k_key_keyblock; + krb5_k_make_checksum; + krb5_k_make_checksum_iov; + krb5_k_prf; + krb5_k_reference_key; + krb5_k_verify_checksum; + krb5_k_verify_checksum_iov; + krb5int_aes_encrypt; + krb5int_aes_decrypt; + krb5int_enc_des3; + krb5int_arcfour_gsscrypt; + krb5int_camellia_encrypt; + krb5int_cmac_checksum; + krb5int_enc_aes128; + krb5int_enc_aes256; + krb5int_enc_camellia128; + krb5int_enc_camellia256; + krb5int_derive_key; + krb5int_derive_random; + k5_sha256; + krb5int_nfold; + k5_allow_weak_pbkdf2iter; + krb5_c_prfplus; + krb5_c_derive_prfplus; + k5_enctype_to_ssf; + krb5int_c_deprecated_enctype; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/gssapi/Makefile b/krb5/lib/gssapi/Makefile index 51ed6f162d65..63e4d7df4bed 100644 --- a/krb5/lib/gssapi/Makefile +++ b/krb5/lib/gssapi/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= gssapi_krb5 # SHLIB_MAJOR= 2 LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5profile krb5support +VERSION_MAP= ${.CURDIR}/version.map # This is a contcatonation of: # crypto/krb5/src/lib/gssapi/libgssapi_krb5.exports diff --git a/krb5/lib/gssapi/version.map b/krb5/lib/gssapi/version.map new file mode 100644 index 000000000000..d52c0d3d1e36 --- /dev/null +++ b/krb5/lib/gssapi/version.map @@ -0,0 +1,176 @@ +HEIMDAL_GSS_2.0 { + global: + gss_accept_sec_context; + gss_acquire_cred; + gss_acquire_cred_with_password; + gss_add_buffer_set_member; + gss_add_cred; + gss_add_cred_with_password; + gss_add_oid_set_member; + gss_authorize_localname; + gss_canonicalize_name; + gss_compare_name; + gss_context_time; + gss_create_empty_buffer_set; + gss_create_empty_oid_set; + gss_decapsulate_token; + gss_delete_name_attribute; + gss_delete_sec_context; + gss_display_mech_attr; + gss_display_name; + gss_display_name_ext; + gss_display_status; + gss_duplicate_name; + gss_encapsulate_token; + gss_export_cred; + gss_export_name; + gss_export_name_composite; + gss_export_sec_context; + gss_get_mic; + gss_get_name_attribute; + gss_import_cred; + gss_import_name; + gss_import_sec_context; + gss_indicate_mechs; + gss_indicate_mechs_by_attrs; + gss_init_sec_context; + gss_inquire_attrs_for_mech; + gss_inquire_context; + gss_inquire_cred; + gss_inquire_cred_by_mech; + gss_inquire_cred_by_oid; + gss_inquire_mech_for_saslname; + gss_inquire_mechs_for_name; + gss_inquire_name; + gss_inquire_names_for_mech; + gss_inquire_saslname_for_mech; + gss_krb5_ccache_name; + gss_krb5_copy_ccache; + gss_krb5_export_lucid_sec_context; + gss_krb5_free_lucid_sec_context; + gss_krb5_get_tkt_flags; + gss_krb5_import_cred; + gss_krb5_set_allowable_enctypes; + gss_oid_equal; + gss_oid_to_str; + gss_pname_to_uid; + gss_process_context_token; + gss_pseudo_random; + gss_release_buffer; + gss_release_buffer_set; + gss_release_cred; + gss_release_iov_buffer; + gss_release_name; + gss_release_oid; + gss_release_oid_set; + gss_seal; + gss_set_cred_option; + gss_set_name_attribute; + gss_set_sec_context_option; + gss_sign; + gss_store_cred; + gss_test_oid_set_member; + gss_unseal; + gss_unwrap; + gss_unwrap_iov; + gss_userok; + gss_verify; + gss_verify_mic; + gss_wrap; + gss_wrap_iov; + gss_wrap_iov_length; + gss_wrap_size_limit; + gsskrb5_extract_authtime_from_sec_context; + gsskrb5_extract_authz_data_from_sec_context; + krb5_gss_register_acceptor_identity; +}; + +gssapi_krb5_2_MIT { + global: + GSS_C_ATTR_LOCAL_LOGIN_USER; + GSS_C_INQ_SSPI_SESSION_KEY; + GSS_C_INQ_NEGOEX_KEY; + GSS_C_INQ_NEGOEX_VERIFY_KEY; + GSS_C_NT_ANONYMOUS; + GSS_C_NT_COMPOSITE_EXPORT; + GSS_C_NT_EXPORT_NAME; + GSS_C_NT_HOSTBASED_SERVICE; + GSS_C_NT_HOSTBASED_SERVICE_X; + GSS_C_NT_MACHINE_UID_NAME; + GSS_C_NT_STRING_UID_NAME; + GSS_C_NT_USER_NAME; + GSS_KRB5_NT_PRINCIPAL_NAME; + GSS_KRB5_NT_ENTERPRISE_NAME; + GSS_KRB5_NT_X509_CERT; + GSS_KRB5_CRED_NO_CI_FLAGS_X; + GSS_KRB5_GET_CRED_IMPERSONATOR; + GSS_C_MA_MECH_CONCRETE; + GSS_C_MA_MECH_PSEUDO; + GSS_C_MA_MECH_COMPOSITE; + GSS_C_MA_MECH_NEGO; + GSS_C_MA_MECH_GLUE; + GSS_C_MA_NOT_MECH; + GSS_C_MA_DEPRECATED; + GSS_C_MA_NOT_DFLT_MECH; + GSS_C_MA_ITOK_FRAMED; + GSS_C_MA_AUTH_INIT; + GSS_C_MA_AUTH_TARG; + GSS_C_MA_AUTH_INIT_INIT; + GSS_C_MA_AUTH_TARG_INIT; + GSS_C_MA_AUTH_INIT_ANON; + GSS_C_MA_AUTH_TARG_ANON; + GSS_C_MA_DELEG_CRED; + GSS_C_MA_INTEG_PROT; + GSS_C_MA_CONF_PROT; + GSS_C_MA_MIC; + GSS_C_MA_WRAP; + GSS_C_MA_PROT_READY; + GSS_C_MA_REPLAY_DET; + GSS_C_MA_OOS_DET; + GSS_C_MA_CBINDINGS; + GSS_C_MA_PFS; + GSS_C_MA_COMPRESS; + GSS_C_MA_CTX_TRANS; + GSS_C_MA_NEGOEX_AND_SPNEGO; + GSS_C_SEC_CONTEXT_SASL_SSF; + gss_acquire_cred_impersonate_name; + gss_add_cred_impersonate_name; + gss_complete_auth_token; + gss_get_mic_iov; + gss_get_mic_iov_length; + gss_krb5_set_cred_rcache; + gss_krb5int_make_seal_token_v3; + gss_krb5int_unseal_token_v3; + gss_localname; + gss_map_name_to_any; + gss_mech_iakerb; + gss_mech_krb5; + gss_mech_krb5_old; + gss_mech_krb5_wrong; + gss_mech_set_krb5; + gss_mech_set_krb5_both; + gss_mech_set_krb5_old; + gss_nt_exported_name; + gss_nt_krb5_name; + gss_nt_krb5_principal; + gss_nt_machine_uid_name; + gss_nt_service_name; + gss_nt_service_name_v2; + gss_nt_string_uid_name; + gss_nt_user_name; + gss_release_any_name_mapping; + gss_set_neg_mechs; + gss_str_to_oid; + gss_unwrap_aead; + gss_verify_mic_iov; + gss_wrap_aead; + gssspi_set_cred_option; + gssspi_mech_invoke; + krb5_gss_dbg_client_expcreds; + krb5_gss_use_kdc_context; + gss_acquire_cred_from; + gss_add_cred_from; + gss_store_cred_into; + gssint_g_seqstate_init; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/kadm5clnt/Makefile b/krb5/lib/kadm5clnt/Makefile index ddb9b0e9fec5..22d78d7ae2f1 100644 --- a/krb5/lib/kadm5clnt/Makefile +++ b/krb5/lib/kadm5clnt/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= kadm5clnt_mit # SHLIB_MAJOR= 12 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc gssapi_krb5 krb5 k5crypto krb5support com_err +VERSION_MAP= ${.CURDIR}/version.map SRCS= alt_prof.c \ chpass_util.c \ diff --git a/krb5/lib/kadm5clnt/version.map b/krb5/lib/kadm5clnt/version.map new file mode 100644 index 000000000000..1b624130144d --- /dev/null +++ b/krb5/lib/kadm5clnt/version.map @@ -0,0 +1,119 @@ +kadm5clnt_mit_12_MIT { + global: + _kadm5_check_handle; + _kadm5_chpass_principal_util; + kadm5_chpass_principal; + kadm5_chpass_principal_3; + kadm5_chpass_principal_util; + kadm5_create_policy; + kadm5_create_principal; + kadm5_create_principal_3; + kadm5_decrypt_key; + kadm5_delete_policy; + kadm5_delete_principal; + kadm5_destroy; + kadm5_flush; + kadm5_free_config_params; + kadm5_free_kadm5_key_data; + kadm5_free_key_data; + kadm5_free_name_list; + kadm5_free_policy_ent; + kadm5_free_principal_ent; + kadm5_free_strings; + kadm5_get_admin_service_name; + kadm5_get_config_params; + kadm5_get_policies; + kadm5_get_policy; + kadm5_get_principal; + kadm5_get_principal_keys; + kadm5_get_principals; + kadm5_get_privs; + kadm5_get_strings; + kadm5_init; + kadm5_init_anonymous; + kadm5_init_krb5_context; + kadm5_init_with_creds; + kadm5_init_with_password; + kadm5_init_with_skey; + kadm5_lock; + kadm5_modify_policy; + kadm5_modify_principal; + kadm5_purgekeys; + kadm5_randkey_principal; + kadm5_randkey_principal_3; + kadm5_rename_principal; + kadm5_set_string; + kadm5_setkey_principal; + kadm5_setkey_principal_3; + kadm5_setkey_principal_4; + kadm5_unlock; + krb5_aprof_get_boolean; + krb5_aprof_get_deltat; + krb5_aprof_get_int32; + krb5_aprof_get_string; + krb5_aprof_getvals; + krb5_flagnum_to_string; + krb5_flagspec_to_mask; + krb5_flags_to_strings; + krb5_free_key_data_contents; + krb5_keysalt_is_present; + krb5_keysalt_iterate; + krb5_klog_close; + krb5_klog_init; + krb5_klog_reopen; + krb5_klog_set_context; + krb5_klog_syslog; + krb5_string_to_keysalts; + xdr_chpass3_arg; + xdr_chpass_arg; + xdr_chrand3_arg; + xdr_chrand_arg; + xdr_chrand_ret; + xdr_cpol_arg; + xdr_cprinc3_arg; + xdr_cprinc_arg; + xdr_dpol_arg; + xdr_dprinc_arg; + xdr_generic_ret; + xdr_getpkeys_arg; + xdr_getpkeys_ret; + xdr_getprivs_ret; + xdr_gpol_arg; + xdr_gpol_ret; + xdr_gpols_arg; + xdr_gpols_ret; + xdr_gprinc_arg; + xdr_gprinc_ret; + xdr_gprincs_arg; + xdr_gprincs_ret; + xdr_kadm5_key_data; + xdr_kadm5_policy_ent_rec; + xdr_kadm5_principal_ent_rec; + xdr_kadm5_ret_t; + xdr_krb5_deltat; + xdr_krb5_enctype; + xdr_krb5_flags; + xdr_krb5_int16; + xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; + xdr_krb5_kvno; + xdr_krb5_octet; + xdr_krb5_principal; + xdr_krb5_salttype; + xdr_krb5_timestamp; + xdr_krb5_tl_data; + xdr_krb5_ui_2; + xdr_krb5_ui_4; + xdr_mpol_arg; + xdr_mprinc_arg; + xdr_nullstring; + xdr_nulltype; + xdr_rprinc_arg; + xdr_setkey3_arg; + xdr_setkey4_arg; + xdr_setkey_arg; + xdr_ui_4; + kadm5_init_iprop; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/kadm5srv/Makefile b/krb5/lib/kadm5srv/Makefile index f716dfcdaedc..50f1e859f17b 100644 --- a/krb5/lib/kadm5srv/Makefile +++ b/krb5/lib/kadm5srv/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= kadm5srv_mit # SHLIB_MAJOR= 12 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc gssapi_krb5 kdb5 krb5 k5crypto krb5support com_err +VERSION_MAP= ${.CURDIR}/version.map INCSDIR= ${INCLUDEDIR}/kadm5 diff --git a/krb5/lib/kadm5srv/version.map b/krb5/lib/kadm5srv/version.map new file mode 100644 index 000000000000..d18753acad3f --- /dev/null +++ b/krb5/lib/kadm5srv/version.map @@ -0,0 +1,138 @@ +kadm5srv_mit_12_MIT { + global: + _kadm5_check_handle; + _kadm5_chpass_principal_util; + hist_princ; + kadm5_chpass_principal; + kadm5_chpass_principal_3; + kadm5_chpass_principal_util; + kadm5_create_policy; + kadm5_create_principal; + kadm5_create_principal_3; + kadm5_decrypt_key; + kadm5_delete_policy; + kadm5_delete_principal; + kadm5_destroy; + kadm5_flush; + kadm5_free_config_params; + kadm5_free_kadm5_key_data; + kadm5_free_key_data; + kadm5_free_name_list; + kadm5_free_policy_ent; + kadm5_free_principal_ent; + kadm5_free_strings; + kadm5_get_config_params; + kadm5_get_policies; + kadm5_get_policy; + kadm5_get_principal; + kadm5_get_principal_keys; + kadm5_get_principals; + kadm5_get_privs; + kadm5_get_strings; + kadm5_init; + kadm5_init_anonymous; + kadm5_init_krb5_context; + kadm5_init_with_creds; + kadm5_init_with_password; + kadm5_init_with_skey; + kadm5_lock; + kadm5_modify_policy; + kadm5_modify_principal; + kadm5_purgekeys; + kadm5_randkey_principal; + kadm5_randkey_principal_3; + kadm5_rename_principal; + kadm5_set_string; + kadm5_setkey_principal; + kadm5_setkey_principal_3; + kadm5_setkey_principal_4; + kadm5_unlock; + kdb_delete_entry; + kdb_free_entry; + kdb_init_hist; + kdb_init_master; + kdb_iter_entry; + kdb_put_entry; + krb5_aprof_get_boolean; + krb5_aprof_get_deltat; + krb5_aprof_get_int32; + krb5_aprof_get_string; + krb5_aprof_get_string_all; + krb5_aprof_getvals; + krb5_copy_key_data_contents; + krb5_flagnum_to_string; + krb5_flagspec_to_mask; + krb5_flags_to_strings; + krb5_free_key_data_contents; + krb5_keysalt_is_present; + krb5_keysalt_iterate; + krb5_klog_close; + krb5_klog_init; + krb5_klog_reopen; + krb5_klog_set_context; + krb5_klog_syslog; + krb5_string_to_keysalts; + master_db; + master_princ; + osa_free_princ_ent; + passwd_check; + xdr_chpass3_arg; + xdr_chpass_arg; + xdr_chrand3_arg; + xdr_chrand_arg; + xdr_chrand_ret; + xdr_cpol_arg; + xdr_cprinc3_arg; + xdr_cprinc_arg; + xdr_dpol_arg; + xdr_dprinc_arg; + xdr_generic_ret; + xdr_getpkeys_arg; + xdr_getpkeys_ret; + xdr_getprivs_ret; + xdr_gpol_arg; + xdr_gpol_ret; + xdr_gpols_arg; + xdr_gpols_ret; + xdr_gprinc_arg; + xdr_gprinc_ret; + xdr_gprincs_arg; + xdr_gprincs_ret; + xdr_gstrings_arg; + xdr_gstrings_ret; + xdr_kadm5_policy_ent_rec; + xdr_kadm5_principal_ent_rec; + xdr_kadm5_ret_t; + xdr_krb5_deltat; + xdr_krb5_enctype; + xdr_krb5_flags; + xdr_krb5_int16; + xdr_krb5_key_data; + xdr_krb5_key_data_nocontents; + xdr_krb5_key_salt_tuple; + xdr_krb5_keyblock; + xdr_krb5_kvno; + xdr_krb5_octet; + xdr_krb5_principal; + xdr_krb5_salttype; + xdr_krb5_string_attr; + xdr_krb5_timestamp; + xdr_krb5_tl_data; + xdr_krb5_ui_2; + xdr_krb5_ui_4; + xdr_mpol_arg; + xdr_mprinc_arg; + xdr_nullstring; + xdr_nulltype; + xdr_osa_princ_ent_rec; + xdr_osa_pw_hist_ent; + xdr_purgekeys_arg; + xdr_rprinc_arg; + xdr_setkey3_arg; + xdr_setkey4_arg; + xdr_setkey_arg; + xdr_sstring_arg; + xdr_ui_4; + kadm5_init_iprop; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/kdb/Makefile b/krb5/lib/kdb/Makefile index ac7f058a7f11..ff17900fb7ec 100644 --- a/krb5/lib/kdb/Makefile +++ b/krb5/lib/kdb/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= kdb5 # SHLIB_MAJOR= 10 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile gssrpc krb5 k5crypto com_err krb5support gssapi_krb5 +VERSION_MAP= ${.CURDIR}/version.map SRCS= decrypt_key.c \ encrypt_key.c \ diff --git a/krb5/lib/kdb/version.map b/krb5/lib/kdb/version.map new file mode 100644 index 000000000000..63096fe7190a --- /dev/null +++ b/krb5/lib/kdb/version.map @@ -0,0 +1,112 @@ +kdb5_10_MIT { + global: + krb5_db_setup_lib_handle; + krb5_db_open; + krb5_db_inited; + krb5_db_alloc; + krb5_db_free; + krb5_db_allowed_to_delegate_from; + krb5_db_audit_as_req; + krb5_db_check_allowed_to_delegate; + krb5_db_get_s4u_x509_principal; + krb5_db_check_policy_as; + krb5_db_check_policy_tgs; + krb5_db_check_transited_realms; + krb5_db_create; + krb5_db_delete_principal; + krb5_db_destroy; + krb5_db_fetch_mkey; + krb5_db_fetch_mkey_list; + krb5_db_fini; + krb5_db_free_principal; + krb5_db_get_age; + krb5_db_get_key_data_kvno; + krb5_db_get_context; + krb5_db_get_principal; + krb5_db_issue_pac; + krb5_db_iterate; + krb5_db_lock; + krb5_db_mkey_list_alias; + krb5_db_put_principal; + krb5_db_refresh_config; + krb5_db_rename_principal; + krb5_db_set_context; + krb5_db_setup_mkey_name; + krb5_db_unlock; + krb5_db_store_master_key; + krb5_db_store_master_key_list; + krb5_dbe_apw; + krb5_dbe_ark; + krb5_dbe_cpw; + krb5_dbe_create_key_data; + krb5_dbe_crk; + krb5_dbe_find_act_mkey; + krb5_dbe_fetch_act_key_list; + krb5_dbe_find_enctype; + krb5_dbe_find_mkey; + krb5_dbe_free_actkvno_list; + krb5_dbe_free_key_data_contents; + krb5_dbe_free_mkey_aux_list; + krb5_dbe_free_key_list; + krb5_dbe_free_string; + krb5_dbe_free_strings; + krb5_dbe_get_mkvno; + krb5_dbe_get_string; + krb5_dbe_get_strings; + krb5_dbe_compute_salt; + krb5_dbe_lookup_last_admin_unlock; + krb5_dbe_lookup_last_pwd_change; + krb5_dbe_lookup_actkvno; + krb5_dbe_lookup_mkey_aux; + krb5_dbe_lookup_mkvno; + krb5_dbe_lookup_mod_princ_data; + krb5_dbe_lookup_tl_data; + krb5_dbe_search_enctype; + krb5_dbe_set_string; + krb5_dbe_specialize_salt; + krb5_dbe_update_actkvno; + krb5_dbe_update_last_admin_unlock; + krb5_dbe_update_last_pwd_change; + krb5_dbe_update_mkey_aux; + krb5_dbe_update_mkvno; + krb5_dbe_update_mod_princ_data; + krb5_dbe_update_tl_data; + krb5_db_update_tl_data; + krb5_dbe_def_encrypt_key_data; + krb5_dbe_def_decrypt_key_data; + krb5_dbe_decrypt_key_data; + krb5_dbe_encrypt_key_data; + krb5_kt_kdb_ops; + krb5_ktkdb_close; + krb5_ktkdb_get_entry; + krb5_ktkdb_resolve; + krb5_ktkdb_set_context; + krb5_mkey_pwd_prompt1; + krb5_mkey_pwd_prompt2; + krb5_db_create_policy; + krb5_db_get_policy; + krb5_db_put_policy; + krb5_db_iter_policy; + krb5_db_delete_policy; + krb5_db_free_policy; + krb5_def_store_mkey_list; + krb5_db_promote; + krb5_db_register_keytab; + ulog_add_update; + ulog_init_header; + ulog_map; + ulog_set_role; + ulog_free_entries; + xdr_kdb_last_t; + xdr_kdb_incr_result_t; + xdr_kdb_fullresync_result_t; + ulog_fini; + ulog_get_entries; + ulog_get_last; + ulog_get_sno_status; + ulog_replay; + ulog_set_last; + xdr_kdb_incr_update_t; + krb5_dbe_sort_key_data; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/krad/Makefile b/krb5/lib/krad/Makefile index 4b18af482207..0bc74e8318f8 100644 --- a/krb5/lib/krad/Makefile +++ b/krb5/lib/krad/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5-lib - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= krad # SHLIB_MAJOR= 0 LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5profile krb5support verto +VERSION_MAP= ${.CURDIR}/version.map SRCS= attr.c \ attrset.c \ diff --git a/krb5/lib/krad/version.map b/krb5/lib/krad/version.map new file mode 100644 index 000000000000..a18fa4665e50 --- /dev/null +++ b/krb5/lib/krad/version.map @@ -0,0 +1,27 @@ +krad_0_MIT { + global: + krad_code_name2num; + krad_code_num2name; + krad_attr_name2num; + krad_attr_num2name; + krad_attrset_new; + krad_attrset_copy; + krad_attrset_free; + krad_attrset_add; + krad_attrset_add_number; + krad_attrset_del; + krad_attrset_get; + krad_packet_bytes_needed; + krad_packet_free; + krad_packet_new_request; + krad_packet_new_response; + krad_packet_decode_request; + krad_packet_decode_response; + krad_packet_encode; + krad_packet_get_code; + krad_packet_get_attr; + krad_client_new; + krad_client_free; + krad_client_send; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/krb5/Makefile b/krb5/lib/krb5/Makefile index bf90c7fc80f7..163005b6abf3 100644 --- a/krb5/lib/krb5/Makefile +++ b/krb5/lib/krb5/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= krb5 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile k5crypto com_err krb5support # SHLIB_MAJOR= 3 +VERSION_MAP= ${.CURDIR}/version.map SRCS= krb5_libinit.c diff --git a/krb5/lib/krb5/error_tables/Makefile.inc b/krb5/lib/krb5/error_tables/Makefile.inc index dee259798dae..5d2ec3b9e920 100644 --- a/krb5/lib/krb5/error_tables/Makefile.inc +++ b/krb5/lib/krb5/error_tables/Makefile.inc @@ -144,3 +144,5 @@ ${GEN_ASN1_ERR_C}: ${GEN_ASN1_ERR} ${COMPILE_ET} et-c-${.PREFIX}.et mv et-c-${.PREFIX}.c ${.PREFIX}.c rm -f et-c-${.PREFIX}.et et-c-${.PREFIX}.c + +SRCS+= ${GEN_ET} diff --git a/krb5/lib/krb5/version.map b/krb5/lib/krb5/version.map new file mode 100644 index 000000000000..ce399a93e03e --- /dev/null +++ b/krb5/lib/krb5/version.map @@ -0,0 +1,633 @@ +HEIMDAL_KRB5_2.0 { + global: + initialize_k524_error_table; + initialize_krb5_error_table; + krb524_convert_creds_kdc; + krb5_address_compare; + krb5_address_order; + krb5_address_search; + krb5_allow_weak_crypto; + krb5_aname_to_localname; + krb5_appdefault_boolean; + krb5_appdefault_string; + krb5_auth_con_free; + krb5_auth_con_genaddrs; + krb5_auth_con_getaddrs; + krb5_auth_con_getauthenticator; + krb5_auth_con_getflags; + krb5_auth_con_getkey; + krb5_auth_con_getlocalseqnumber; + krb5_auth_con_getlocalsubkey; + krb5_auth_con_getrcache; + krb5_auth_con_getrecvsubkey; + krb5_auth_con_getremoteseqnumber; + krb5_auth_con_getremotesubkey; + krb5_auth_con_getsendsubkey; + krb5_auth_con_init; + krb5_auth_con_setaddrs; + krb5_auth_con_setflags; + krb5_auth_con_setrcache; + krb5_auth_con_setrecvsubkey; + krb5_auth_con_setsendsubkey; + krb5_build_principal; + krb5_build_principal_ext; + krb5_build_principal_va; + krb5_cc_cache_match; + krb5_cc_close; + krb5_cc_copy_creds; + krb5_cc_default; + krb5_cc_default_name; + krb5_cc_destroy; + krb5_cc_end_seq_get; + krb5_cc_gen_new; + krb5_cc_get_config; + krb5_cc_get_full_name; + krb5_cc_get_name; + krb5_cc_get_principal; + krb5_cc_get_type; + krb5_cc_initialize; + krb5_cc_move; + krb5_cc_new_unique; + krb5_cc_next_cred; + krb5_cc_register; + krb5_cc_remove_cred; + krb5_cc_resolve; + krb5_cc_retrieve_cred; + krb5_cc_set_config; + krb5_cc_set_default_name; + krb5_cc_set_flags; + krb5_cc_start_seq_get; + krb5_cc_store_cred; + krb5_cc_support_switch; + krb5_cc_switch; + krb5_cccol_cursor_free; + krb5_cccol_cursor_new; + krb5_cccol_cursor_next; + krb5_change_password; + krb5_clear_error_message; + krb5_copy_addresses; + krb5_copy_checksum; + krb5_copy_context; + krb5_copy_creds; + krb5_copy_data; + krb5_copy_keyblock; + krb5_copy_keyblock_contents; + krb5_copy_principal; + krb5_copy_ticket; + krb5_expand_hostname; + krb5_fcc_ops; + krb5_free_address; + krb5_free_addresses; + krb5_free_ap_rep_enc_part; + krb5_free_authenticator; + krb5_free_checksum; + krb5_free_checksum_contents; + krb5_free_config_files; + krb5_free_context; + krb5_free_cred_contents; + krb5_free_creds; + krb5_free_data; + krb5_free_data_contents; + krb5_free_default_realm; + krb5_free_error_message; + krb5_free_host_realm; + krb5_free_kdc_rep; + krb5_free_keyblock; + krb5_free_keyblock_contents; + krb5_free_principal; + krb5_free_ticket; + krb5_free_unparsed_name; + krb5_fwd_tgt_creds; + krb5_generate_seq_number; + krb5_generate_subkey; + krb5_get_credentials; + krb5_get_default_config_files; + krb5_get_default_realm; + krb5_get_error_message; + krb5_get_host_realm; + krb5_get_in_tkt_with_keytab; + krb5_get_in_tkt_with_password; + krb5_get_in_tkt_with_skey; + krb5_get_init_creds_keytab; + krb5_get_init_creds_opt_alloc; + krb5_get_init_creds_opt_free; + krb5_get_init_creds_opt_init; + krb5_get_init_creds_opt_set_address_list; + krb5_get_init_creds_opt_set_anonymous; + krb5_get_init_creds_opt_set_canonicalize; + krb5_get_init_creds_opt_set_etype_list; + krb5_get_init_creds_opt_set_forwardable; + krb5_get_init_creds_opt_set_pac_request; + krb5_get_init_creds_opt_set_preauth_list; + krb5_get_init_creds_opt_set_proxiable; + krb5_get_init_creds_opt_set_renew_life; + krb5_get_init_creds_opt_set_salt; + krb5_get_init_creds_opt_set_tkt_life; + krb5_get_init_creds_password; + krb5_get_permitted_enctypes; + krb5_get_renewed_creds; + krb5_get_server_rcache; + krb5_get_validated_creds; + krb5_init_context; + krb5_init_creds_free; + krb5_init_creds_get; + krb5_init_creds_get_creds; + krb5_init_creds_get_error; + krb5_init_creds_init; + krb5_init_creds_set_keytab; + krb5_init_creds_set_password; + krb5_init_creds_set_service; + krb5_is_config_principal; + krb5_is_thread_safe; + krb5_kt_add_entry; + krb5_kt_close; + krb5_kt_default; + krb5_kt_default_name; + krb5_kt_end_seq_get; + krb5_kt_free_entry; + krb5_kt_get_entry; + krb5_kt_get_name; + krb5_kt_get_type; + krb5_kt_have_content; + krb5_kt_next_entry; + krb5_kt_read_service_key; + krb5_kt_register; + krb5_kt_remove_entry; + krb5_kt_resolve; + krb5_kt_start_seq_get; + krb5_kuserok; + krb5_mcc_ops; + krb5_mk_error; + krb5_mk_priv; + krb5_mk_rep; + krb5_mk_req; + krb5_mk_req_extended; + krb5_mk_safe; + krb5_net_read; + krb5_net_write; + krb5_pac_add_buffer; + krb5_pac_free; + krb5_pac_get_buffer; + krb5_pac_get_types; + krb5_pac_init; + krb5_pac_parse; + krb5_pac_verify; + krb5_parse_name; + krb5_parse_name_flags; + krb5_prepend_error_message; + krb5_principal_compare; + krb5_principal_compare_any_realm; + krb5_prompter_posix; + krb5_rc_default; + krb5_rc_destroy; + krb5_rc_get_lifespan; + krb5_rc_initialize; + krb5_rd_cred; + krb5_rd_error; + krb5_rd_priv; + krb5_rd_rep; + krb5_rd_req; + krb5_rd_safe; + krb5_read_message; + krb5_realm_compare; + krb5_recvauth; + krb5_salttype_to_string; + krb5_sendauth; + krb5_sendto_kdc; + krb5_set_config_files; + krb5_set_default_realm; + krb5_set_error_message; + krb5_set_password; + krb5_set_password_using_ccache; + krb5_set_real_time; + krb5_sname_to_principal; + krb5_string_to_deltat; + krb5_string_to_salttype; + krb5_timeofday; + krb5_unparse_name; + krb5_unparse_name_flags; + krb5_us_timeofday; + krb5_verify_init_creds; + krb5_verify_init_creds_opt_init; + krb5_verify_init_creds_opt_set_ap_req_nofail; + krb5_vprepend_error_message; + krb5_vset_error_message; + krb5_write_message; +}; + +krb5_3_MIT { + global: + _krb5_conf_boolean; + decode_krb5_ad_kdcissued; + decode_krb5_ap_rep; + decode_krb5_ap_rep_enc_part; + decode_krb5_ap_req; + decode_krb5_as_rep; + decode_krb5_as_req; + decode_krb5_authdata; + decode_krb5_authenticator; + decode_krb5_cammac; + decode_krb5_cred; + decode_krb5_enc_cred_part; + decode_krb5_enc_data; + decode_krb5_enc_kdc_rep_part; + decode_krb5_enc_priv_part; + decode_krb5_enc_sam_response_enc_2; + decode_krb5_enc_tkt_part; + decode_krb5_encryption_key; + decode_krb5_error; + decode_krb5_etype_info; + decode_krb5_etype_info2; + decode_krb5_fast_req; + decode_krb5_fast_response; + decode_krb5_iakerb_finished; + decode_krb5_iakerb_header; + decode_krb5_kdc_req_body; + decode_krb5_otp_tokeninfo; + decode_krb5_kkdcp_message; + decode_krb5_pa_enc_ts; + decode_krb5_pa_for_user; + decode_krb5_pa_fx_fast_reply; + decode_krb5_pa_fx_fast_request; + decode_krb5_pa_otp_challenge; + decode_krb5_pa_otp_req; + decode_krb5_pa_otp_enc_req; + decode_krb5_pa_pac_options; + decode_krb5_pa_pac_req; + decode_krb5_pa_s4u_x509_user; + decode_krb5_pa_spake; + decode_krb5_padata_sequence; + decode_krb5_priv; + decode_krb5_safe; + decode_krb5_sam_challenge_2; + decode_krb5_sam_challenge_2_body; + decode_krb5_sam_response_2; + decode_krb5_secure_cookie; + decode_krb5_setpw_req; + decode_krb5_spake_factor; + decode_krb5_tgs_rep; + decode_krb5_tgs_req; + decode_krb5_ticket; + decode_krb5_typed_data; + decode_utf8_strings; + encode_krb5_ad_kdcissued; + encode_krb5_ap_rep; + encode_krb5_ap_rep_enc_part; + encode_krb5_ap_req; + encode_krb5_as_rep; + encode_krb5_as_req; + encode_krb5_authdata; + encode_krb5_authenticator; + encode_krb5_cammac; + encode_krb5_checksum; + encode_krb5_cred; + encode_krb5_enc_cred_part; + encode_krb5_enc_data; + encode_krb5_enc_kdc_rep_part; + encode_krb5_enc_priv_part; + encode_krb5_enc_sam_response_enc_2; + encode_krb5_enc_tkt_part; + encode_krb5_encryption_key; + encode_krb5_error; + encode_krb5_etype_info; + encode_krb5_etype_info2; + encode_krb5_fast_response; + encode_krb5_iakerb_finished; + encode_krb5_iakerb_header; + encode_krb5_kdc_req_body; + encode_krb5_otp_tokeninfo; + encode_krb5_kkdcp_message; + encode_krb5_pa_enc_ts; + encode_krb5_pa_for_user; + encode_krb5_pa_fx_fast_reply; + encode_krb5_pa_otp_challenge; + encode_krb5_pa_otp_req; + encode_krb5_pa_otp_enc_req; + encode_krb5_pa_pac_options; + encode_krb5_pa_s4u_x509_user; + encode_krb5_pa_spake; + encode_krb5_padata_sequence; + encode_krb5_pkinit_supp_pub_info; + encode_krb5_priv; + encode_krb5_s4u_userid; + encode_krb5_safe; + encode_krb5_sam_challenge_2; + encode_krb5_sam_challenge_2_body; + encode_krb5_sam_response_2; + encode_krb5_secure_cookie; + encode_krb5_sp80056a_other_info; + encode_krb5_spake_factor; + encode_krb5_tgs_rep; + encode_krb5_tgs_req; + encode_krb5_ticket; + encode_krb5_typed_data; + encode_utf8_strings; + et_asn1_error_table; + et_k524_error_table; + et_kdb5_error_table; + et_krb5_error_table; + et_kv5m_error_table; + initialize_asn1_error_table; + initialize_kdb5_error_table; + initialize_k5e1_error_table; + initialize_kv5m_error_table; + k5_add_empty_pa_data; + k5_add_pa_data_element; + k5_add_pa_data_from_data; + k5_alloc_pa_data; + k5_authind_decode; + k5_build_conf_principals; + k5_cc_store_primary_cred; + k5_ccselect_free_context; + k5_change_error_message_code; + k5_etypes_contains; + k5_expand_path_tokens; + k5_expand_path_tokens_extra; + k5_externalize_auth_context; + k5_externalize_authdata; + k5_externalize_authdata_context; + k5_externalize_context; + k5_externalize_keyblock; + k5_externalize_principal; + k5_free_algorithm_identifier; + k5_free_cammac; + k5_free_data_ptr_list; + k5_free_otp_tokeninfo; + k5_free_kkdcp_message; + k5_free_pa_data_element; + k5_free_pa_otp_challenge; + k5_free_pa_otp_req; + k5_free_secure_cookie; + k5_free_pa_spake; + k5_free_serverlist; + k5_free_spake_factor; + k5_hostrealm_free_context; + k5_init_trace; + k5_internalize_auth_context; + k5_internalize_authdata; + k5_internalize_authdata_context; + k5_internalize_context; + k5_internalize_keyblock; + k5_internalize_principal; + k5_is_string_numeric; + k5_kt_get_principal; + k5_kt_have_match; + k5_localauth_free_context; + k5_locate_kdc; + k5_marshal_cred; + k5_marshal_princ; + k5_os_free_context; + k5_os_init_context; + k5_parse_host_string; + k5_plugin_free_modules; + k5_plugin_load; + k5_plugin_load_all; + k5_plugin_register; + k5_plugin_register_dyn; + k5_rc_close; + k5_rc_get_name; + k5_rc_resolve; + k5_rc_store; + k5_size_auth_context; + k5_size_authdata; + k5_size_authdata_context; + k5_size_context; + k5_size_keyblock; + k5_size_principal; + k5_sname_compare; + k5_unmarshal_cred; + k5_unmarshal_princ; + k5_unwrap_cammac_svc; + k5_zapfree_pa_data; + krb524_init_ets; + krb5_425_conv_principal; + krb5_524_conv_principal; + krb5_524_convert_creds; + krb5_anonymous_principal; + krb5_anonymous_realm; + krb5_auth_con_get_checksum_func; + krb5_auth_con_get_authdata_context; + krb5_auth_con_getivector; + krb5_auth_con_getkey_k; + krb5_auth_con_getpermetypes; + krb5_auth_con_getrecvsubkey_k; + krb5_auth_con_getsendsubkey_k; + krb5_auth_con_initivector; + krb5_auth_con_set_authdata_context; + krb5_auth_con_set_checksum_func; + krb5_auth_con_set_req_cksumtype; + krb5_auth_con_set_safe_cksumtype; + krb5_auth_con_setivector; + krb5_auth_con_setpermetypes; + krb5_auth_con_setports; + krb5_auth_con_setrecvsubkey_k; + krb5_auth_con_setsendsubkey_k; + krb5_auth_con_setuseruserkey; + krb5_authdata_context_copy; + krb5_authdata_context_free; + krb5_authdata_context_init; + krb5_authdata_delete_attribute; + krb5_authdata_get_attribute_types; + krb5_authdata_get_attribute; + krb5_authdata_set_attribute; + krb5_authdata_export_attributes; + krb5_authdata_export_authdata; + krb5_authdata_export_internal; + krb5_authdata_free_internal; + krb5_authdata_import_attributes; + krb5_build_principal_alloc_va; + krb5_cc_dfl_ops; + krb5_cc_dup; + krb5_cc_file_ops; + krb5_cc_select; + krb5_cccol_have_content; + krb5_change_cache; + krb5_check_clockskew; + krb5_check_transited_list; + krb5_chpw_message; + krb5_chpw_result_code_string; + krb5_copy_addr; + krb5_copy_authdata; + krb5_copy_authenticator; + krb5_copy_error_message; + krb5_crypto_us_timeofday; + krb5_decode_authdata_container; + krb5_decode_ticket; + krb5_decrypt_tkt_part; + krb5_deltat_to_string; + krb5_encode_authdata_container; + krb5_encode_kdc_rep; + krb5_encrypt_helper; + krb5_encrypt_tkt_part; + krb5_find_authdata; + krb5_free_ad_kdcissued; + krb5_free_ap_rep; + krb5_free_ap_req; + krb5_free_authdata; + krb5_free_authenticator_contents; + krb5_free_cred; + krb5_free_cred_enc_part; + krb5_free_enc_data; + krb5_free_enc_kdc_rep_part; + krb5_free_enc_sam_response_enc_2; + krb5_free_enc_sam_response_enc_2_contents; + krb5_free_enc_tkt_part; + krb5_free_enctypes; + krb5_free_error; + krb5_free_etype_info; + krb5_free_fast_armored_req; + krb5_free_fast_req; + krb5_free_fast_response; + krb5_free_iakerb_finished; + krb5_free_iakerb_header; + krb5_free_kdc_req; + krb5_free_keytab_entry_contents; + krb5_free_last_req; + krb5_free_octet_data; + krb5_free_pa_data; + krb5_free_pa_enc_ts; + krb5_free_pa_for_user; + krb5_free_pa_pac_req; + krb5_free_pa_s4u_x509_user; + krb5_free_priv; + krb5_free_priv_enc_part; + krb5_free_realm_tree; + krb5_free_safe; + krb5_free_sam_challenge_2; + krb5_free_sam_challenge_2_body; + krb5_free_sam_challenge_2_body_contents; + krb5_free_sam_challenge_2_contents; + krb5_free_sam_response_2; + krb5_free_sam_response_2_contents; + krb5_free_string; + krb5_free_tgt_creds; + krb5_free_tickets; + krb5_free_tkt_authent; + krb5_gen_portaddr; + krb5_gen_replay_name; + krb5_get_cred_via_tkt; + krb5_get_credentials_for_proxy; + krb5_get_credentials_for_user; + krb5_get_credentials_renew; + krb5_get_credentials_validate; + krb5_get_default_in_tkt_ktypes; + krb5_get_etype_info; + krb5_get_fallback_host_realm; + krb5_get_init_creds_opt_free_pa; + krb5_get_init_creds_opt_get_fast_flags; + krb5_get_init_creds_opt_get_pa; + krb5_get_init_creds_opt_set_change_password_prompt; + krb5_get_init_creds_opt_set_expire_callback; + krb5_get_init_creds_opt_set_fast_ccache; + krb5_get_init_creds_opt_set_fast_ccache_name; + krb5_get_init_creds_opt_set_fast_flags; + krb5_get_init_creds_opt_set_in_ccache; + krb5_get_init_creds_opt_set_out_ccache; + krb5_get_init_creds_opt_set_pa; + krb5_get_init_creds_opt_set_responder; + krb5_get_notification_message; + krb5_get_profile; + krb5_get_prompt_types; + krb5_get_realm_domain; + krb5_get_tgs_ktypes; + krb5_get_time_offsets; + krb5_init_context_profile; + krb5_init_creds_get_times; + krb5_init_creds_step; + krb5_init_keyblock; + krb5_init_secure_context; + krb5_is_permitted_enctype; + krb5_is_referral_realm; + krb5_kdc_rep_decrypt_proc; + krb5_kdc_sign_ticket; + krb5_kdc_verify_ticket; + krb5_kt_client_default; + krb5_kt_dfl_ops; + krb5_kt_dup; + krb5_ktf_ops; + krb5_ktf_writable_ops; + krb5_lock_file; + krb5_make_authdata_kdc_issued; + krb5_make_full_ipaddr; + krb5_make_fulladdr; + krb5_marshal_credentials; + krb5_merge_authdata; + krb5_mk_1cred; + krb5_mk_ncred; + krb5_mk_rep_dce; + krb5_os_localaddr; + krb5_overridekeyname; + krb5_pac_sign; + krb5_pac_sign_ext; + krb5_pac_verify_ext; + krb5_pac_get_client_info; + krb5_principal2salt; + krb5_principal2salt_norealm; + krb5_principal_compare_flags; + krb5_rd_rep_dce; + krb5_rd_req_decoded; + krb5_rd_req_decoded_anyflag; + krb5_read_password; + krb5_recvauth_version; + krb5_responder_get_challenge; + krb5_responder_list_questions; + krb5_responder_set_answer; + krb5_responder_otp_get_challenge; + krb5_responder_otp_set_answer; + krb5_responder_otp_challenge_free; + krb5_responder_pkinit_get_challenge; + krb5_responder_pkinit_set_answer; + krb5_responder_pkinit_challenge_free; + krb5_ser_pack_bytes; + krb5_ser_pack_int32; + krb5_ser_pack_int64; + krb5_ser_unpack_bytes; + krb5_ser_unpack_int32; + krb5_ser_unpack_int64; + krb5_server_decrypt_ticket_keytab; + krb5_set_debugging_time; + krb5_set_default_tgs_enctypes; + krb5_set_default_tgs_ktypes; + krb5_set_principal_realm; + krb5_set_kdc_send_hook; + krb5_set_kdc_recv_hook; + krb5_set_time_offsets; + krb5_set_trace_callback; + krb5_set_trace_filename; + krb5_sname_match; + krb5_string_to_timestamp; + krb5int_tgtname; + krb5_tkt_creds_free; + krb5_tkt_creds_get; + krb5_tkt_creds_get_creds; + krb5_tkt_creds_get_times; + krb5_tkt_creds_init; + krb5_tkt_creds_step; + krb5_timestamp_to_sfstring; + krb5_timestamp_to_string; + krb5_unlock_file; + krb5_unmarshal_credentials; + krb5_unpack_full_ipaddr; + krb5_unparse_name_ext; + krb5_unparse_name_flags_ext; + krb5_use_natural_time; + krb5_verify_authdata_kdc_issued; + krb5_vwrap_error_message; + krb5_walk_realm_tree; + krb5_wrap_error_message; + krb5int_accessor; + krb5int_cc_default; + krb5int_cleanup_library; + krb5int_copy_data_contents; + krb5int_copy_data_contents_add0; + krb5int_find_pa_data; + krb5int_foreach_localaddr; + krb5int_free_data_list; + krb5int_get_authdata_containee_types; + krb5int_init_context_kdc; + krb5int_initialize_library; + krb5int_parse_enctype_list; + krb5int_random_string; + krb5int_trace; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/lib/rpc/Makefile b/krb5/lib/rpc/Makefile index 13499b184d30..3bcd7ff7d9d3 100644 --- a/krb5/lib/rpc/Makefile +++ b/krb5/lib/rpc/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= gssrpc # SHLIB_MAJOR= 4 LDFLAGS=-Wl,--no-undefined LIBADD= gssapi_krb5 krb5 k5crypto com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= auth_gss.c \ auth_gssapi.c \ diff --git a/krb5/lib/rpc/version.map b/krb5/lib/rpc/version.map new file mode 100644 index 000000000000..95ef4715572c --- /dev/null +++ b/krb5/lib/rpc/version.map @@ -0,0 +1,148 @@ +gssrpc_4_MIT { + global: + gssrpc_auth_debug_gss; + gssrpc_auth_debug_gssapi; + gssrpc_auth_gssapi_create; + gssrpc_auth_gssapi_create_default; + gssrpc_auth_gssapi_display_status; + gssrpc_auth_gssapi_seal_seq; + gssrpc_auth_gssapi_unseal_seq; + gssrpc_auth_gssapi_unwrap_data; + gssrpc_auth_gssapi_wrap_data; + gssrpc_authgss_create; + gssrpc_authgss_create_default; + gssrpc_authgss_get_private_data; + gssrpc_authgss_service; + gssrpc_authnone_create; + gssrpc_authunix_create; + gssrpc_authunix_create_default; + gssrpc_bindresvport; + gssrpc_bindresvport_sa; + gssrpc_callrpc; + gssrpc_clnt_broadcast; + gssrpc_clnt_create; + gssrpc_clnt_pcreateerror; + gssrpc_clnt_perrno; + gssrpc_clnt_perror; + gssrpc_clnt_spcreateerror; + gssrpc_clnt_sperrno; + gssrpc_clnt_sperror; + gssrpc_clntraw_create; + gssrpc_clnttcp_create; + gssrpc_clntudp_bufcreate; + gssrpc_clntudp_create; + gssrpc_get_myaddress; + gssrpc_getrpcport; + gssrpc_log_debug; + gssrpc_log_hexdump; + gssrpc_log_status; + gssrpc_misc_debug_gss; + gssrpc_misc_debug_gssapi; + gssrpc_pmap_getmaps; + gssrpc_pmap_getport; + gssrpc_pmap_rmtcall; + gssrpc_pmap_set; + gssrpc_pmap_unset; + gssrpc_registerrpc; + gssrpc_rpc_createrr; + gssrpc_svc_auth_gss_ops; + gssrpc_svc_auth_gssapi_ops; + gssrpc_svc_auth_none; + gssrpc_svc_auth_none_ops; + gssrpc_svc_debug_gss; + gssrpc_svc_debug_gssapi; + gssrpc_svc_fdset; + gssrpc_svc_fdset_init; + gssrpc_svc_getreq; + gssrpc_svc_getreqset; + gssrpc_svc_maxfd; + gssrpc_svc_register; + gssrpc_svc_run; + gssrpc_svc_sendreply; + gssrpc_svc_unregister; + gssrpc_svcauth_gss_get_principal; + gssrpc_svcauth_gss_set_log_badauth_func; + gssrpc_svcauth_gss_set_log_badauth2_func; + gssrpc_svcauth_gss_set_log_badverf_func; + gssrpc_svcauth_gss_set_log_miscerr_func; + gssrpc_svcauth_gss_set_svc_name; + gssrpc_svcauth_gssapi_set_log_badauth_func; + gssrpc_svcauth_gssapi_set_log_badauth2_func; + gssrpc_svcauth_gssapi_set_log_badverf_func; + gssrpc_svcauth_gssapi_set_log_miscerr_func; + gssrpc_svcauth_gssapi_set_names; + gssrpc_svcauth_gssapi_unset_names; + gssrpc_svcerr_auth; + gssrpc_svcerr_decode; + gssrpc_svcerr_noproc; + gssrpc_svcerr_noprog; + gssrpc_svcerr_progvers; + gssrpc_svcerr_systemerr; + gssrpc_svcerr_weakauth; + gssrpc_svcfd_create; + gssrpc_svcraw_create; + gssrpc_svctcp_create; + gssrpc_svcudp_bufcreate; + gssrpc_svcudp_create; + gssrpc_svcudp_enablecache; + gssrpc_xdr_accepted_reply; + gssrpc_xdr_array; + gssrpc_xdr_authgssapi_creds; + gssrpc_xdr_authgssapi_init_arg; + gssrpc_xdr_authgssapi_init_res; + gssrpc_xdr_authunix_parms; + gssrpc_xdr_bool; + gssrpc_xdr_bytes; + gssrpc_xdr_callhdr; + gssrpc_xdr_callmsg; + gssrpc_xdr_char; + gssrpc_xdr_des_block; + gssrpc_xdr_enum; + gssrpc_xdr_free; + gssrpc_xdr_gss_buf; + gssrpc_xdr_int; + gssrpc_xdr_int32; + gssrpc_xdr_long; + gssrpc_xdr_netobj; + gssrpc_xdr_opaque; + gssrpc_xdr_opaque_auth; + gssrpc_xdr_pmap; + gssrpc_xdr_pmaplist; + gssrpc_xdr_pointer; + gssrpc_xdr_reference; + gssrpc_xdr_rejected_reply; + gssrpc_xdr_replymsg; + gssrpc_xdr_rmtcall_args; + gssrpc_xdr_rmtcallres; + gssrpc_xdr_rpc_gss_buf; + gssrpc_xdr_rpc_gss_cred; + gssrpc_xdr_rpc_gss_data; + gssrpc_xdr_rpc_gss_init_args; + gssrpc_xdr_rpc_gss_init_res; + gssrpc_xdr_rpc_gss_unwrap_data; + gssrpc_xdr_rpc_gss_wrap_data; + gssrpc_xdr_short; + gssrpc_xdr_sizeof; + gssrpc_xdr_string; + gssrpc_xdr_u_char; + gssrpc_xdr_u_int; + gssrpc_xdr_u_int32; + gssrpc_xdr_u_long; + gssrpc_xdr_u_short; + gssrpc_xdr_union; + gssrpc_xdr_vector; + gssrpc_xdr_void; + gssrpc_xdr_wrapstring; + gssrpc_xdralloc_create; + gssrpc_xdralloc_getdata; + gssrpc_xdralloc_release; + gssrpc_xdrmem_create; + gssrpc_xdrrec_create; + gssrpc_xdrrec_endofrecord; + gssrpc_xdrrec_eof; + gssrpc_xdrrec_skiprecord; + gssrpc_xdrstdio_create; + gssrpc_xprt_register; + gssrpc_xprt_unregister; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/libexec/Makefile.inc b/krb5/libexec/Makefile.inc index bcc6d4b1c21e..6ce709d08304 100644 --- a/krb5/libexec/Makefile.inc +++ b/krb5/libexec/Makefile.inc @@ -9,4 +9,5 @@ .include "../Makefile.inc" +PACKAGE?= kerberos-kdc BINDIR?= /usr/libexec diff --git a/krb5/libexec/kadmind/Makefile b/krb5/libexec/kadmind/Makefile index bb572a32445f..a845851f708e 100644 --- a/krb5/libexec/kadmind/Makefile +++ b/krb5/libexec/kadmind/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include "../Makefile.inc" PROG= kadmind diff --git a/krb5/libexec/kdc/Makefile b/krb5/libexec/kdc/Makefile index a990666d9338..ac5ada19eb37 100644 --- a/krb5/libexec/kdc/Makefile +++ b/krb5/libexec/kdc/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include "../Makefile.inc" PROG= krb5kdc diff --git a/krb5/libexec/kprop/Makefile b/krb5/libexec/kprop/Makefile index 74a56232f6bb..1294d9014ee4 100644 --- a/krb5/libexec/kprop/Makefile +++ b/krb5/libexec/kprop/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include "../Makefile.inc" PROG= kprop diff --git a/krb5/libexec/kpropd/Makefile b/krb5/libexec/kpropd/Makefile index 2fb2bfdff228..e7ffe5a26016 100644 --- a/krb5/libexec/kpropd/Makefile +++ b/krb5/libexec/kpropd/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kpropd LIBADD= kprop_util kdb5 kadm5clnt_mit gssrpc gssapi_krb5 krb5 k5crypto \ diff --git a/krb5/libexec/kproplog/Makefile b/krb5/libexec/kproplog/Makefile index 533b6fdaa5c2..81405260a06e 100644 --- a/krb5/libexec/kproplog/Makefile +++ b/krb5/libexec/kproplog/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kproplog LIBADD= kadm5srv_mit kdb5 gssrpc gssapi_krb5 krb5 k5crypto com_err \ krb5support sys diff --git a/krb5/plugins/Makefile.inc b/krb5/plugins/Makefile.inc index 846770a801e0..e888f79acd49 100644 --- a/krb5/plugins/Makefile.inc +++ b/krb5/plugins/Makefile.inc @@ -7,6 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # +PACKAGE?= kerberos-kdc MK_INSTALLLIB= no SHLIB_NAME?= ${LIB}.so.${SHLIB_MAJOR} PLUGINSDIR= ${LIBDIR_BASE}/krb5/plugins diff --git a/krb5/plugins/audit/Makefile b/krb5/plugins/audit/Makefile index 507cde261300..f85e5d1a81a5 100644 --- a/krb5/plugins/audit/Makefile +++ b/krb5/plugins/audit/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -16,6 +14,7 @@ PACKAGE= krb5 LIB= kdc_j_encode LIBDIR= ${PLUGINSDIR}/audit LDFLAGS=-Wl,--no-undefined +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/audit diff --git a/krb5/plugins/audit/version.map b/krb5/plugins/audit/version.map new file mode 100644 index 000000000000..599442dcd8ab --- /dev/null +++ b/krb5/plugins/audit/version.map @@ -0,0 +1,11 @@ +audit_121_MIT { + global: + kau_j_kdc_stop; + kau_j_kdc_start; + kau_j_as_req; + kau_j_tgs_req; + kau_j_tgs_s4u2self; + kau_j_tgs_s4u2proxy; + kau_j_tgs_u2u; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/plugins/k5tls/Makefile b/krb5/plugins/k5tls/Makefile index 8af5efb06b80..30738a70e71d 100644 --- a/krb5/plugins/k5tls/Makefile +++ b/krb5/plugins/k5tls/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -18,6 +16,7 @@ SHLIBDIR= ${LIBDIR} LIB= k5tls LDFLAGS=-Wl,--no-undefined LIBADD= krb5 krb5profile krb5support ssl crypto k5crypto com_err sys +VERSION_MAP= ${.CURDIR}/version.map SRCS= notls.c \ openssl.c diff --git a/krb5/plugins/k5tls/version.map b/krb5/plugins/k5tls/version.map new file mode 100644 index 000000000000..d8602cb1559a --- /dev/null +++ b/krb5/plugins/k5tls/version.map @@ -0,0 +1,5 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +k5tls_0_MIT { + global: + tls_k5tls_initvt; +}; diff --git a/krb5/plugins/kdb/db2/Makefile b/krb5/plugins/kdb/db2/Makefile index 7526283f37be..e9429bc03de1 100644 --- a/krb5/plugins/kdb/db2/Makefile +++ b/krb5/plugins/kdb/db2/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -18,6 +16,7 @@ SHLIBDIR= ${LIBDIR} LIB= db2 LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 com_err k5crypto kadm5srv_mit kdb5 gssrpc gssapi_krb5 krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= \ adb_openclose.c \ diff --git a/krb5/plugins/kdb/db2/version.map b/krb5/plugins/kdb/db2/version.map new file mode 100644 index 000000000000..6c7362e3e06b --- /dev/null +++ b/krb5/plugins/kdb/db2/version.map @@ -0,0 +1,5 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +db2_0_MIT { + global: + kdb_function_table; +}; diff --git a/krb5/plugins/preauth/Makefile.inc b/krb5/plugins/preauth/Makefile.inc index aecd360f50e7..8a713e4d0856 100644 --- a/krb5/plugins/preauth/Makefile.inc +++ b/krb5/plugins/preauth/Makefile.inc @@ -7,6 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # +PACKAGE?= kerberos-kdc LIBDIR= ${PLUGINSDIR}/preauth SHLIBDIR= ${LIBDIR} diff --git a/krb5/plugins/preauth/otp/Makefile b/krb5/plugins/preauth/otp/Makefile index 9222f9785a80..48fc35db0727 100644 --- a/krb5/plugins/preauth/otp/Makefile +++ b/krb5/plugins/preauth/otp/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= otp LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krad verto krb5 k5crypto com_err krb5support m +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/otp diff --git a/krb5/plugins/preauth/otp/version.map b/krb5/plugins/preauth/otp/version.map new file mode 100644 index 000000000000..f2d914551789 --- /dev/null +++ b/krb5/plugins/preauth/otp/version.map @@ -0,0 +1,5 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +otp_0_MIT { + global: + kdcpreauth_otp_initvt; +}; diff --git a/krb5/plugins/preauth/pkinit/Makefile b/krb5/plugins/preauth/pkinit/Makefile index f2a76d1e33da..7d227aca5420 100644 --- a/krb5/plugins/preauth/pkinit/Makefile +++ b/krb5/plugins/preauth/pkinit/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= pkinit LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 com_err k5crypto crypto krb5support +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/pkinit diff --git a/krb5/plugins/preauth/pkinit/version.map b/krb5/plugins/preauth/pkinit/version.map new file mode 100644 index 000000000000..c4498e8f473a --- /dev/null +++ b/krb5/plugins/preauth/pkinit/version.map @@ -0,0 +1,6 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +pkinit_0_MIT { + global: + clpreauth_pkinit_initvt; + kdcpreauth_pkinit_initvt; +}; diff --git a/krb5/plugins/preauth/spake/Makefile b/krb5/plugins/preauth/spake/Makefile index a5d9179f8adc..3aa375cb5100 100644 --- a/krb5/plugins/preauth/spake/Makefile +++ b/krb5/plugins/preauth/spake/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= spake LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5profile krb5 k5crypto com_err krb5support crypto sys +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/spake diff --git a/krb5/plugins/preauth/spake/version.map b/krb5/plugins/preauth/spake/version.map new file mode 100644 index 000000000000..d29c0e05083d --- /dev/null +++ b/krb5/plugins/preauth/spake/version.map @@ -0,0 +1,6 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +spake_0_MIT { + global: + clpreauth_spake_initvt; + kdcpreauth_spake_initvt; +}; diff --git a/krb5/plugins/preauth/test/Makefile b/krb5/plugins/preauth/test/Makefile index 71b7200b2039..99f632c0cb17 100644 --- a/krb5/plugins/preauth/test/Makefile +++ b/krb5/plugins/preauth/test/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - .include <src.opts.mk> .include "../Makefile.inc" @@ -17,6 +15,7 @@ LIB= test LIBDIR= ${PLUGINSDIR}/preauth LDFLAGS=-Wl,--no-undefined LIBADD= krb5 k5crypto com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/plugins/preauth/test diff --git a/krb5/plugins/preauth/test/version.map b/krb5/plugins/preauth/test/version.map new file mode 100644 index 000000000000..d6d445ad5bf8 --- /dev/null +++ b/krb5/plugins/preauth/test/version.map @@ -0,0 +1,6 @@ +HIDDEN { local: __*; _rest*; _save*; *; }; +test_0_MIT { + global: + clpreauth_test_initvt; + kdcpreauth_test_initvt; +}; diff --git a/krb5/usr.bin/Makefile.inc b/krb5/usr.bin/Makefile.inc index ea8e5ee805bb..f27bd78cd54c 100644 --- a/krb5/usr.bin/Makefile.inc +++ b/krb5/usr.bin/Makefile.inc @@ -9,4 +9,5 @@ .include "../Makefile.inc" +PACKAGE?= kerberos BINDIR?= /usr/bin diff --git a/krb5/usr.bin/gss-client/Makefile b/krb5/usr.bin/gss-client/Makefile index f2b5285ac3bb..acd67f9c17c6 100644 --- a/krb5/usr.bin/gss-client/Makefile +++ b/krb5/usr.bin/gss-client/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= gss-client LIBADD= gssapi_krb5 krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/kadmin/Makefile b/krb5/usr.bin/kadmin/Makefile index 95fcea307827..36b7378dee11 100644 --- a/krb5/usr.bin/kadmin/Makefile +++ b/krb5/usr.bin/kadmin/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kadmin LIBADD= kadmin_common edit kadm5clnt_mit gssrpc gssapi_krb5 krb5 k5crypto \ diff --git a/krb5/usr.bin/kdestroy/Makefile b/krb5/usr.bin/kdestroy/Makefile index 4ec2ef4a1392..e3f493ffdc60 100644 --- a/krb5/usr.bin/kdestroy/Makefile +++ b/krb5/usr.bin/kdestroy/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kdestroy LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/kinit/Makefile b/krb5/usr.bin/kinit/Makefile index 8aff9af3687b..3d1285137f85 100644 --- a/krb5/usr.bin/kinit/Makefile +++ b/krb5/usr.bin/kinit/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kinit LIBADD= kadm5srv_mit kdb5 gssrpc gssapi_krb5 krb5 k5crypto com_err \ diff --git a/krb5/usr.bin/klist/Makefile b/krb5/usr.bin/klist/Makefile index a5d6cecbaddb..3094a3b69d4b 100644 --- a/krb5/usr.bin/klist/Makefile +++ b/krb5/usr.bin/klist/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= klist LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/kpasswd/Makefile b/krb5/usr.bin/kpasswd/Makefile index 431cf239928e..e4d7d1e8ab84 100644 --- a/krb5/usr.bin/kpasswd/Makefile +++ b/krb5/usr.bin/kpasswd/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kpasswd LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/ksu/Makefile b/krb5/usr.bin/ksu/Makefile index 4ddfa8096773..37a4c166aec6 100644 --- a/krb5/usr.bin/ksu/Makefile +++ b/krb5/usr.bin/ksu/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= ksu .if defined(ENABLE_SUID_K5SU) BINMODE=4555 diff --git a/krb5/usr.bin/kswitch/Makefile b/krb5/usr.bin/kswitch/Makefile index 1e9853012ae5..10298f34a9d4 100644 --- a/krb5/usr.bin/kswitch/Makefile +++ b/krb5/usr.bin/kswitch/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kswitch LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/ktutil/Makefile b/krb5/usr.bin/ktutil/Makefile index abe02965de4d..6bcb4877ed6f 100644 --- a/krb5/usr.bin/ktutil/Makefile +++ b/krb5/usr.bin/ktutil/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= ktutil LIBADD= edit krb5 k5crypto com_err krb5profile krb5support krb5ss tinfow sys diff --git a/krb5/usr.bin/kvno/Makefile b/krb5/usr.bin/kvno/Makefile index 203839624414..0a43765e53f4 100644 --- a/krb5/usr.bin/kvno/Makefile +++ b/krb5/usr.bin/kvno/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= kvno LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/sclient/Makefile b/krb5/usr.bin/sclient/Makefile index f27dad42fa08..8a3cc38fe3b6 100644 --- a/krb5/usr.bin/sclient/Makefile +++ b/krb5/usr.bin/sclient/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= sclient LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.bin/sim_client/Makefile b/krb5/usr.bin/sim_client/Makefile index ecdf9ac8885e..3e5ea72407bc 100644 --- a/krb5/usr.bin/sim_client/Makefile +++ b/krb5/usr.bin/sim_client/Makefile @@ -7,8 +7,6 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 - PROG= sim_client LIBADD= krb5 k5crypto com_err krb5profile krb5support sys diff --git a/krb5/usr.sbin/gss-server/Makefile b/krb5/usr.sbin/gss-server/Makefile index 9e80b466d427..c42740045ac4 100644 --- a/krb5/usr.sbin/gss-server/Makefile +++ b/krb5/usr.sbin/gss-server/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos PROG= gss-server diff --git a/krb5/usr.sbin/kadmin.local/Makefile b/krb5/usr.sbin/kadmin.local/Makefile index 7e89d0953683..4b99f490bd7b 100644 --- a/krb5/usr.sbin/kadmin.local/Makefile +++ b/krb5/usr.sbin/kadmin.local/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-kdc PROG= kadmin.local diff --git a/krb5/usr.sbin/kdb5_util/Makefile b/krb5/usr.sbin/kdb5_util/Makefile index 6a7b66dc205c..5b3d3ecc3410 100644 --- a/krb5/usr.sbin/kdb5_util/Makefile +++ b/krb5/usr.sbin/kdb5_util/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-kdc PROG= kdb5_util diff --git a/krb5/usr.sbin/sim_server/Makefile b/krb5/usr.sbin/sim_server/Makefile index 793a6ad421b1..adaf8d1f087f 100644 --- a/krb5/usr.sbin/sim_server/Makefile +++ b/krb5/usr.sbin/sim_server/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos PROG= sim_server diff --git a/krb5/usr.sbin/sserver/Makefile b/krb5/usr.sbin/sserver/Makefile index 3b205b490a5f..e4e85b28157e 100644 --- a/krb5/usr.sbin/sserver/Makefile +++ b/krb5/usr.sbin/sserver/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos PROG= sserver diff --git a/krb5/util/build-tools/Makefile b/krb5/util/build-tools/Makefile index c33d47f70c8f..1a6a373f0e7f 100644 --- a/krb5/util/build-tools/Makefile +++ b/krb5/util/build-tools/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-lib .include "../Makefile.inc" diff --git a/krb5/util/compile_et/Makefile b/krb5/util/compile_et/Makefile index 57eb2f614802..03446f2d7d1c 100644 --- a/krb5/util/compile_et/Makefile +++ b/krb5/util/compile_et/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos .include "../Makefile.inc" diff --git a/krb5/util/et/Makefile b/krb5/util/et/Makefile index 4457cd199801..5d0c2a3e3ca5 100644 --- a/krb5/util/et/Makefile +++ b/krb5/util/et/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5-lib +PACKAGE= kerberos-lib .include <src.opts.mk> @@ -18,6 +18,7 @@ LIB= com_err LDFLAGS=-Wl,--no-undefined INCSDIR=${INCLUDEDIR} LIBADD= krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= com_err.c \ diff --git a/krb5/util/et/version.map b/krb5/util/et/version.map new file mode 100644 index 000000000000..3bd290009f22 --- /dev/null +++ b/krb5/util/et/version.map @@ -0,0 +1,17 @@ +HEIMDAL_COM_ERR_1.0 { + global: + com_err; + com_err_va; + error_message; + error_table_name; + reset_com_err_hook; + set_com_err_hook; +}; + +com_err_3_MIT { + global: + add_error_table; + error_table_name_r; + remove_error_table; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/util/profile/Makefile b/krb5/util/profile/Makefile index 24e06e8c5024..a921e29150bb 100644 --- a/krb5/util/profile/Makefile +++ b/krb5/util/profile/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-lib .include <src.opts.mk> @@ -15,6 +15,7 @@ PACKAGE= krb5 LIB= krb5profile LIBADD= com_err krb5support +VERSION_MAP= ${.CURDIR}/version.map SRCS= prof_file.c \ prof_get.c \ diff --git a/krb5/util/profile/version.map b/krb5/util/profile/version.map new file mode 100644 index 000000000000..31960193977b --- /dev/null +++ b/krb5/util/profile/version.map @@ -0,0 +1,74 @@ +profile_1_MIT { + global: + et_prof_error_table; + initialize_prof_error_table; + profile_abandon; + profile_add_node; + profile_add_relation; + profile_clear_relation; + profile_close_file; + profile_copy; + profile_create_node; + profile_dereference_data; + profile_dereference_data_locked; + profile_file_is_writable; + profile_find_node; + profile_find_node_relation; + profile_find_node_subsection; + profile_flush; + profile_flush_file_data; + profile_flush_file_data_to_buffer; + profile_flush_file_data_to_file; + profile_flush_to_buffer; + profile_flush_to_file; + profile_free_buffer; + profile_free_file; + profile_free_list; + profile_free_node; + profile_get_boolean; + profile_get_integer; + profile_get_node_name; + profile_get_node_parent; + profile_get_node_value; + profile_get_relation_names; + profile_get_string; + profile_get_subsection_names; + profile_get_value; + profile_get_values; + profile_init; + profile_init_flags; + profile_init_path; + profile_init_vtable; + profile_is_modified; + profile_is_node_final; + profile_is_writable; + profile_iterator; + profile_iterator_create; + profile_iterator_free; + profile_lock_global; + profile_make_node_final; + profile_make_prf_data; + profile_node_iterator; + profile_node_iterator_create; + profile_node_iterator_free; + profile_open_file; + profile_parse_file; + profile_process_directory; + profile_release; + profile_release_string; + profile_remove_node; + profile_rename_node; + profile_rename_section; + profile_ser_externalize; + profile_ser_internalize; + profile_ser_size; + profile_set_relation_value; + profile_unlock_global; + profile_update_file_data; + profile_update_file_data_locked; + profile_update_relation; + profile_verify_node; + profile_write_tree_file; + profile_write_tree_to_buffer; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/util/ss/Makefile b/krb5/util/ss/Makefile index 600d125a7853..e7e025184284 100644 --- a/krb5/util/ss/Makefile +++ b/krb5/util/ss/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-lib .include <src.opts.mk> diff --git a/krb5/util/support/Makefile b/krb5/util/support/Makefile index 9ba1b8169d8e..bba65bcd89c1 100644 --- a/krb5/util/support/Makefile +++ b/krb5/util/support/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5-lib +PACKAGE= kerberos-lib .include <src.opts.mk> @@ -16,6 +16,7 @@ PACKAGE= krb5-lib LIB= krb5support # SHLIB_MAJOR= 0 LDFLAGS=-Wl,--no-undefined +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/util/support diff --git a/krb5/util/support/version.map b/krb5/util/support/version.map new file mode 100644 index 000000000000..cc48ec6a4c8e --- /dev/null +++ b/krb5/util/support/version.map @@ -0,0 +1,103 @@ +krb5support_0_MIT { + global: + k5_base64_decode; + k5_base64_encode; + k5_bcmp; + k5_buf_init_fixed; + k5_buf_init_dynamic; + k5_buf_init_dynamic_zap; + k5_buf_add; + k5_buf_add_len; + k5_buf_add_fmt; + k5_buf_add_vfmt; + k5_buf_cstring; + k5_buf_get_space; + k5_buf_truncate; + k5_buf_status; + k5_buf_free; + k5_set_error; + k5_vset_error; + k5_get_error; + k5_free_error; + k5_clear_error; + k5_set_error_info_callout_fn; + k5_hashtab_add; + k5_hashtab_create; + k5_hashtab_free; + k5_hashtab_get; + k5_hashtab_remove; + k5_hex_decode; + k5_hex_encode; + k5_json_array_add; + k5_json_array_create; + k5_json_array_fmt; + k5_json_array_get; + k5_json_array_length; + k5_json_array_set; + k5_json_bool_create; + k5_json_bool_value; + k5_json_decode; + k5_json_encode; + k5_json_get_tid; + k5_json_null_create; + k5_json_null_create_val; + k5_json_number_create; + k5_json_number_value; + k5_json_object_count; + k5_json_object_create; + k5_json_object_get; + k5_json_object_iterate; + k5_json_object_set; + k5_json_release; + k5_json_retain; + k5_json_string_create; + k5_json_string_create_base64; + k5_json_string_create_len; + k5_json_string_unbase64; + k5_json_string_utf8; + k5_os_mutex_init; + k5_os_mutex_destroy; + k5_os_mutex_lock; + k5_os_mutex_unlock; + k5_once; + k5_path_isabs; + k5_path_join; + k5_path_split; + k5_siphash24; + k5_strerror_r; + k5_utf8_to_utf16le; + k5_utf16le_to_utf8; + k5_dir_filenames; + k5_free_filenames; + krb5int_key_register; + krb5int_key_delete; + krb5int_getspecific; + krb5int_setspecific; + krb5int_getaddrinfo; + krb5int_freeaddrinfo; + krb5int_gai_strerror; + krb5int_getnameinfo; + krb5int_in6addr_any; + krb5int_pthread_loaded; + krb5int_open_plugin; + krb5int_close_plugin; + krb5int_get_plugin_data; + krb5int_get_plugin_func; + krb5int_open_plugin_dirs; + krb5int_close_plugin_dirs; + krb5int_get_plugin_dir_data; + krb5int_get_plugin_dir_func; + krb5int_free_plugin_dir_data; + krb5int_free_plugin_dir_func; + krb5int_mutex_alloc; + krb5int_mutex_free; + krb5int_mutex_lock; + krb5int_mutex_unlock; + krb5int_gmt_mktime; + krb5int_ucs4_to_utf8; + krb5int_utf8_to_ucs4; + krb5int_utf8_lentab; + krb5int_utf8_mintab; + krb5int_zap; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/krb5/util/verto/Makefile b/krb5/util/verto/Makefile index 57367e5284e0..8f02d5f897f4 100644 --- a/krb5/util/verto/Makefile +++ b/krb5/util/verto/Makefile @@ -7,7 +7,7 @@ # under sponsorship from the FreeBSD Foundation. # -PACKAGE= krb5 +PACKAGE= kerberos-lib .include <src.opts.mk> @@ -15,6 +15,7 @@ PACKAGE= krb5 LIB= verto # SHLIB_MAJOR= 0 +VERSION_MAP= ${.CURDIR}/version.map .PATH: ${KRB5_DIR}/util/verto diff --git a/krb5/util/verto/libverto.exports b/krb5/util/verto/libverto.exports new file mode 100644 index 000000000000..3745d5014653 --- /dev/null +++ b/krb5/util/verto/libverto.exports @@ -0,0 +1,33 @@ +verto_add_child +verto_add_idle +verto_add_io +verto_add_signal +verto_add_timeout +verto_break +verto_cleanup +verto_convert_module +verto_default +verto_del +verto_fire +verto_free +verto_get_ctx +verto_get_fd +verto_get_fd_state +verto_get_flags +verto_get_interval +verto_get_private +verto_get_proc +verto_get_proc_status +verto_get_signal +verto_get_supported_types +verto_get_type +verto_new +verto_reinitialize +verto_run +verto_run_once +verto_set_allocator +verto_set_default +verto_set_fd_state +verto_set_flags +verto_set_private +verto_set_proc_status diff --git a/krb5/util/verto/version.map b/krb5/util/verto/version.map new file mode 100644 index 000000000000..ea3b7dcc13b2 --- /dev/null +++ b/krb5/util/verto/version.map @@ -0,0 +1,37 @@ +verto_0_MIT { + global: + verto_add_child; + verto_add_idle; + verto_add_io; + verto_add_signal; + verto_add_timeout; + verto_break; + verto_cleanup; + verto_convert_module; + verto_default; + verto_del; + verto_fire; + verto_free; + verto_get_ctx; + verto_get_fd; + verto_get_fd_state; + verto_get_flags; + verto_get_interval; + verto_get_private; + verto_get_proc; + verto_get_proc_status; + verto_get_signal; + verto_get_supported_types; + verto_get_type; + verto_new; + verto_reinitialize; + verto_run; + verto_run_once; + verto_set_allocator; + verto_set_default; + verto_set_fd_state; + verto_set_flags; + verto_set_private; + verto_set_proc_status; +}; +HIDDEN { local: __*; _rest*; _save*; *; }; diff --git a/lib/libc/net/gethostbydns.c b/lib/libc/net/gethostbydns.c index b29fa1cdd845..216fc9bcf9a4 100644 --- a/lib/libc/net/gethostbydns.c +++ b/lib/libc/net/gethostbydns.c @@ -74,8 +74,10 @@ #define SPRINTF(x) ((size_t)sprintf x) +#ifdef DEBUG static const char AskedForGot[] = "gethostby*.gethostanswer: asked for \"%s\", got \"%s\""; +#endif #ifdef RESOLVSORT static void addrsort(char **, int, res_state); @@ -299,8 +301,10 @@ gethostanswer(const querybuf *answer, int anslen, const char *qname, int qtype, switch (type) { case T_PTR: if (strcasecmp(tname, bp) != 0) { +#ifdef DEBUG syslog(LOG_NOTICE|LOG_AUTH, AskedForGot, qname, bp); +#endif cp += n; continue; /* XXX - had_error++ ? */ } @@ -347,8 +351,10 @@ gethostanswer(const querybuf *answer, int anslen, const char *qname, int qtype, case T_A: case T_AAAA: if (strcasecmp(he->h_name, bp) != 0) { +#ifdef DEBUG syslog(LOG_NOTICE|LOG_AUTH, AskedForGot, he->h_name, bp); +#endif cp += n; continue; /* XXX - had_error++ ? */ } diff --git a/lib/libc/net/res_config.h b/lib/libc/net/res_config.h index f049d6817b7a..39a1b5f1486f 100644 --- a/lib/libc/net/res_config.h +++ b/lib/libc/net/res_config.h @@ -1,5 +1,5 @@ -#define DEBUG 1 /* enable debugging code (needed for dig) */ +//#define DEBUG /* enable debugging code */ #define RESOLVSORT /* allow sorting of addresses in gethostbyname */ -#undef SUNSECURITY /* verify gethostbyaddr() calls - WE DON'T NEED IT */ +//#define SUNSECURITY /* verify gethostbyaddr() calls */ #define MULTI_PTRS_ARE_ALIASES 1 /* fold multiple PTR records into aliases */ diff --git a/lib/libc/resolv/res_debug.h b/lib/libc/resolv/res_debug.h index dd048116fb49..ccae03e625aa 100644 --- a/lib/libc/resolv/res_debug.h +++ b/lib/libc/resolv/res_debug.h @@ -23,7 +23,7 @@ #ifndef DEBUG # define Dprint(cond, args) /*empty*/ # define DprintQ(cond, args, query, size) /*empty*/ -# define Aerror(statp, file, string, error, address) /*empty*/ +# define Aerror(statp, file, string, error, address, alen) /*empty*/ # define Perror(statp, file, string, error) /*empty*/ #else # define Dprint(cond, args) if (cond) {fprintf args;} else {} diff --git a/lib/libc/resolv/res_init.c b/lib/libc/resolv/res_init.c index 70d6bc6d3bf2..71ab2dcb7038 100644 --- a/lib/libc/resolv/res_init.c +++ b/lib/libc/resolv/res_init.c @@ -108,12 +108,6 @@ #include "res_private.h" -/*% Options. Should all be left alone. */ -#define RESOLVSORT -#ifndef DEBUG -#define DEBUG -#endif - #ifdef SOLARIS2 #include <sys/systeminfo.h> #endif diff --git a/lib/libc/resolv/res_mkquery.c b/lib/libc/resolv/res_mkquery.c index 0c15def5d117..f6767a92375c 100644 --- a/lib/libc/resolv/res_mkquery.c +++ b/lib/libc/resolv/res_mkquery.c @@ -76,11 +76,6 @@ #include <string.h> #include "port_after.h" -/* Options. Leave them on. */ -#ifndef DEBUG -#define DEBUG -#endif - extern const char *_res_opcodes[]; /*% diff --git a/lib/libc/resolv/res_mkupdate.c b/lib/libc/resolv/res_mkupdate.c index e5a3cb702cda..3f595dc4ec08 100644 --- a/lib/libc/resolv/res_mkupdate.c +++ b/lib/libc/resolv/res_mkupdate.c @@ -48,10 +48,6 @@ #include "port_after.h" -/* Options. Leave them on. */ -#ifndef DEBUG -#define DEBUG -#endif #define MAXPORT 1024 static int getnum_str(u_char **, u_char *); diff --git a/lib/libc/resolv/res_query.c b/lib/libc/resolv/res_query.c index e9c628ad8d47..f26d59e522b4 100644 --- a/lib/libc/resolv/res_query.c +++ b/lib/libc/resolv/res_query.c @@ -81,11 +81,6 @@ #include <unistd.h> #include "port_after.h" -/* Options. Leave them on. */ -#ifndef DEBUG -#define DEBUG -#endif - #if PACKETSZ > 1024 #define MAXPACKET PACKETSZ #else diff --git a/lib/libc/resolv/res_send.c b/lib/libc/resolv/res_send.c index 3fb627b83d55..08c3aed7f934 100644 --- a/lib/libc/resolv/res_send.c +++ b/lib/libc/resolv/res_send.c @@ -112,10 +112,6 @@ #include "un-namespace.h" -/* Options. Leave them on. */ -#ifndef DEBUG -#define DEBUG -#endif #include "res_debug.h" #include "res_private.h" @@ -138,15 +134,12 @@ static int send_dg(res_state, const u_char *, int, u_char *, int, int *, int, int, int *, int *); +#ifdef DEBUG static void Aerror(const res_state, FILE *, const char *, int, const struct sockaddr *, int); static void Perror(const res_state, FILE *, const char *, int); -static int sock_eq(struct sockaddr *, struct sockaddr *); -#if defined(NEED_PSELECT) && !defined(USE_POLL) && !defined(USE_KQUEUE) -static int pselect(int, void *, void *, void *, - struct timespec *, - const sigset_t *); #endif +static int sock_eq(struct sockaddr *, struct sockaddr *); void res_pquery(const res_state, const u_char *, int, FILE *); static const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; @@ -302,7 +295,9 @@ res_nsend(res_state statp, #ifdef USE_KQUEUE int kq; #endif +#ifdef DEBUG char abuf[NI_MAXHOST]; +#endif /* No name servers or res_init() failure */ if (statp->nscount == 0 || EXT(statp).ext == NULL) { @@ -418,10 +413,10 @@ res_nsend(res_state statp, */ for (tries = 0; tries < statp->retry; tries++) { for (ns = 0; ns < statp->nscount; ns++) { - struct sockaddr *nsap; - int nsaplen; - nsap = get_nsaddr(statp, ns); - nsaplen = get_salen(nsap); + struct sockaddr *nsap = get_nsaddr(statp, ns); +#ifdef DEBUG + int nsaplen = get_salen(nsap); +#endif statp->_flags &= ~RES_F_LASTMASK; statp->_flags |= (ns << RES_F_LASTSHIFT); same_ns: @@ -1088,6 +1083,7 @@ send_dg(res_state statp, return (resplen); } +#ifdef DEBUG static void Aerror(const res_state statp, FILE *file, const char *string, int error, const struct sockaddr *address, int alen) @@ -1119,6 +1115,7 @@ Perror(const res_state statp, FILE *file, const char *string, int error) { string, strerror(error)); errno = save; } +#endif static int sock_eq(struct sockaddr *a, struct sockaddr *b) { @@ -1145,29 +1142,3 @@ sock_eq(struct sockaddr *a, struct sockaddr *b) { return 0; } } - -#if defined(NEED_PSELECT) && !defined(USE_POLL) && !defined(USE_KQUEUE) -/* XXX needs to move to the porting library. */ -static int -pselect(int nfds, void *rfds, void *wfds, void *efds, - struct timespec *tsp, const sigset_t *sigmask) -{ - struct timeval tv, *tvp; - sigset_t sigs; - int n; - - if (tsp) { - tvp = &tv; - tv = evTimeVal(*tsp); - } else - tvp = NULL; - if (sigmask) - sigprocmask(SIG_SETMASK, sigmask, &sigs); - n = select(nfds, rfds, wfds, efds, tvp); - if (sigmask) - sigprocmask(SIG_SETMASK, &sigs, NULL); - if (tsp) - *tsp = evTimeSpec(tv); - return (n); -} -#endif diff --git a/lib/libc/string/memchr.3 b/lib/libc/string/memchr.3 index f5d1fe5d5c7f..65617a117371 100644 --- a/lib/libc/string/memchr.3 +++ b/lib/libc/string/memchr.3 @@ -52,7 +52,10 @@ locates the first occurrence of (converted to an .Vt "unsigned char" ) in string -.Fa b . +.Fa b , +limited to at most +.Fa len +characters. .Pp The .Fn memrchr @@ -61,15 +64,18 @@ function behaves like except that it locates the last occurrence of .Fa c in string -.Fa b . +.Fa b , +limited to the first +.Fa len +characters. .Sh RETURN VALUES The .Fn memchr and .Fn memrchr -functions -return a pointer to the byte located, -or NULL if no such byte exists within +functions return a pointer to the byte located, or +.Dv NULL +if no such byte exists within .Fa len bytes. .Sh SEE ALSO diff --git a/lib/libcasper/services/cap_net/tests/net_test.c b/lib/libcasper/services/cap_net/tests/net_test.c index e1045341fe47..adf5773233c8 100644 --- a/lib/libcasper/services/cap_net/tests/net_test.c +++ b/lib/libcasper/services/cap_net/tests/net_test.c @@ -331,7 +331,11 @@ test_extend_mode(cap_channel_t *capnet, int current) } } -ATF_TC_WITHOUT_HEAD(capnet__getnameinfo); +ATF_TC(capnet__getnameinfo); +ATF_TC_HEAD(capnet__getnameinfo, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__getnameinfo, tc) { cap_channel_t *capnet; @@ -344,7 +348,11 @@ ATF_TC_BODY(capnet__getnameinfo, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__connect); +ATF_TC(capnet__connect); +ATF_TC_HEAD(capnet__connect, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__connect, tc) { cap_channel_t *capnet; @@ -356,7 +364,11 @@ ATF_TC_BODY(capnet__connect, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__bind); +ATF_TC(capnet__bind); +ATF_TC_HEAD(capnet__bind, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__bind, tc) { cap_channel_t *capnet; @@ -368,7 +380,11 @@ ATF_TC_BODY(capnet__bind, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__getaddrinfo); +ATF_TC(capnet__getaddrinfo); +ATF_TC_HEAD(capnet__getaddrinfo, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__getaddrinfo, tc) { cap_channel_t *capnet; @@ -386,7 +402,11 @@ ATF_TC_BODY(capnet__getaddrinfo, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__gethostbyname); +ATF_TC(capnet__gethostbyname); +ATF_TC_HEAD(capnet__gethostbyname, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__gethostbyname, tc) { cap_channel_t *capnet; @@ -398,7 +418,11 @@ ATF_TC_BODY(capnet__gethostbyname, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__gethostbyaddr); +ATF_TC(capnet__gethostbyaddr); +ATF_TC_HEAD(capnet__gethostbyaddr, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__gethostbyaddr, tc) { cap_channel_t *capnet; @@ -411,7 +435,11 @@ ATF_TC_BODY(capnet__gethostbyaddr, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__getnameinfo_buffer); +ATF_TC(capnet__getnameinfo_buffer); +ATF_TC_HEAD(capnet__getnameinfo_buffer, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__getnameinfo_buffer, tc) { cap_channel_t *chan; @@ -450,7 +478,11 @@ ATF_TC_BODY(capnet__getnameinfo_buffer, tc) cap_close(chan); } -ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name_mode); +ATF_TC(capnet__limits_addr2name_mode); +ATF_TC_HEAD(capnet__limits_addr2name_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_addr2name_mode, tc) { cap_channel_t *capnet; @@ -481,7 +513,11 @@ ATF_TC_BODY(capnet__limits_addr2name_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name_family); +ATF_TC(capnet__limits_addr2name_family); +ATF_TC_HEAD(capnet__limits_addr2name_family, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_addr2name_family, tc) { cap_channel_t *capnet; @@ -526,7 +562,11 @@ ATF_TC_BODY(capnet__limits_addr2name_family, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_addr2name); +ATF_TC(capnet__limits_addr2name); +ATF_TC_HEAD(capnet__limits_addr2name, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_addr2name, tc) { cap_channel_t *capnet; @@ -580,7 +620,11 @@ ATF_TC_BODY(capnet__limits_addr2name, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name_mode); +ATF_TC(capnet__limits_deprecated_addr2name_mode); +ATF_TC_HEAD(capnet__limits_deprecated_addr2name_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_addr2name_mode, tc) { cap_channel_t *capnet; @@ -609,7 +653,11 @@ ATF_TC_BODY(capnet__limits_deprecated_addr2name_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name_family); +ATF_TC(capnet__limits_deprecated_addr2name_family); +ATF_TC_HEAD(capnet__limits_deprecated_addr2name_family, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_addr2name_family, tc) { cap_channel_t *capnet; @@ -660,7 +708,11 @@ ATF_TC_BODY(capnet__limits_deprecated_addr2name_family, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_addr2name); +ATF_TC(capnet__limits_deprecated_addr2name); +ATF_TC_HEAD(capnet__limits_deprecated_addr2name, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_addr2name, tc) { cap_channel_t *capnet; @@ -712,7 +764,11 @@ ATF_TC_BODY(capnet__limits_deprecated_addr2name, tc) } -ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_mode); +ATF_TC(capnet__limits_name2addr_mode); +ATF_TC_HEAD(capnet__limits_name2addr_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_name2addr_mode, tc) { cap_channel_t *capnet; @@ -744,7 +800,11 @@ ATF_TC_BODY(capnet__limits_name2addr_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts); +ATF_TC(capnet__limits_name2addr_hosts); +ATF_TC_HEAD(capnet__limits_name2addr_hosts, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_name2addr_hosts, tc) { cap_channel_t *capnet; @@ -797,7 +857,11 @@ ATF_TC_BODY(capnet__limits_name2addr_hosts, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts_servnames_strict); +ATF_TC(capnet__limits_name2addr_hosts_servnames_strict); +ATF_TC_HEAD(capnet__limits_name2addr_hosts_servnames_strict, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_strict, tc) { cap_channel_t *capnet; @@ -829,7 +893,11 @@ ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_strict, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_hosts_servnames_mix); +ATF_TC(capnet__limits_name2addr_hosts_servnames_mix); +ATF_TC_HEAD(capnet__limits_name2addr_hosts_servnames_mix, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_mix, tc) { cap_channel_t *capnet; @@ -882,7 +950,11 @@ ATF_TC_BODY(capnet__limits_name2addr_hosts_servnames_mix, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_name2addr_family); +ATF_TC(capnet__limits_name2addr_family); +ATF_TC_HEAD(capnet__limits_name2addr_family, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_name2addr_family, tc) { cap_channel_t *capnet; @@ -941,7 +1013,11 @@ ATF_TC_BODY(capnet__limits_name2addr_family, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_mode); +ATF_TC(capnet__limits_deprecated_name2addr_mode); +ATF_TC_HEAD(capnet__limits_deprecated_name2addr_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_name2addr_mode, tc) { cap_channel_t *capnet; @@ -972,7 +1048,11 @@ ATF_TC_BODY(capnet__limits_deprecated_name2addr_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_hosts); +ATF_TC(capnet__limits_deprecated_name2addr_hosts); +ATF_TC_HEAD(capnet__limits_deprecated_name2addr_hosts, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_name2addr_hosts, tc) { cap_channel_t *capnet; @@ -1011,7 +1091,11 @@ ATF_TC_BODY(capnet__limits_deprecated_name2addr_hosts, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_name2addr_family); +ATF_TC(capnet__limits_deprecated_name2addr_family); +ATF_TC_HEAD(capnet__limits_deprecated_name2addr_family, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_name2addr_family, tc) { cap_channel_t *capnet; @@ -1065,7 +1149,11 @@ ATF_TC_BODY(capnet__limits_deprecated_name2addr_family, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_bind_mode); +ATF_TC(capnet__limits_bind_mode); +ATF_TC_HEAD(capnet__limits_bind_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_bind_mode, tc) { cap_channel_t *capnet; @@ -1097,7 +1185,11 @@ ATF_TC_BODY(capnet__limits_bind_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_bind); +ATF_TC(capnet__limits_bind); +ATF_TC_HEAD(capnet__limits_bind, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_bind, tc) { cap_channel_t *capnet; @@ -1122,7 +1214,11 @@ ATF_TC_BODY(capnet__limits_bind, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_connect_mode); +ATF_TC(capnet__limits_connect_mode); +ATF_TC_HEAD(capnet__limits_connect_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_connect_mode, tc) { cap_channel_t *capnet; @@ -1154,7 +1250,11 @@ ATF_TC_BODY(capnet__limits_connect_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_connect_dns_mode); +ATF_TC(capnet__limits_connect_dns_mode); +ATF_TC_HEAD(capnet__limits_connect_dns_mode, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_connect_dns_mode, tc) { cap_channel_t *capnet; @@ -1186,7 +1286,11 @@ ATF_TC_BODY(capnet__limits_connect_dns_mode, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_connect); +ATF_TC(capnet__limits_connect); +ATF_TC_HEAD(capnet__limits_connect, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_connect, tc) { cap_channel_t *capnet; @@ -1230,7 +1334,11 @@ ATF_TC_BODY(capnet__limits_connect, tc) cap_close(capnet); } -ATF_TC_WITHOUT_HEAD(capnet__limits_connecttodns); +ATF_TC(capnet__limits_connecttodns); +ATF_TC_HEAD(capnet__limits_connecttodns, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_connecttodns, tc) { cap_channel_t *capnet; @@ -1279,7 +1387,11 @@ ATF_TC_BODY(capnet__limits_connecttodns, tc) } -ATF_TC_WITHOUT_HEAD(capnet__limits_deprecated_connecttodns); +ATF_TC(capnet__limits_deprecated_connecttodns); +ATF_TC_HEAD(capnet__limits_deprecated_connecttodns, tc) +{ + atf_tc_set_md_var(tc, "require.config", "allow_network_access"); +} ATF_TC_BODY(capnet__limits_deprecated_connecttodns, tc) { cap_channel_t *capnet; diff --git a/lib/libpam/modules/pam_krb5/Makefile b/lib/libpam/modules/pam_krb5/Makefile index b537bf37b7f3..c1792b5fb61d 100644 --- a/lib/libpam/modules/pam_krb5/Makefile +++ b/lib/libpam/modules/pam_krb5/Makefile @@ -32,7 +32,7 @@ SRCDIR= ${SRCTOP}/contrib/pam-krb5 ${SRCDIR}/pam-util \ ${SRCDIR} -PACKAGE= krb5 +PACKAGE= kerberos LIB= pam_krb5 LIBADD= com_err krb5 diff --git a/lib/libpfctl/libpfctl.c b/lib/libpfctl/libpfctl.c index e4123fe02211..d8e60075e103 100644 --- a/lib/libpfctl/libpfctl.c +++ b/lib/libpfctl/libpfctl.c @@ -3348,6 +3348,11 @@ pfctl_clear_tstats(struct pfctl_handle *h, const struct pfr_table *filter, return (e.error); } +static struct snl_attr_parser ap_clr_addrs[] = { + { .type = PF_T_NBR_DELETED, .off = 0, .cb = snl_attr_get_uint64 }, +}; +SNL_DECLARE_PARSER(clr_addrs_parser, struct genlmsghdr, snl_f_p_empty, ap_clr_addrs); + int pfctl_clear_addrs(struct pfctl_handle *h, const struct pfr_table *filter, int *ndel, int flags) @@ -3380,7 +3385,7 @@ pfctl_clear_addrs(struct pfctl_handle *h, const struct pfr_table *filter, return (ENXIO); while ((hdr = snl_read_reply_multi(&h->ss, seq_id, &e)) != NULL) { - if (!snl_parse_nlmsg(&h->ss, hdr, &tstats_clr_parser, &del)) + if (!snl_parse_nlmsg(&h->ss, hdr, &clr_addrs_parser, &del)) continue; if (ndel) *ndel = (uint32_t)del; diff --git a/lib/libsys/mkdir.2 b/lib/libsys/mkdir.2 index e1f1624cebc4..100f44d1dcf9 100644 --- a/lib/libsys/mkdir.2 +++ b/lib/libsys/mkdir.2 @@ -176,4 +176,4 @@ system call appeared in The .Fn mkdir system call appeared in -.At v1 . +.Bx 4.2 . diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index 8c0aa87e1d13..dfd2431f9c35 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -70,6 +70,8 @@ mountd_precmd() } load_rc_config $name +load_rc_config nfsd +load_rc_config zfs # precmd is not compatible with svcj mountd_svcj="NO" diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index f8f9bd549a2e..a3faee86e7d0 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -351,10 +351,14 @@ main(int argc, char *argv[]) tftp_log(LOG_ERR, "chdir: %s", strerror(errno)); exit(1); } - if (setgroups(1, &nobody->pw_gid) != 0) { + if (setgroups(0, NULL) != 0) { tftp_log(LOG_ERR, "setgroups failed"); exit(1); } + if (setgid(nobody->pw_gid) != 0) { + tftp_log(LOG_ERR, "setgid failed"); + exit(1); + } if (setuid(nobody->pw_uid) != 0) { tftp_log(LOG_ERR, "setuid failed"); exit(1); diff --git a/release/Makefile b/release/Makefile index 5d7d1402d6f8..b6a9aa42c2e2 100644 --- a/release/Makefile +++ b/release/Makefile @@ -162,7 +162,8 @@ kernel.txz: # Also (if enabled) kernel-dbg.txz. src.txz: mkdir -p ${DISTDIR}/usr - ln -fs ${WORLDDIR} ${DISTDIR}/usr/src + rm -f ${DISTDIR}/usr/src + ln -s ${WORLDDIR} ${DISTDIR}/usr/src ( cd ${DISTDIR} && ${TAR_XZ_CMD} -cLvf ${.OBJDIR}/src.txz \ --exclude .svn --exclude .zfs \ --exclude .git --exclude @ --exclude usr/src/release/dist \ @@ -170,7 +171,8 @@ src.txz: ports.txz: mkdir -p ${DISTDIR}/usr - ln -fs ${PORTSDIR} ${DISTDIR}/usr/ports + rm -f ${DISTDIR}/usr/ports + ln -s ${PORTSDIR} ${DISTDIR}/usr/ports ( cd ${DISTDIR} && ${TAR_XZ_CMD} -cLvf ${.OBJDIR}/ports.txz \ --exclude .git --exclude .svn \ --exclude usr/ports/distfiles --exclude usr/ports/packages \ diff --git a/release/packages/ucl/kerberos-all.ucl b/release/packages/ucl/kerberos-all.ucl index 6fb7f059296b..bf82040da3d0 100644 --- a/release/packages/ucl/kerberos-all.ucl +++ b/release/packages/ucl/kerberos-all.ucl @@ -1,4 +1,4 @@ -comment = "Kerberos Utilities" +comment = "Kerberos utilities" desc = <<EOD -Kerberos Utilities +The Kerberos command-line utilities, including kinit and kadmin. EOD diff --git a/release/packages/ucl/kerberos-kdc-all.ucl b/release/packages/ucl/kerberos-kdc-all.ucl new file mode 100644 index 000000000000..068d2f26bc8d --- /dev/null +++ b/release/packages/ucl/kerberos-kdc-all.ucl @@ -0,0 +1,5 @@ +comment = "Kerberos key distribution center" +desc = <<EOD +The Kerberos KDC, which manages the Kerberos database and issues tickets +to clients. +EOD diff --git a/release/packages/ucl/kerberos-lib-all.ucl b/release/packages/ucl/kerberos-lib-all.ucl index ab769ee16f96..b524563a976d 100644 --- a/release/packages/ucl/kerberos-lib-all.ucl +++ b/release/packages/ucl/kerberos-lib-all.ucl @@ -1,4 +1,4 @@ -comment = "Kerberos Libraries" +comment = "Kerberos libraries" desc = <<EOD -Kerberos Libraries +Libraries requires to run programs that use Kerberos. EOD diff --git a/release/packages/ucl/krb5-all.ucl b/release/packages/ucl/krb5-all.ucl deleted file mode 100644 index e269aabe1e85..000000000000 --- a/release/packages/ucl/krb5-all.ucl +++ /dev/null @@ -1,4 +0,0 @@ -comment = "KRB5 Utilities" -desc = <<EOD -KRB5 Utilities -EOD diff --git a/release/packages/ucl/krb5-lib-all.ucl b/release/packages/ucl/krb5-lib-all.ucl deleted file mode 100644 index 854b8a9f85df..000000000000 --- a/release/packages/ucl/krb5-lib-all.ucl +++ /dev/null @@ -1,4 +0,0 @@ -comment = "KRB5 Libraries" -desc = <<EOD -KRB5 Libraries -EOD diff --git a/release/tools/oci-image-static.conf b/release/tools/oci-image-static.conf index 753a03af653b..8e642d9defce 100644 --- a/release/tools/oci-image-static.conf +++ b/release/tools/oci-image-static.conf @@ -14,7 +14,7 @@ oci_image_build() { mtree -deU -p $m/usr -f ${srcdir}/etc/mtree/BSD.usr.dist > /dev/null mtree -deU -p $m/usr/include -f ${srcdir}/etc/mtree/BSD.include.dist > /dev/null mtree -deU -p $m/usr/lib -f ${srcdir}/etc/mtree/BSD.debug.dist > /dev/null - install_packages ${abi} ${workdir} FreeBSD-caroot FreeBSD-zoneinfo + install_packages ${abi} ${workdir} FreeBSD-zoneinfo cp ${srcdir}/etc/master.passwd $m/etc pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $? cp ${srcdir}/etc/group $m/etc || return $? @@ -22,7 +22,10 @@ oci_image_build() { # working directory to OBJDIR/release cp ../etc/termcap/termcap.small $m/etc/termcap.small || return $? cp ../etc/termcap/termcap.small $m/usr/share/misc/termcap || return $? - env DESTDIR=$m /usr/sbin/certctl rehash + env DESTDIR=$m \ + TRUSTPATH=${srcdir}/secure/caroot/trusted \ + UNTRUSTPATH=${srcdir}/secure/caroot/untrusted \ + certctl -c rehash # Generate a suitable repo config for pkgbase case ${branch} in CURRENT|STABLE|BETA*) diff --git a/sbin/devd/devd.cc b/sbin/devd/devd.cc index d7a3fee57870..1ff405244cde 100644 --- a/sbin/devd/devd.cc +++ b/sbin/devd/devd.cc @@ -153,6 +153,8 @@ static volatile sig_atomic_t romeo_must_die = 0; static const char *configfile = CF; +static char vm_guest[80]; + static void devdlog(int priority, const char* message, ...) __printflike(2, 3); static void event_loop(void); @@ -867,6 +869,8 @@ process_event(char *buffer) cfg.set_variable("timestamp", timestr); free(timestr); + cfg.set_variable("vm_guest", vm_guest); + // Match doesn't have a device, and the format is a little // different, so handle it separately. switch (type) { @@ -1107,6 +1111,14 @@ event_loop(void) err(1, "select"); } else if (rv == 0) check_clients(); + /* + * Aside from the socket type, both sockets use the same + * protocol, so we can process clients the same way. + */ + if (FD_ISSET(stream_fd, &fds)) + new_client(stream_fd, SOCK_STREAM); + if (FD_ISSET(seqpacket_fd, &fds)) + new_client(seqpacket_fd, SOCK_SEQPACKET); if (FD_ISSET(fd, &fds)) { rv = read(fd, buffer, sizeof(buffer) - 1); if (rv > 0) { @@ -1135,14 +1147,6 @@ event_loop(void) break; } } - if (FD_ISSET(stream_fd, &fds)) - new_client(stream_fd, SOCK_STREAM); - /* - * Aside from the socket type, both sockets use the same - * protocol, so we can process clients the same way. - */ - if (FD_ISSET(seqpacket_fd, &fds)) - new_client(seqpacket_fd, SOCK_SEQPACKET); } cfg.remove_pidfile(); close(seqpacket_fd); @@ -1322,6 +1326,7 @@ int main(int argc, char **argv) { int ch; + size_t len; check_devd_enabled(); while ((ch = getopt(argc, argv, "df:l:nq")) != -1) { @@ -1346,6 +1351,12 @@ main(int argc, char **argv) } } + len = sizeof(vm_guest); + if (sysctlbyname("kern.vm_guest", vm_guest, &len, NULL, 0) < 0) { + devdlog(LOG_ERR, + "sysctlbyname(kern.vm_guest) failed: %d\n", errno); + } + cfg.parse(); if (!no_daemon && daemonize_quick) { cfg.open_pidfile(); diff --git a/sbin/devd/hyperv.conf b/sbin/devd/hyperv.conf index 13695a0c75b6..70108ac36e54 100644 --- a/sbin/devd/hyperv.conf +++ b/sbin/devd/hyperv.conf @@ -103,5 +103,6 @@ notify 10 { notify 10 { match "system" "ETHERNET"; match "type" "IFATTACH"; + match "vm_guest" "hv"; action "/usr/libexec/hyperv/hyperv_vfattach $subsystem 0"; }; diff --git a/sbin/reboot/reboot.8 b/sbin/reboot/reboot.8 index 0ddcee643244..1bbc39d52be4 100644 --- a/sbin/reboot/reboot.8 +++ b/sbin/reboot/reboot.8 @@ -110,6 +110,15 @@ Care should be taken if .Va value contains any characters that are special to the shell or loader's configuration parsing code. +.It Fl f +Force reboot. +Normally, +.Nm +checks for the presence of the next kernel, +and absence of the +.Pa /var/run/noshutdown +file. +Without this flag, reboot is denied if one of the conditions failed. .It Fl k Ar kname Boot the specified kernel .Ar kname diff --git a/sbin/reboot/reboot.c b/sbin/reboot/reboot.c index 9825d4f96319..f6065e80fb66 100644 --- a/sbin/reboot/reboot.c +++ b/sbin/reboot/reboot.c @@ -40,6 +40,7 @@ #include <err.h> #include <errno.h> #include <fcntl.h> +#include <paths.h> #include <pwd.h> #include <signal.h> #include <spawn.h> @@ -222,6 +223,7 @@ main(int argc, char *argv[]) { struct utmpx utx; const struct passwd *pw; + struct stat st; int ch, howto = 0, i, sverrno; bool Dflag, fflag, lflag, Nflag, nflag, qflag; uint64_t pageins; @@ -294,6 +296,11 @@ main(int argc, char *argv[]) if (argc != 0) usage(); + if (!donextboot && !fflag && stat(_PATH_NOSHUTDOWN, &st) == 0) { + errx(1, "Reboot cannot be done, " _PATH_NOSHUTDOWN + " is present"); + } + if (Dflag && ((howto & ~RB_HALT) != 0 || kernel != NULL)) errx(1, "cannot delete existing nextboot config and do anything else"); if ((howto & (RB_DUMP | RB_HALT)) == (RB_DUMP | RB_HALT)) diff --git a/sbin/recoverdisk/recoverdisk.1 b/sbin/recoverdisk/recoverdisk.1 index 2999ac6ec409..9f1deb4c0c23 100644 --- a/sbin/recoverdisk/recoverdisk.1 +++ b/sbin/recoverdisk/recoverdisk.1 @@ -27,7 +27,7 @@ .Os .Sh NAME .Nm recoverdisk -.Nd recover data from hard disk or optical media +.Nd recover data from disk-like devices. .Sh SYNOPSIS .Nm .Op Fl b Ar bigsize @@ -41,79 +41,101 @@ .Sh DESCRIPTION The .Nm -utility reads data from the +utility reads all data from the .Ar source -file until all blocks could be successfully read. +and retries read operations until they succeed. If .Ar destination -was specified all data is being written to that file. -It starts reading in multiples of the sector size. -Whenever a block fails, it is put to the end of the working queue and will be -read again, possibly with a smaller read size. +is specified all data read be written there. .Pp -By default it uses block sizes of roughly 1 MB, 32kB, and the native -sector size (usually 512 bytes). -These figures are adjusted slightly, for devices whose sectorsize is not a -power of 2, e.g., audio CDs with a sector size of 2352 bytes. +The internal work-list can be saved and loaded so that +.Nm +sessions can be resumed, for instance when a marginal +source hard-disk shuts down. +.Pp +The work-list is initialized with a single item which covers the entire +.Ar source +and +.Nm +always chips away at the first item on the work-list. + +When a read succeeds, that part of the current chunk is eliminated +from the work-list. + +When a read fails, that part of the item is appended to the worklist +as a separate item, and will be retried in due order. +If +.Ar destination +is specified, the corresponding range is filled with '_UNREAD_'. +.Pp +The first pass attempts to read everything in "big-size" chunks, +the second pass reads in "medium-size" chunks and third and subsequent +passes read in "small-size" chunks. This three stage process is +an attempt to optimize the case where only a few bad blocks exist +on +.Ar source . +If too many read-errors are encountered, +.Nm +will fall back to smaller sizes sooner. +.Pp +The three sizes default to 128kB (or less if the sector size does +not divide 128kB cleanly, for instance audio CD media), and the +reported +.Dv DIOCGSTRIPESIZE +and +.Dv DIOCGSECTORSIZE +respectively. .Pp The options are as follows: .Bl -tag -width indent .It Fl b Ar bigsize -The size of reads attempted first. -The middle pass is roughly the logarithmic average of the bigsize and -the sectorsize. -.It Fl r Ar readlist -Read the list of blocks and block sizes to read from the specified file. -.It Fl s Ar interval -How often we should update the writelist file while things go OK. -The default is 60 and the unit is "progress messages" so if things -go well, this is the same as once per minute. +The size of reads attempted in first pass. +.It Fl m Ar mediumsize +The size of reads attempted in second pass. +.It Fl s Ar smallsize +The size of reads attempted in third and subsequent passes. +.It Fl r Ar work-list-file +Read the work-list from a file. +.It Fl w Ar work-list-file +Write the work-list to a file when a read succeed, but at most once +every minute. +.It Fl l Ar log-file +Each successful read is logged with timestamp, offset and length. +.It Fl t Ar totalsize +How many bytes should be recovered. The default is what +.Dv DIOCGMEDIASIZE +reports for character and block devices or +.Dv st_size +if +.Ar source +is a regular file. +.It Fl p Ar pause +.Xr sleep 3 +this long whenever a read fails. This makes the +.Ar source +device look less sick to the operating system. .It Fl u Ar pattern -By default blocks which encounter read errors will be filled with -the pattern +By default blocks which cannot be read are filled with the pattern .Ql _UNREAD_ -in the output file. -This option can be -used to specify another pattern. -Nothing gets written if the string is empty. +in the output file. This option can be used to specify a different +pattern. If the pattern is the empty string, nothing is written. .It Fl v -Enables nicer status report using ANSI escapes and UTF-8. -.It Fl w Ar writelist -Write the list of remaining blocks to read to the specified file if -.Nm -is aborted via -.Dv SIGINT . +Produce a detailed progress report with ANSI escapes and UTF-8. .El .Pp -The -.Fl r -and -.Fl w -options can be specified together. -Especially, they can point to the same file, which will be updated on abort. -.Sh OUTPUT -The .Nm -utility -prints several columns, detailing the progress -.Bl -tag -width remaining -.It Va start -Starting offset of the current block. -.It Va size -Read size of the current block. -.It Va len -Length of the current block. -.It Va state -Is increased for every failed read. -.It Va done -Number of bytes already read. -.It Va remaining -Number of bytes remaining. -.It Va "% done" -Percent complete. -.El +can be aborted with +.Dv SIGINT , +but with a sick +.Ar source +it may take up to several minutes before the current read operation +returns from the kernel. +.Pp .Sh EXAMPLES .Bd -literal +# check if all sectors can be read on a USB stick: +recoverdisk /dev/da0 + # recover data from failing hard drive ada3 recoverdisk /dev/ada3 /data/disk.img @@ -129,10 +151,72 @@ recoverdisk -r worklist -w worklist /dev/cd0 /data/cd.iso # recover a single file from the unreadable media recoverdisk /cdrom/file.avi file.avi -# If the disk hangs the system on read-errors try: -recoverdisk -b 0 /dev/ada3 /somewhere - .Ed +.Sh PRACTICAL ADVICE +In Datamuseum.dk +.Nm +has been used to recover all sorts of data-media for two decades, +here are some things we have learned: +.Bl -bullet +.It +Interacting with failing hardware has a tendency to crash machines, +so it is always a good idea to use the +.Fl -w work-list-file +so that it is possible to continue. +.It +When attempting to recover hard to read data from failing hard disks, +it pays to pamper the drive as much as possible: +.It +It is generally best to keep the drive in it's usual physical orientation, +but it can also help to try other orientations. +.It +Insulate the drive from external vibrations. +.It +Keep the drive cool with a fan. +.It +If possible, power the drive from a laboratory power supply. +.It +Do not loose patience: Let +.Nm +run as long as possible. +.It +(S)ATA controllers do not handle failing disks well, if this +is a problem, use a USB-(S)ATA adapter instead. +.It +The +.Nm +source code is deliberately written to be easily portable to +older versions of +.Fx +and to other operating systems. +.It +If you need to read ST-506, RLL or ESDI drives +.Fx 3.5.1 +is a good compromise. +.It +Sometimes forcing the disk to step between reads helps. +Since +.Nm +process the work-list in the order it is read, this +can be accomplished by sorting the work-list with +something like: +.Dl % sort +0.5 +.It +By default the +.Xr CAM +layer will retry failing read operations, but that +will get stuck on the bad sectors for long time +and delay recovering what actually can be read from +a rapidly failing drive. +In that situation, set the appropriate +.Dl kern.cam.*.retry_count +sysctl to zero. +.It +For floppies and un-zoned hard disks (ST-506 to +early IDE) set +.Fl b Ar bigsize +to the size of a track. +.El .Sh SEE ALSO .Xr dd 1 , .Xr ada 4 , @@ -143,7 +227,8 @@ recoverdisk -b 0 /dev/ada3 /somewhere The .Nm utility first appeared in -.Fx 7.0 . +.Fx 7.0 +because Somebodyâ„¢ forgot to make a backup copy. .Sh AUTHORS .An -nosplit The original implementation was done by @@ -151,34 +236,29 @@ The original implementation was done by with minor improvements from .An Ulrich Sp\(:orlein Aq Mt uqs@FreeBSD.org . .Pp -This manual page was written by +This manual page was originally written by .An Ulrich Sp\(:orlein . .Sh BUGS -Reading from media where the sectorsize is not a power of 2 will make all -1 MB reads fail. -This is due to the DMA reads being split up into blocks of at most 128kB. -These reads then fail if the sectorsize is not a divisor of 128kB. -When reading a full raw audio CD, this leads to roughly 700 error messages -flying by. -This is harmless and can be avoided by setting -.Fl b -to no more than 128kB. +If a failing device causes the machine to crash, there is +a risk that a chunk might have been successfully read +and removed from the work-list, but not yet flushed to +the +.Ar destination . .Pp .Nm -needs to know about read errors as fast as possible, i.e., retries by lower -layers will usually slow down the operation. -When using -.Xr cam 4 -attached drives, you may want to set kern.cam.XX.retry_count to zero, e.g.: -.Bd -literal -# sysctl kern.cam.ada.retry_count=0 -# sysctl kern.cam.cd.retry_count=0 -# sysctl kern.cam.da.retry_count=0 -.Ed -.\".Pp -.\"When reading from optical media, a bug in the GEOM framework will -.\"prevent it from seeing that the media has been removed. -.\"The device can still be opened, but all reads will fail. -.\"This is usually harmless, but will send -.\".Nm -.\"into an infinite loop. +calls +.Xr fdatasync 3 +on the destination before writing the work-list to a +temporary file, and calls it again on the temporary +file before renaming it to the specified +.Fl w Ar work-file-list +filename. +But even then things dont always work out. +.Pp +.Nm +should have an option for reconstructing the work-list +from the +.Ar destination +by enumerating the +.Fl u Ar pattern +filled ranges. diff --git a/sbin/recoverdisk/recoverdisk.c b/sbin/recoverdisk/recoverdisk.c index 446266c36d50..e1b283e54a93 100644 --- a/sbin/recoverdisk/recoverdisk.c +++ b/sbin/recoverdisk/recoverdisk.c @@ -8,6 +8,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- */ + #include <sys/param.h> #include <sys/queue.h> #include <sys/disk.h> @@ -27,18 +28,10 @@ #include <time.h> #include <unistd.h> -/* Safe printf into a fixed-size buffer */ -#define bprintf(buf, fmt, ...) \ - do { \ - int ibprintf; \ - ibprintf = snprintf(buf, sizeof buf, fmt, __VA_ARGS__); \ - assert(ibprintf >= 0 && ibprintf < (int)sizeof buf); \ - } while (0) - struct lump { - off_t start; - off_t len; - int state; + uint64_t start; + uint64_t len; + unsigned pass; TAILQ_ENTRY(lump) list; }; @@ -46,25 +39,32 @@ struct period { time_t t0; time_t t1; char str[20]; - off_t bytes_read; + uint64_t bytes_read; TAILQ_ENTRY(period) list; }; TAILQ_HEAD(period_head, period); static volatile sig_atomic_t aborting = 0; static int verbose = 0; -static size_t bigsize = 1024 * 1024; -static size_t medsize; -static size_t minsize = 512; -static off_t tot_size; -static off_t done_size; +static uint64_t big_read; +static uint64_t medium_read; +static uint64_t small_read; +static uint64_t total_size; +static uint64_t done_size; static char *input; -static char *wworklist = NULL; -static char *rworklist = NULL; +static char *write_worklist_file = NULL; +static char *read_worklist_file = NULL; static const char *unreadable_pattern = "_UNREAD_"; -static const int write_errors_are_fatal = 1; -static int fdr, fdw; - +static int write_errors_are_fatal = 1; +static int read_fd, write_fd; +static FILE *log_file = NULL; +static char *work_buf; +static char *pattern_buf; +static double error_pause; + +static unsigned nlumps; +static double n_reads, n_good_reads; +static time_t t_first; static TAILQ_HEAD(, lump) lumps = TAILQ_HEAD_INITIALIZER(lumps); static struct period_head minute = TAILQ_HEAD_INITIALIZER(minute); static struct period_head quarter = TAILQ_HEAD_INITIALIZER(quarter); @@ -74,7 +74,8 @@ static struct period_head day = TAILQ_HEAD_INITIALIZER(quarter); /**********************************************************************/ static void -report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) +account_good_read_period(time_t now, uint64_t bytes, + struct period_head *ph, time_t dt) { struct period *pp; const char *fmt; @@ -82,7 +83,7 @@ report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) pp = TAILQ_FIRST(ph); if (pp == NULL || pp->t1 < now) { - pp = calloc(1, sizeof(*pp)); + pp = calloc(1UL, sizeof(*pp)); assert(pp != NULL); pp->t0 = (now / dt) * dt; pp->t1 = (now / dt + 1) * dt; @@ -98,13 +99,13 @@ report_good_read2(time_t now, size_t bytes, struct period_head *ph, time_t dt) } static void -report_good_read(time_t now, size_t bytes) +account_good_read(time_t now, uint64_t bytes) { - report_good_read2(now, bytes, &minute, 60L); - report_good_read2(now, bytes, &quarter, 900L); - report_good_read2(now, bytes, &hour, 3600L); - report_good_read2(now, bytes, &day, 86400L); + account_good_read_period(now, bytes, &minute, 60L); + account_good_read_period(now, bytes, &quarter, 900L); + account_good_read_period(now, bytes, &hour, 3600L); + account_good_read_period(now, bytes, &day, 86400L); } static void @@ -114,20 +115,18 @@ report_one_period(const char *period, struct period_head *ph) int n; n = 0; - printf("%s \xe2\x94\x82", period); + printf("%s ", period); TAILQ_FOREACH(pp, ph, list) { - if (n == 3) { + if (++n == 4) { TAILQ_REMOVE(ph, pp, list); free(pp); break; } - if (n++) - printf(" \xe2\x94\x82"); - printf(" %s %14jd", pp->str, pp->bytes_read); + printf("\xe2\x94\x82 %s %14ju ", + pp->str, (uintmax_t)pp->bytes_read); } for (; n < 3; n++) { - printf(" \xe2\x94\x82"); - printf(" %5s %14s", "", ""); + printf("\xe2\x94\x82 %5s %14s ", "", ""); } printf("\x1b[K\n"); } @@ -146,27 +145,23 @@ report_periods(void) static void set_verbose(void) { - struct winsize wsz; - if (!isatty(STDIN_FILENO) || ioctl(STDIN_FILENO, TIOCGWINSZ, &wsz)) - return; verbose = 1; } static void -report_header(int eol) +report_header(const char *term) { - printf("%13s %7s %13s %5s %13s %13s %9s", + printf("%13s %7s %13s %5s %13s %13s %9s%s", "start", "size", "block-len", "pass", "done", "remaining", - "% done"); - if (eol) - printf("\x1b[K"); - putchar('\n'); + "% done", + term + ); } #define REPORTWID 79 @@ -186,20 +181,20 @@ report_hline(const char *how) printf("\x1b[K\n"); } -static off_t hist[REPORTWID]; -static off_t last_done = -1; +static uint64_t hist[REPORTWID]; +static uint64_t prev_done = ~0UL; static void -report_histogram(const struct lump *lp) +report_histogram(uint64_t start) { - off_t j, bucket, fp, fe, k, now; + uint64_t j, bucket, fp, fe, k, now; double a; struct lump *lp2; - bucket = tot_size / REPORTWID; - if (tot_size > bucket * REPORTWID) + bucket = total_size / REPORTWID; + if (total_size > bucket * REPORTWID) bucket += 1; - if (done_size != last_done) { + if (done_size != prev_done) { memset(hist, 0, sizeof hist); TAILQ_FOREACH(lp2, &lumps, list) { fp = lp2->start; @@ -213,9 +208,9 @@ report_histogram(const struct lump *lp) fp += k; } } - last_done = done_size; + prev_done = done_size; } - now = lp->start / bucket; + now = start / bucket; for (j = 0; j < REPORTWID; j++) { a = round(8 * (double)hist[j] / bucket); assert (a >= 0 && a < 9); @@ -228,7 +223,7 @@ report_histogram(const struct lump *lp) } else { putchar(0xe2); putchar(0x96); - putchar(0x80 + (int)a); + putchar(0x80 + (char)a); } if (j == now) printf("\x1b[0m"); @@ -237,34 +232,40 @@ report_histogram(const struct lump *lp) } static void -report(const struct lump *lp, size_t sz) +report(uint64_t sz) { struct winsize wsz; + const struct lump *lp = TAILQ_FIRST(&lumps); int j; - - assert(lp != NULL); + unsigned pass = 0; + uintmax_t start = 0, length = 0; + time_t t_now = time(NULL); + + if (lp != NULL) { + pass = lp->pass; + start = lp->start; + length = lp->len; + } if (verbose) { printf("\x1b[H%s\x1b[K\n", input); - report_header(1); - } else { - putchar('\r'); + report_header("\x1b[K\n"); } - printf("%13jd %7zu %13jd %5d %13jd %13jd %9.4f", - (intmax_t)lp->start, - sz, - (intmax_t)lp->len, - lp->state, - (intmax_t)done_size, - (intmax_t)(tot_size - done_size), - 100*(double)done_size/(double)tot_size + printf("%13ju %7ju %13ju %5u %13ju %13ju %9.4f", + start, + (uintmax_t)sz, + length, + pass, + (uintmax_t)done_size, + (uintmax_t)(total_size - done_size), + 100*(double)done_size/(double)total_size ); if (verbose) { printf("\x1b[K\n"); report_hline(NULL); - report_histogram(lp); + report_histogram(start); if (TAILQ_EMPTY(&minute)) { report_hline(NULL); } else { @@ -272,27 +273,36 @@ report(const struct lump *lp, size_t sz) report_periods(); report_hline("\xe2\x94\xb4"); } + printf("Missing: %u", nlumps); + printf(" Success: %.0f/%.0f =", n_good_reads, n_reads); + printf(" %.4f%%", 100 * n_good_reads / n_reads); + printf(" Duration: %.3fs", (t_now - t_first) / n_reads); + printf("\x1b[K\n"); + report_hline(NULL); j = ioctl(STDIN_FILENO, TIOCGWINSZ, &wsz); if (!j) printf("\x1b[%d;1H", wsz.ws_row); + } else { + printf("\n"); } - fflush(stdout); } /**********************************************************************/ static void -new_lump(off_t start, off_t len, int state) +new_lump(uint64_t start, uint64_t len, unsigned pass) { struct lump *lp; + assert(len > 0); lp = malloc(sizeof *lp); if (lp == NULL) err(1, "Malloc failed"); lp->start = start; lp->len = len; - lp->state = state; + lp->pass = pass; TAILQ_INSERT_TAIL(&lumps, lp, list); + nlumps += 1; } /********************************************************************** @@ -306,98 +316,100 @@ save_worklist(void) struct lump *llp; char buf[PATH_MAX]; - if (fdw >= 0 && fdatasync(fdw)) + if (write_fd >= 0 && fdatasync(write_fd)) err(1, "Write error, probably disk full"); - if (wworklist != NULL) { - bprintf(buf, "%s.tmp", wworklist); - (void)fprintf(stderr, "\nSaving worklist ..."); - (void)fflush(stderr); + if (write_worklist_file != NULL) { + snprintf(buf, sizeof(buf), "%s.tmp", write_worklist_file); + fprintf(stderr, "\nSaving worklist ..."); file = fopen(buf, "w"); if (file == NULL) err(1, "Error opening file %s", buf); - TAILQ_FOREACH(llp, &lumps, list) - fprintf(file, "%jd %jd %d\n", - (intmax_t)llp->start, (intmax_t)llp->len, - llp->state); - (void)fflush(file); + TAILQ_FOREACH(llp, &lumps, list) { + assert (llp->len > 0); + fprintf(file, "%ju %ju %u\n", + (uintmax_t)llp->start, + (uintmax_t)llp->len, + llp->pass); + } + fflush(file); if (ferror(file) || fdatasync(fileno(file)) || fclose(file)) err(1, "Error writing file %s", buf); - if (rename(buf, wworklist)) - err(1, "Error renaming %s to %s", buf, wworklist); - (void)fprintf(stderr, " done.\n"); + if (rename(buf, write_worklist_file)) + err(1, "Error renaming %s to %s", + buf, write_worklist_file); + fprintf(stderr, " done.\n"); } } /* Read the worklist if -r was given */ -static off_t -read_worklist(off_t t) +static uint64_t +read_worklist(void) { - off_t s, l, d; - int state, lines; + uintmax_t start, length; + uint64_t missing = 0; + unsigned pass, lines; FILE *file; - (void)fprintf(stderr, "Reading worklist ..."); - (void)fflush(stderr); - file = fopen(rworklist, "r"); + fprintf(stderr, "Reading worklist ..."); + file = fopen(read_worklist_file, "r"); if (file == NULL) - err(1, "Error opening file %s", rworklist); + err(1, "Error opening file %s", read_worklist_file); lines = 0; - d = t; for (;;) { ++lines; - if (3 != fscanf(file, "%jd %jd %d\n", &s, &l, &state)) { + if (3 != fscanf(file, "%ju %ju %u\n", &start, &length, &pass)) { if (!feof(file)) - err(1, "Error parsing file %s at line %d", - rworklist, lines); + err(1, "Error parsing file %s at line %u", + read_worklist_file, lines); else break; } - new_lump(s, l, state); - d -= l; + if (length > 0) { + new_lump(start, length, pass); + missing += length; + } } if (fclose(file)) - err(1, "Error closing file %s", rworklist); - (void)fprintf(stderr, " done.\n"); + err(1, "Error closing file %s", read_worklist_file); + fprintf(stderr, " done.\n"); /* - * Return the number of bytes already read - * (at least not in worklist). + * Return the number of bytes outstanding */ - return (d); + return (missing); } /**********************************************************************/ static void -write_buf(int fd, const void *buf, ssize_t len, off_t where) +write_buf(int fd, const void *buf, uint64_t length, uint64_t where) { - ssize_t i; + int64_t i; - i = pwrite(fd, buf, len, where); - if (i == len) + i = pwrite(fd, buf, length, (off_t)where); + if (i > 0 && (uint64_t)i == length) return; - printf("\nWrite error at %jd/%zu\n\t%s\n", - where, i, strerror(errno)); + printf("\nWrite error at %ju/%ju: %jd (%s)\n", + (uintmax_t)where, + (uintmax_t)length, + (intmax_t)i, strerror(errno)); save_worklist(); if (write_errors_are_fatal) exit(3); } static void -fill_buf(char *buf, ssize_t len, const char *pattern) +fill_buf(char *buf, int64_t len, const char *pattern) { - ssize_t sz = strlen(pattern); - ssize_t i, j; + int64_t sz = strlen(pattern); + int64_t i; for (i = 0; i < len; i += sz) { - j = len - i; - if (j > sz) - j = sz; - memcpy(buf + i, pattern, j); + memcpy(buf + i, pattern, MIN(len - i, sz)); } } @@ -406,45 +418,334 @@ fill_buf(char *buf, ssize_t len, const char *pattern) static void usage(void) { - (void)fprintf(stderr, "usage: recoverdisk [-b bigsize] [-r readlist] " + fprintf(stderr, "usage: recoverdisk [-b big_read] [-r readlist] " "[-s interval] [-w writelist] source [destination]\n"); /* XXX update */ exit(1); } static void -sighandler(__unused int sig) +sighandler(int sig) { + (void)sig; aborting = 1; } +/**********************************************************************/ + +static int64_t +attempt_one_lump(time_t t_now) +{ + struct lump *lp; + uint64_t sz; + int64_t retval; + int error; + + lp = TAILQ_FIRST(&lumps); + if (lp == NULL) + return(0); + + if (lp->pass == 0) { + sz = MIN(lp->len, big_read); + } else if (lp->pass == 1) { + sz = MIN(lp->len, medium_read); + } else { + sz = MIN(lp->len, small_read); + } + + assert(sz != 0); + + n_reads += 1; + retval = pread(read_fd, work_buf, sz, lp->start); + +#if 0 /* enable this when testing */ + if (!(random() & 0xf)) { + retval = -1; + errno = EIO; + usleep(20000); + } else { + usleep(2000); + } +#endif + + error = errno; + if (retval > 0) { + n_good_reads += 1; + sz = retval; + done_size += sz; + if (write_fd >= 0) { + write_buf(write_fd, work_buf, sz, lp->start); + } + if (log_file != NULL) { + fprintf(log_file, "%jd %ju %ju\n", + (intmax_t)t_now, + (uintmax_t)lp->start, + (uintmax_t)sz + ); + fflush(log_file); + } + } else { + printf("%14ju %7ju read error %d: (%s)", + (uintmax_t)lp->start, + (uintmax_t)sz, error, strerror(error)); + if (error_pause > 1) { + printf(" (Pausing %g s)", error_pause); + } + printf("\n"); + + if (write_fd >= 0 && pattern_buf != NULL) { + write_buf(write_fd, pattern_buf, sz, lp->start); + } + new_lump(lp->start, sz, lp->pass + 1); + retval = -sz; + } + lp->start += sz; + lp->len -= sz; + if (lp->len == 0) { + TAILQ_REMOVE(&lumps, lp, list); + nlumps -= 1; + free(lp); + } + errno = error; + return (retval); +} + + +/**********************************************************************/ + +static void +determine_total_size(void) +{ + struct stat sb; + int error; + + if (total_size != 0) + return; + + error = fstat(read_fd, &sb); + if (error < 0) + err(1, "fstat failed"); + + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { +#ifdef DIOCGMEDIASIZE + off_t mediasize; + error = ioctl(read_fd, DIOCGMEDIASIZE, &mediasize); + if (error == 0 && mediasize > 0) { + total_size = mediasize; + printf("# Got total_size from DIOCGMEDIASIZE: %ju\n", + (uintmax_t)total_size); + return; + } +#endif + } else if (S_ISREG(sb.st_mode) && sb.st_size > 0) { + total_size = sb.st_size; + printf("# Got total_size from stat(2): %ju\n", + (uintmax_t)total_size); + return; + } else { + errx(1, "Input must be device or regular file"); + } + fprintf(stderr, "Specify total size with -t option\n"); + exit(1); +} + +static void +determine_read_sizes(void) +{ + int error; + u_int sectorsize; + off_t stripesize; + + determine_total_size(); + +#ifdef DIOCGSECTORSIZE + if (small_read == 0) { + error = ioctl(read_fd, DIOCGSECTORSIZE, §orsize); + if (error >= 0 && sectorsize > 0) { + small_read = sectorsize; + printf("# Got small_read from DIOCGSECTORSIZE: %ju\n", + (uintmax_t)small_read + ); + } + } +#endif + + if (small_read == 0) { + printf("Assuming 512 for small_read\n"); + small_read = 512; + } + + if (medium_read && (medium_read % small_read)) { + errx(1, + "medium_read (%ju) is not a multiple of small_read (%ju)\n", + (uintmax_t)medium_read, (uintmax_t)small_read + ); + } + + if (big_read != 0 && (big_read % small_read)) { + errx(1, + "big_read (%ju) is not a multiple of small_read (%ju)\n", + (uintmax_t)big_read, (uintmax_t)small_read + ); + } + +#ifdef DIOCGSTRIPESIZE + if (medium_read == 0) { + error = ioctl(read_fd, DIOCGSTRIPESIZE, &stripesize); + if (error < 0 || stripesize < 0) { + // nope + } else if ((uint64_t)stripesize < small_read) { + // nope + } else if (stripesize % small_read) { + // nope + } else if (0 < stripesize && stripesize < (128<<10)) { + medium_read = stripesize; + printf("# Got medium_read from DIOCGSTRIPESIZE: %ju\n", + (uintmax_t)medium_read + ); + } + } +#endif +#if defined(DIOCGFWSECTORS) && defined(DIOCGFWHEADS) + if (medium_read == 0) { + u_int fwsectors = 0, fwheads = 0; + error = ioctl(read_fd, DIOCGFWSECTORS, &fwsectors); + if (error) + fwsectors = 0; + error = ioctl(read_fd, DIOCGFWHEADS, &fwheads); + if (error) + fwheads = 0; + if (fwsectors && fwheads) { + medium_read = fwsectors * fwheads * small_read; + printf( + "# Got medium_read from DIOCGFW{SECTORS,HEADS}: %ju\n", + (uintmax_t)medium_read + ); + } + } +#endif + + if (big_read == 0 && medium_read != 0) { + if (medium_read > (64<<10)) { + big_read = medium_read; + } else { + big_read = 128 << 10; + big_read -= big_read % medium_read; + } + printf("# Got big_read from medium_read: %ju\n", + (uintmax_t)big_read + ); + } + + if (big_read == 0) { + big_read = 128 << 10; + printf("# Defaulting big_read to %ju\n", + (uintmax_t)big_read + ); + } + + if (medium_read == 0) { + /* + * We do not want to go directly to single sectors, but + * we also dont want to waste time doing multi-sector + * reads with high failure probability. + */ + uint64_t h = big_read; + uint64_t l = small_read; + while (h > l) { + h >>= 2; + l <<= 1; + } + medium_read = h; + printf("# Got medium_read from small_read & big_read: %ju\n", + (uintmax_t)medium_read + ); + } + fprintf(stderr, + "# Bigsize = %ju, medium_read = %ju, small_read = %ju\n", + (uintmax_t)big_read, (uintmax_t)medium_read, (uintmax_t)small_read); + +} + + +/**********************************************************************/ + +static void +monitor_read_sizes(uint64_t failed_size) +{ + + if (failed_size == big_read && medium_read != small_read) { + if (n_reads < n_good_reads + 3) + return; + fprintf( + stderr, + "Too many failures for big reads." + " (%.0f bad of %.0f)" + " Shifting to medium_reads.\n", + n_reads - n_good_reads, n_reads + ); + big_read = medium_read; + medium_read = small_read; + return; + } + + if (failed_size > small_read) { + if (n_reads < n_good_reads + 100) + return; + fprintf( + stderr, + "Too many failures." + " (%.0f bad of %.0f)" + " Shifting to small_reads.\n", + n_reads - n_good_reads, n_reads + ); + big_read = small_read; + medium_read = small_read; + return; + } +} + +/**********************************************************************/ + int main(int argc, char * const argv[]) { int ch; - size_t sz, j; + int64_t sz; int error; - char *buf; - u_int sectorsize; - off_t stripesize; - time_t t1, t2; - struct stat sb; - u_int n, snapshot = 60; - static struct lump *lp; + time_t t_now, t_report, t_save; + unsigned snapshot = 60, unsaved; + setbuf(stdout, NULL); + setbuf(stderr, NULL); - while ((ch = getopt(argc, argv, "b:r:w:s:u:v")) != -1) { + while ((ch = getopt(argc, argv, "b:l:p:m:r:w:s:t:u:v")) != -1) { switch (ch) { case 'b': - bigsize = strtoul(optarg, NULL, 0); + big_read = strtoul(optarg, NULL, 0); + break; + case 'l': + log_file = fopen(optarg, "a"); + if (log_file == NULL) { + err(1, "Could not open logfile for append"); + } + break; + case 'p': + error_pause = strtod(optarg, NULL); + break; + case 'm': + medium_read = strtoul(optarg, NULL, 0); break; case 'r': - rworklist = strdup(optarg); - if (rworklist == NULL) + read_worklist_file = strdup(optarg); + if (read_worklist_file == NULL) err(1, "Cannot allocate enough memory"); break; case 's': - snapshot = strtoul(optarg, NULL, 0); + small_read = strtoul(optarg, NULL, 0); + break; + case 't': + total_size = strtoul(optarg, NULL, 0); break; case 'u': unreadable_pattern = optarg; @@ -453,8 +754,8 @@ main(int argc, char * const argv[]) set_verbose(); break; case 'w': - wworklist = strdup(optarg); - if (wworklist == NULL) + write_worklist_file = strdup(optarg); + if (write_worklist_file == NULL) err(1, "Cannot allocate enough memory"); break; default: @@ -469,149 +770,106 @@ main(int argc, char * const argv[]) usage(); input = argv[0]; - fdr = open(argv[0], O_RDONLY); - if (fdr < 0) + read_fd = open(argv[0], O_RDONLY); + if (read_fd < 0) err(1, "Cannot open read descriptor %s", argv[0]); - error = fstat(fdr, &sb); - if (error < 0) - err(1, "fstat failed"); - if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { - error = ioctl(fdr, DIOCGSECTORSIZE, §orsize); - if (error < 0) - err(1, "DIOCGSECTORSIZE failed"); - - error = ioctl(fdr, DIOCGSTRIPESIZE, &stripesize); - if (error == 0 && stripesize < sectorsize) - sectorsize = stripesize; + determine_read_sizes(); - minsize = sectorsize; - bigsize = rounddown(bigsize, sectorsize); + work_buf = malloc(big_read); + assert (work_buf != NULL); - error = ioctl(fdr, DIOCGMEDIASIZE, &tot_size); - if (error < 0) - err(1, "DIOCGMEDIASIZE failed"); + if (argc > 1) { + write_fd = open(argv[1], O_WRONLY | O_CREAT, DEFFILEMODE); + if (write_fd < 0) + err(1, "Cannot open write descriptor %s", argv[1]); + if (ftruncate(write_fd, (off_t)total_size) < 0) + err(1, "Cannot truncate output %s to %ju bytes", + argv[1], (uintmax_t)total_size); } else { - tot_size = sb.st_size; + write_fd = -1; } - if (bigsize < minsize) - bigsize = minsize; - - for (ch = 0; (bigsize >> ch) > minsize; ch++) - continue; - medsize = bigsize >> (ch / 2); - medsize = rounddown(medsize, minsize); - - fprintf(stderr, "Bigsize = %zu, medsize = %zu, minsize = %zu\n", - bigsize, medsize, minsize); - - buf = malloc(bigsize); - if (buf == NULL) - err(1, "Cannot allocate %zu bytes buffer", bigsize); + if (strlen(unreadable_pattern)) { + pattern_buf = malloc(big_read); + assert(pattern_buf != NULL); + fill_buf(pattern_buf, big_read, unreadable_pattern); + } - if (argc > 1) { - fdw = open(argv[1], O_WRONLY | O_CREAT, DEFFILEMODE); - if (fdw < 0) - err(1, "Cannot open write descriptor %s", argv[1]); - if (ftruncate(fdw, tot_size) < 0) - err(1, "Cannot truncate output %s to %jd bytes", - argv[1], (intmax_t)tot_size); - } else - fdw = -1; - - if (rworklist != NULL) { - done_size = read_worklist(tot_size); + if (read_worklist_file != NULL) { + done_size = total_size - read_worklist(); } else { - new_lump(0, tot_size, 0); + new_lump(0UL, total_size, 0UL); done_size = 0; } - if (wworklist != NULL) + if (write_worklist_file != NULL) signal(SIGINT, sighandler); - t1 = time(NULL); sz = 0; if (!verbose) - report_header(0); + report_header("\n"); else printf("\x1b[2J"); - n = 0; - for (;;) { - lp = TAILQ_FIRST(&lumps); - if (lp == NULL) - break; - while (lp->len > 0) { - if (lp->state == 0) - sz = MIN(lp->len, (off_t)bigsize); - else if (lp->state == 1) - sz = MIN(lp->len, (off_t)medsize); - else - sz = MIN(lp->len, (off_t)minsize); - assert(sz != 0); - - t2 = time(NULL); - if (t1 != t2 || lp->len < (off_t)bigsize) { - t1 = t2; - if (++n == snapshot) { - save_worklist(); - n = 0; - } - report(lp, sz); - } + t_first = time(NULL); + t_report = t_first; + t_save = t_first; + unsaved = 0; + while (!aborting) { + t_now = time(NULL); + sz = attempt_one_lump(t_now); + error = errno; - j = pread(fdr, buf, sz, lp->start); -#if 0 -if (!(random() & 0xf)) { - j = -1; - errno = EIO; -} -#endif - if (j == sz) { - done_size += sz; - if (fdw >= 0) - write_buf(fdw, buf, sz, lp->start); - lp->start += sz; - lp->len -= sz; - if (verbose && lp->state > 2) - report_good_read(t2, sz); - continue; - } - error = errno; - - printf("%jd %zu %d read error (%s)\n", - lp->start, sz, lp->state, strerror(error)); - if (verbose) - report(lp, sz); - if (fdw >= 0 && strlen(unreadable_pattern)) { - fill_buf(buf, sz, unreadable_pattern); - write_buf(fdw, buf, sz, lp->start); + if (sz == 0) { + break; + } + + if (sz > 0) { + unsaved += 1; + } + if (unsaved && (t_save + snapshot) < t_now) { + save_worklist(); + unsaved = 0; + t_save = t_now; + if (!verbose) { + report_header("\n"); + t_report = t_now; } - new_lump(lp->start, sz, lp->state + 1); - lp->start += sz; - lp->len -= sz; - if (error == EINVAL) { - printf("Try with -b 131072 or lower ?\n"); - aborting = 1; - break; + } + if (sz > 0) { + if (verbose) { + account_good_read(t_now, sz); } - if (error == ENXIO) { - printf("Input device probably detached...\n"); - aborting = 1; - break; + if (t_report != t_now) { + report(sz); + t_report = t_now; } + continue; } - if (aborting) - save_worklist(); - if (aborting || !TAILQ_NEXT(lp, list)) - report(lp, sz); - if (aborting) + + monitor_read_sizes(-sz); + + if (error == EINVAL) { + printf("Try with -b 131072 or lower ?\n"); + aborting = 1; break; - assert(lp->len == 0); - TAILQ_REMOVE(&lumps, lp, list); - free(lp); + } + if (error == ENXIO) { + printf("Input device probably detached...\n"); + aborting = 1; + break; + } + report(-sz); + t_report = t_now; + if (error_pause > 0) { + usleep((unsigned long)(1e6 * error_pause)); + } } + save_worklist(); + free(work_buf); + if (pattern_buf != NULL) + free(pattern_buf); printf("%s", aborting ? "Aborted\n" : "Completed\n"); - free(buf); - return (0); + report(0UL); + return (0); // XXX } diff --git a/share/examples/oci/Containerfile.pkg b/share/examples/oci/Containerfile.pkg index 074c470affc9..f6699c79af71 100644 --- a/share/examples/oci/Containerfile.pkg +++ b/share/examples/oci/Containerfile.pkg @@ -6,7 +6,7 @@ ARG version=14.snap # Select freebsd-runtime as our starting point. -FROM localhost/freebsd-runtime:${version} +FROM ghcr.io/freebsd/freebsd-runtime:${version} # A list of package(s) to install ARG packages @@ -15,7 +15,10 @@ ARG packages # use for downloading pkg since the freebsd-runtime image has both FreeBSD and # FreeBSD-base pkg repo configs installed and FreeBSD-base does not contain the # pkg package. -RUN env ASSUME_ALWAYS_YES=yes pkg bootstrap -r FreeBSD && pkg update +# +# Set IGNORE_OSVERSION to allow building e.g. FreeBSD-14 images on +# FreeBSD-15 hosts. +RUN pkg bootstrap -y -r FreeBSD && pkg -o IGNORE_OSVERSION=yes update -f # Install some package(s). RUN pkg install -y ${packages} diff --git a/share/man/man7/named_attribute.7 b/share/man/man7/named_attribute.7 index 7cd778620357..4080dfce2fab 100644 --- a/share/man/man7/named_attribute.7 +++ b/share/man/man7/named_attribute.7 @@ -3,7 +3,7 @@ .\" .\" SPDX-License-Identifier: BSD-2-Clause .\" -.Dd July 3, 2025 +.Dd July 20, 2025 .Dt NAMED_ATTRIBUTE 7 .Os .Sh NAME @@ -122,7 +122,7 @@ Although the named attribute machanism might require different internal implementation of extended attributes within a file system, both ZFS and NFSv4 provide both mechanisms, which can be used interchangeably to manipulate -extended attributes, but with a couple of limitations. +extended attributes, but with a few limitations. .Bl -bullet .It The @@ -135,6 +135,24 @@ The named attribute interface does not support system namespace extended attributes and, as such, system namespace extended attributes must be manipulated via .Xr extattr 2 . +.It +For ZFS, if an extended attribute with a value +that is a small length in bytes is created when the ZFS +.Dv xattr +property is set to +.Dq sa , +that extended attribute is only visible via +.Xr extattr 2 +and not as a named attribute. +Archiving/de-archiving the file via +.Xr tar 1 +after setting the +.Dv xattr +property to +.Dq dir +will make the attribute(s) visible as both named attributes +and via +.Xr extattr 2 . .El .Pp The named attribute mechanism/system call interface provides certain @@ -259,6 +277,7 @@ enters the named attribute directory for the file object .Sh SEE ALSO .Xr bash 1 , .Xr runat 1 , +.Xr tar 1 , .Xr chdir 2 , .Xr extattr 2 , .Xr lseek 2 , diff --git a/share/mk/bsd.subdir.mk b/share/mk/bsd.subdir.mk index cf19c9d66201..289e3d591c8c 100644 --- a/share/mk/bsd.subdir.mk +++ b/share/mk/bsd.subdir.mk @@ -76,13 +76,14 @@ obj: .PHONY .endif .if !defined(NEED_SUBDIR) +.if ${MK_DIRDEPS_BUILD} == "yes" +# ignore this +_SUBDIR: # .MAKE.DEPENDFILE==/dev/null is set by bsd.dep.mk to avoid reading # Makefile.depend -.if ${.MAKE.LEVEL} == 0 && ${MK_DIRDEPS_BUILD} == "yes" && !empty(SUBDIR) && \ - ${.MAKE.DEPENDFILE} != "/dev/null" +.if ${.MAKE.LEVEL} == 0 && !empty(SUBDIR) && ${.MAKE.DEPENDFILE} != "/dev/null" .include <meta.subdir.mk> -# ignore this -_SUBDIR: +.endif .endif .endif diff --git a/share/termcap/termcap b/share/termcap/termcap index 46b89d0b3ddf..44704653045d 100644 --- a/share/termcap/termcap +++ b/share/termcap/termcap @@ -4705,14 +4705,14 @@ xterm-termite|VTE-based terminal:\ :ti=\E[?1049h:ts=\E]2;:u6=\E[%i%d;%dR:u7=\E[6n:ue=\E[24m:\ :up=\E[A:us=\E[4m:ve=\E[?25h:vi=\E[?25l: -# Termcap for st terminal taken from the st-0.8 sources -st|simpleterm:\ +# Termcap for st terminal taken from the st-0.9.2 sources +st-mono|simpleterm monocolor:\ :am:hs:mi:ms:xn:\ :co#80:it#8:li#24:\ :AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:DO=\E[%dB:IC=\E[%d@:\ :K1=\E[1~:K2=\EOu:K3=\E[5~:K4=\E[4~:K5=\E[6~:LE=\E[%dD:\ - :RI=\E[%dC:SF=\E[%dS:UP=\E[%dA:ae=\E(B:al=\E[L:as=\E(0:\ - :bl=^G:bt=\E[Z:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ + :RI=\E[%dC:SF=\E[%dS:SR=\E[%dT:UP=\E[%dA:ae=\E(B:al=\E[L:\ + :as=\E(0:bl=^G:bt=\E[Z:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\ :cm=\E[%i%d;%dH:cr=\r:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:\ :dl=\E[M:do=\n:ec=\E[%dX:ei=\E[4l:fs=^G:ho=\E[H:im=\E[4h:\ :is=\E[4l\E>\E[?1034l:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:\ @@ -4725,6 +4725,14 @@ st|simpleterm:\ :ue=\E[24m:up=\E[A:us=\E[4m:vb=\E[?5h\E[?5l:\ :ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?25h: +st|simpleterm:\ + :Co#8:\ + :AB=\E[4%dm:AF=\E[3%dm:\ + :..Sb=\E[4%?%p1%{1}%=%t4%e%p1%{3}%=%t6%e%p1%{4}%=%t1%e%p1%{6}%=%t3%e%p1%d%;m:\ + :..Sf=\E[3%?%p1%{1}%=%t4%e%p1%{3}%=%t6%e%p1%{4}%=%t1%e%p1%{6}%=%t3%e%p1%d%;m:\ + :..sa=%?%p9%t\E(0%e\E(B%;\E[0%?%p6%t;1%;%?%p2%t;4%;%?%p1%p3%|%t;7%;%?%p4%t;5%;%?%p7%t;8%;m:\ + :tc=st-mono: + st-256color|simpleterm with 256 colors:\ :cc:\ :Co#256:pa#32767:\ @@ -4742,6 +4750,12 @@ st-meta-256color|simpleterm with meta key and 256 colors:\ :is=\E[4l\E>\E[?1034h:mm=\E[?1034h:mo=\E[?1034l:\ :rs=\E[4l\E>\E[?1034h:tc=st-256color: +st-bs|simpleterm with backspace as backspace:\ + :kD=\177:kb=^H:tc=st: + +st-bs-256color|simpleterm with backspace as backspace and 256colors:\ + :kD=\177:kb=^H:tc=st-256color: + # From version 0.13.3 xterm-kitty|KovId's TTY:\ diff --git a/stand/common/install.c b/stand/common/install.c index 249eca1648f3..d07c4c6fc620 100644 --- a/stand/common/install.c +++ b/stand/common/install.c @@ -137,7 +137,9 @@ read_metatags(int fd) } *p++ = '\0'; - if (strcmp(tag, "KERNEL") == 0) + if (strncmp(tag, "ENV_", 4) == 0) + setenv(&tag[4], val, 1); + else if (strcmp(tag, "KERNEL") == 0) error = setpath(&inst_kernel, val); else if (strcmp(tag, "MODULES") == 0) error = setmultipath(&inst_modules, val); diff --git a/stand/fdt/fdt_loader_cmd.c b/stand/fdt/fdt_loader_cmd.c index 226812a5d2a6..161c2435c410 100644 --- a/stand/fdt/fdt_loader_cmd.c +++ b/stand/fdt/fdt_loader_cmd.c @@ -1240,13 +1240,6 @@ fdt_cmd_ls(int argc, char *argv[]) return (CMD_OK); } -static __inline int -isprint(int c) -{ - - return (c >= ' ' && c <= 0x7e); -} - static int fdt_isprint(const void *data, int len, int *count) { diff --git a/stand/i386/libi386/Makefile b/stand/i386/libi386/Makefile index 038557c6a826..7205d3a61988 100644 --- a/stand/i386/libi386/Makefile +++ b/stand/i386/libi386/Makefile @@ -7,6 +7,7 @@ SRCS+= bio.c SRCS+= biosacpi.c SRCS+= biosdisk.c SRCS+= biosmem.c +SRCS+= biosmemdisk.c SRCS+= biospci.c SRCS+= biospnp.c SRCS+= biossmap.c diff --git a/stand/i386/libi386/biosmemdisk.c b/stand/i386/libi386/biosmemdisk.c new file mode 100644 index 000000000000..208ae289950a --- /dev/null +++ b/stand/i386/libi386/biosmemdisk.c @@ -0,0 +1,140 @@ +/*- + * Copyright (c) 2020 Richard Russo <russor@ruka.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +/* + * Source of information: https://repo.or.cz/syslinux.git + * + * Implements the MEMDISK protocol from syslinux, found in doc/memdisk.txt + * (search MEMDISK info structure). Since we validate the pointer to the mBFT, a + * minimum version of 3.85 is needed. Note: All this could be done in the + * kernel, since we don't have hooks to use this inside the boot loader. The + * details of these structures can be found in memdisk/memdisk.inc (search + * for mBFT). + * + * The kernel could just grab the mBFT table, but instead relies on us finding + * it and setting the right env variables. + */ +#include <stand.h> +#include <machine/stdarg.h> +#include <bootstrap.h> +#include <btxv86.h> +#include "libi386.h" + +#include "platform/acfreebsd.h" +#include "acconfig.h" +#define ACPI_SYSTEM_XFACE +#include "actypes.h" +#include "actbl.h" + +struct memdisk_info { + uint32_t mdi_13h_hook_ptr; /* not included in mdi_length! */ + uint16_t mdi_length; + uint8_t mdi_minor; + uint8_t mdi_major; + uint32_t mdi_disk_ptr; + uint32_t mdi_disk_sectors; + uint32_t mdi_far_ptr_cmdline; + uint32_t mdi_old_int13h; + uint32_t mdi_old_int15h; + uint16_t mdi_dos_mem_before; + uint8_t mdi_boot_loader_id; + uint8_t mdi_sector_size; /* Code below assumes this is last */ +} __attribute__((packed)); + +struct safe_13h_hook { + char sh_jmp[3]; + char sh_id[8]; + char sh_vendor[8]; + uint16_t sh_next_offset; + uint16_t sh_next_segment; + uint32_t sh_flags; + uint32_t sh_mbft; +} __attribute__((packed)); + +/* + * Maximum length of INT 13 entries we'll chase. Real disks are on this list, + * potentially, so we may have to look through them to find the memdisk. + */ +#define MEMDISK_MAX 32 + +/* + * Scan for MEMDISK virtual block devices + */ +void +biosmemdisk_detect(void) +{ + char line[80], scratch[80]; + int hook = 0, count = 0, sector_size; + uint16_t segment, offset; + struct safe_13h_hook *probe; + ACPI_TABLE_HEADER *mbft; + uint8_t *cp, sum; + struct memdisk_info *mdi; + + /* + * Walk through the int13 handler linked list, looking for possible + * MEMDISKs. + * + * The max is arbitrary to ensure termination. + */ + offset = *(uint16_t *)PTOV(0x13 * 4); + segment = *(uint16_t *)PTOV(0x13 * 4 + 2); + while (hook < MEMDISK_MAX && !(segment == 0 && offset == 0)) { + /* + * Walk the linked list, making sure each node has the right + * signature and only looking at MEMDISK nodes. + */ + probe = (struct safe_13h_hook *)PTOV(segment * 16 + offset); + if (memcmp(probe->sh_id, "$INT13SF", sizeof(probe->sh_id)) != 0) { + printf("Found int 13h unsafe hook at %p (%x:%x)\n", + probe, segment, offset); + break; + } + if (memcmp(probe->sh_vendor, "MEMDISK ", sizeof(probe->sh_vendor)) != 0) + goto end_of_loop; + + /* + * If it is a memdisk, make sure the mBFT signature is correct + * and its checksum is right. + */ + mbft = (ACPI_TABLE_HEADER *)PTOV(probe->sh_mbft); + if (memcmp(mbft->Signature, "mBFT", sizeof(mbft->Signature)) != 0) + goto end_of_loop; + sum = 0; + cp = (uint8_t *)mbft; + for (int idx = 0; idx < mbft->Length; ++idx) + sum += *(cp + idx); + if (sum != 0) + goto end_of_loop; + + /* + * The memdisk info follows the ACPI_TABLE_HEADER in the mBFT + * section. If the sector size is present and non-zero use it + * otherwise assume 512. + */ + mdi = (struct memdisk_info *)PTOV(probe->sh_mbft + sizeof(*mbft)); + sector_size = 512; + if (mdi->mdi_length + sizeof(mdi->mdi_13h_hook_ptr) >= sizeof(*mdi) && + mdi->mdi_sector_size != 0) + sector_size = 1 << mdi->mdi_sector_size; + + printf("memdisk %d.%d disk at %#x (%d sectors = %d bytes)\n", + mdi->mdi_major, mdi->mdi_minor, mdi->mdi_disk_ptr, + mdi->mdi_disk_sectors, mdi->mdi_disk_sectors * sector_size); + + snprintf(line, sizeof(line), "hint.md.%d.physaddr", count); + snprintf(scratch, sizeof(scratch), "0x%08x", mdi->mdi_disk_ptr); + setenv(line, scratch, 1); + snprintf(line, sizeof(line), "hint.md.%d.len", count); + snprintf(scratch, sizeof(scratch), "%d", mdi->mdi_disk_sectors * sector_size); + setenv(line, scratch, 1); + count++; +end_of_loop: + hook++; + offset = probe->sh_next_offset; + segment = probe->sh_next_segment; + } +} diff --git a/stand/i386/libi386/libi386.h b/stand/i386/libi386/libi386.h index d456ef58d7c2..caf565dd0656 100644 --- a/stand/i386/libi386/libi386.h +++ b/stand/i386/libi386/libi386.h @@ -149,3 +149,5 @@ int bi_load64(char *args, vm_offset_t *modulep, vm_offset_t *kernend, int add_smap); void pxe_enable(void *pxeinfo); + +void biosmemdisk_detect(void); diff --git a/stand/i386/loader/main.c b/stand/i386/loader/main.c index a7dfb2dde762..fd95cf5243cf 100644 --- a/stand/i386/loader/main.c +++ b/stand/i386/loader/main.c @@ -251,6 +251,9 @@ main(void) initial_bootinfo->bi_extmem = bios_extmem / 1024; } + /* detect MEMDISK virtual disks */ + biosmemdisk_detect(); + /* detect SMBIOS for future reference */ smbios_detect(NULL); diff --git a/stand/libsa/hexdump.c b/stand/libsa/hexdump.c index 83fd5e277f1b..cce6e323c2cb 100644 --- a/stand/libsa/hexdump.c +++ b/stand/libsa/hexdump.c @@ -61,7 +61,7 @@ hexdump(caddr_t region, size_t len) for (x = 0; x < 16; x++) { if ((line + x) < (region + len)) { c = *(uint8_t *)(line + x); - if ((c < ' ') || (c > '~')) /* !isprint(c) */ + if (!isprint(c)) c = '.'; emit("%c", c); } else { diff --git a/stand/libsa/stand.h b/stand/libsa/stand.h index 8b7d93074ef2..0e99d8778fa6 100644 --- a/stand/libsa/stand.h +++ b/stand/libsa/stand.h @@ -275,6 +275,11 @@ static __inline int ispunct(int c) (c >= '[' && c <= '`') || (c >= '{' && c <= '~'); } +static __inline int isprint(int c) +{ + return (c >= ' ') && (c <= '~'); +} + static __inline int toupper(int c) { return islower(c) ? c - 'a' + 'A' : c; diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c index cd8ab58a07ab..8df082f6c5dc 100644 --- a/sys/amd64/amd64/pmap.c +++ b/sys/amd64/amd64/pmap.c @@ -481,6 +481,8 @@ vm_paddr_t KERNend; /* and the end */ struct kva_layout_s kva_layout = { .kva_min = KV4ADDR(PML4PML4I, 0, 0, 0), + .kva_max = KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, + NPDEPG - 1, NPTEPG - 1), .dmap_low = KV4ADDR(DMPML4I, 0, 0, 0), .dmap_high = KV4ADDR(DMPML4I + NDMPML4E, 0, 0, 0), .lm_low = KV4ADDR(LMSPML4I, 0, 0, 0), @@ -489,10 +491,20 @@ struct kva_layout_s kva_layout = { .km_high = KV4ADDR(KPML4BASE + NKPML4E - 1, NPDPEPG - 1, NPDEPG - 1, NPTEPG - 1), .rec_pt = KV4ADDR(PML4PML4I, 0, 0, 0), + .kasan_shadow_low = KV4ADDR(KASANPML4I, 0, 0, 0), + .kasan_shadow_high = KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0), + .kmsan_shadow_low = KV4ADDR(KMSANSHADPML4I, 0, 0, 0), + .kmsan_shadow_high = KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, + 0, 0, 0), + .kmsan_origin_low = KV4ADDR(KMSANORIGPML4I, 0, 0, 0), + .kmsan_origin_high = KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, + 0, 0, 0), }; struct kva_layout_s kva_layout_la57 = { .kva_min = KV5ADDR(NPML5EPG / 2, 0, 0, 0, 0), /* == rec_pt */ + .kva_max = KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, + NPDEPG - 1, NPTEPG - 1), .dmap_low = KV5ADDR(DMPML5I, 0, 0, 0, 0), .dmap_high = KV5ADDR(DMPML5I + NDMPML5E, 0, 0, 0, 0), .lm_low = KV5ADDR(LMSPML5I, 0, 0, 0, 0), @@ -501,6 +513,14 @@ struct kva_layout_s kva_layout_la57 = { .km_high = KV4ADDR(KPML4BASE + NKPML4E - 1, NPDPEPG - 1, NPDEPG - 1, NPTEPG - 1), .rec_pt = KV5ADDR(PML5PML5I, 0, 0, 0, 0), + .kasan_shadow_low = KV4ADDR(KASANPML4I, 0, 0, 0), + .kasan_shadow_high = KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0), + .kmsan_shadow_low = KV4ADDR(KMSANSHADPML4I, 0, 0, 0), + .kmsan_shadow_high = KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, + 0, 0, 0), + .kmsan_origin_low = KV4ADDR(KMSANORIGPML4I, 0, 0, 0), + .kmsan_origin_high = KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, + 0, 0, 0), }; /* @@ -2003,7 +2023,7 @@ create_pagetables(vm_paddr_t *firstaddr) */ p5_p[i] = KPML5phys | X86_PG_RW | X86_PG_A | X86_PG_M | X86_PG_V | pg_nx; - } else if (i >= DMPML5I && i < DMPML5I + NDMPML5E) { + } else if (i >= DMPML5I && i < DMPML5I + ndmpml4phys) { /* Connect DMAP pml4 pages to PML5. */ p5_p[i] = (DMPML4phys + ptoa(i - DMPML5I)) | X86_PG_RW | X86_PG_V | pg_nx; @@ -5942,17 +5962,18 @@ pmap_demote_pde_mpte(pmap_t pmap, pd_entry_t *pde, vm_offset_t va, if (mpte == NULL) { /* * Invalidate the 2MB page mapping and return "failure" if the - * mapping was never accessed. + * mapping was never accessed and not wired. */ if ((oldpde & PG_A) == 0) { - KASSERT((oldpde & PG_W) == 0, - ("pmap_demote_pde: a wired mapping is missing PG_A")); - pmap_demote_pde_abort(pmap, va, pde, oldpde, lockp); - return (false); - } - - mpte = pmap_remove_pt_page(pmap, va); - if (mpte == NULL) { + if ((oldpde & PG_W) == 0) { + pmap_demote_pde_abort(pmap, va, pde, oldpde, + lockp); + return (false); + } + mpte = pmap_remove_pt_page(pmap, va); + /* Fill the PTP with PTEs that have PG_A cleared. */ + mpte->valid = 0; + } else if ((mpte = pmap_remove_pt_page(pmap, va)) == NULL) { KASSERT((oldpde & PG_W) == 0, ("pmap_demote_pde: page table page for a wired mapping is missing")); @@ -6004,7 +6025,7 @@ pmap_demote_pde_mpte(pmap_t pmap, pd_entry_t *pde, vm_offset_t va, /* * If the PTP is not leftover from an earlier promotion or it does not * have PG_A set in every PTE, then fill it. The new PTEs will all - * have PG_A set. + * have PG_A set, unless this is a wired mapping with PG_A clear. */ if (!vm_page_all_valid(mpte)) pmap_fill_ptp(firstpte, newpte); @@ -11880,9 +11901,7 @@ sysctl_kmaps_dump(struct sbuf *sb, struct pmap_kernel_map_range *range, mode, range->pdpes, range->pdes, range->ptes); /* Reset to sentinel value. */ - range->sva = la57 ? KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1) : KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1); + range->sva = kva_layout.kva_max; } /* @@ -11923,12 +11942,18 @@ sysctl_kmaps_reinit(struct pmap_kernel_map_range *range, vm_offset_t va, */ static void sysctl_kmaps_check(struct sbuf *sb, struct pmap_kernel_map_range *range, - vm_offset_t va, pml4_entry_t pml4e, pdp_entry_t pdpe, pd_entry_t pde, - pt_entry_t pte) + vm_offset_t va, pml5_entry_t pml5e, pml4_entry_t pml4e, pdp_entry_t pdpe, + pd_entry_t pde, pt_entry_t pte) { pt_entry_t attrs; - attrs = pml4e & (X86_PG_RW | X86_PG_U | pg_nx); + if (la57) { + attrs = pml5e & (X86_PG_RW | X86_PG_U | pg_nx); + attrs |= pml4e & pg_nx; + attrs &= pg_nx | (pml4e & (X86_PG_RW | X86_PG_U)); + } else { + attrs = pml4e & (X86_PG_RW | X86_PG_U | pg_nx); + } attrs |= pdpe & pg_nx; attrs &= pg_nx | (pdpe & (X86_PG_RW | X86_PG_U)); @@ -11961,13 +11986,15 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) { struct pmap_kernel_map_range range; struct sbuf sbuf, *sb; + pml5_entry_t pml5e; pml4_entry_t pml4e; pdp_entry_t *pdp, pdpe; pd_entry_t *pd, pde; pt_entry_t *pt, pte; vm_offset_t sva; vm_paddr_t pa; - int error, i, j, k, l; + int error, j, k, l; + bool first; error = sysctl_wire_old_buffer(req, 0); if (error != 0) @@ -11976,9 +12003,8 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) sbuf_new_for_sysctl(sb, NULL, PAGE_SIZE, req); /* Sentinel value. */ - range.sva = la57 ? KV5ADDR(NPML5EPG - 1, NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1) : KV4ADDR(NPML4EPG - 1, NPDPEPG - 1, - NPDEPG - 1, NPTEPG - 1); + range.sva = kva_layout.kva_max; + pml5e = 0; /* no UB for la48 */ /* * Iterate over the kernel page tables without holding the kernel pmap @@ -11987,44 +12013,50 @@ sysctl_kmaps(SYSCTL_HANDLER_ARGS) * Within the large map, ensure that PDP and PD page addresses are * valid before descending. */ - for (sva = 0, i = pmap_pml4e_index(sva); i < NPML4EPG; i++) { - switch (i) { - case PML4PML4I: - if (!la57) - sbuf_printf(sb, "\nRecursive map:\n"); - break; - case DMPML4I: - if (!la57) - sbuf_printf(sb, "\nDirect map:\n"); - break; + for (first = true, sva = 0; sva != 0 || first; first = false) { + if (sva == kva_layout.rec_pt) + sbuf_printf(sb, "\nRecursive map:\n"); + else if (sva == kva_layout.dmap_low) + sbuf_printf(sb, "\nDirect map:\n"); #ifdef KASAN - case KASANPML4I: + else if (sva == kva_layout.kasan_shadow_low) sbuf_printf(sb, "\nKASAN shadow map:\n"); - break; #endif #ifdef KMSAN - case KMSANSHADPML4I: + else if (sva == kva_layout.kmsan_shadow_low) sbuf_printf(sb, "\nKMSAN shadow map:\n"); - break; - case KMSANORIGPML4I: + else if (sva == kva_layout.kmsan_origin_low) sbuf_printf(sb, "\nKMSAN origin map:\n"); - break; #endif - case KPML4BASE: + else if (sva == kva_layout.km_low) sbuf_printf(sb, "\nKernel map:\n"); - break; - case LMSPML4I: - if (!la57) - sbuf_printf(sb, "\nLarge map:\n"); - break; - } + else if (sva == kva_layout.lm_low) + sbuf_printf(sb, "\nLarge map:\n"); /* Convert to canonical form. */ - if (sva == 1ul << 47) - sva |= -1ul << 48; + if (la57) { + if (sva == 1ul << 56) { + sva |= -1ul << 57; + continue; + } + } else { + if (sva == 1ul << 47) { + sva |= -1ul << 48; + continue; + } + } restart: - pml4e = kernel_pml4[i]; + if (la57) { + pml5e = *pmap_pml5e(kernel_pmap, sva); + if ((pml5e & X86_PG_V) == 0) { + sva = rounddown2(sva, NBPML5); + sysctl_kmaps_dump(sb, &range, sva); + sva += NBPML5; + continue; + } + } + pml4e = *pmap_pml4e(kernel_pmap, sva); if ((pml4e & X86_PG_V) == 0) { sva = rounddown2(sva, NBPML4); sysctl_kmaps_dump(sb, &range, sva); @@ -12045,8 +12077,8 @@ restart: pa = pdpe & PG_FRAME; if ((pdpe & PG_PS) != 0) { sva = rounddown2(sva, NBPDP); - sysctl_kmaps_check(sb, &range, sva, pml4e, pdpe, - 0, 0); + sysctl_kmaps_check(sb, &range, sva, pml5e, + pml4e, pdpe, 0, 0); range.pdpes++; sva += NBPDP; continue; @@ -12058,6 +12090,7 @@ restart: * freed. Validate the next-level address * before descending. */ + sva += NBPDP; goto restart; } pd = (pd_entry_t *)PHYS_TO_DMAP(pa); @@ -12074,7 +12107,7 @@ restart: if ((pde & PG_PS) != 0) { sva = rounddown2(sva, NBPDR); sysctl_kmaps_check(sb, &range, sva, - pml4e, pdpe, pde, 0); + pml5e, pml4e, pdpe, pde, 0); range.pdes++; sva += NBPDR; continue; @@ -12086,6 +12119,7 @@ restart: * may be freed. Validate the * next-level address before descending. */ + sva += NBPDR; goto restart; } pt = (pt_entry_t *)PHYS_TO_DMAP(pa); @@ -12099,7 +12133,7 @@ restart: continue; } sysctl_kmaps_check(sb, &range, sva, - pml4e, pdpe, pde, pte); + pml5e, pml4e, pdpe, pde, pte); range.ptes++; } } diff --git a/sys/amd64/include/pmap.h b/sys/amd64/include/pmap.h index a0ca97f2d5a0..e2f97442c10f 100644 --- a/sys/amd64/include/pmap.h +++ b/sys/amd64/include/pmap.h @@ -557,6 +557,7 @@ pmap_pml5e_index(vm_offset_t va) struct kva_layout_s { vm_offset_t kva_min; + vm_offset_t kva_max; vm_offset_t dmap_low; /* DMAP_MIN_ADDRESS */ vm_offset_t dmap_high; /* DMAP_MAX_ADDRESS */ vm_offset_t lm_low; /* LARGEMAP_MIN_ADDRESS */ @@ -564,6 +565,12 @@ struct kva_layout_s { vm_offset_t km_low; /* VM_MIN_KERNEL_ADDRESS */ vm_offset_t km_high; /* VM_MAX_KERNEL_ADDRESS */ vm_offset_t rec_pt; + vm_offset_t kasan_shadow_low; /* KASAN_MIN_ADDRESS */ + vm_offset_t kasan_shadow_high; /* KASAN_MAX_ADDRESS */ + vm_offset_t kmsan_shadow_low; /* KMSAN_SHAD_MIN_ADDRESS */ + vm_offset_t kmsan_shadow_high; /* KMSAN_SHAD_MAX_ADDRESS */ + vm_offset_t kmsan_origin_low; /* KMSAN_ORIG_MIN_ADDRESS */ + vm_offset_t kmsan_origin_high; /* KMSAN_ORIG_MAX_ADDRESS */ }; extern struct kva_layout_s kva_layout; diff --git a/sys/amd64/include/vmm.h b/sys/amd64/include/vmm.h index a9c73b75213b..0b3daed4f69e 100644 --- a/sys/amd64/include/vmm.h +++ b/sys/amd64/include/vmm.h @@ -649,6 +649,8 @@ struct vm_inout_str { int addrsize; enum vm_reg_name seg_name; struct seg_desc seg_desc; + int cs_d; + uint64_t cs_base; }; enum task_switch_reason { diff --git a/sys/amd64/include/vmm_instruction_emul.h b/sys/amd64/include/vmm_instruction_emul.h index d5f0363cfb41..1fb0f97682a7 100644 --- a/sys/amd64/include/vmm_instruction_emul.h +++ b/sys/amd64/include/vmm_instruction_emul.h @@ -31,6 +31,31 @@ #include <sys/mman.h> +/* struct vie_op.op_type */ +enum { + VIE_OP_TYPE_NONE = 0, + VIE_OP_TYPE_MOV, + VIE_OP_TYPE_MOVSX, + VIE_OP_TYPE_MOVZX, + VIE_OP_TYPE_AND, + VIE_OP_TYPE_OR, + VIE_OP_TYPE_SUB, + VIE_OP_TYPE_TWO_BYTE, + VIE_OP_TYPE_PUSH, + VIE_OP_TYPE_CMP, + VIE_OP_TYPE_POP, + VIE_OP_TYPE_MOVS, + VIE_OP_TYPE_GROUP1, + VIE_OP_TYPE_STOS, + VIE_OP_TYPE_BITTEST, + VIE_OP_TYPE_TWOB_GRP15, + VIE_OP_TYPE_ADD, + VIE_OP_TYPE_TEST, + VIE_OP_TYPE_BEXTR, + VIE_OP_TYPE_OUTS, + VIE_OP_TYPE_LAST +}; + /* * Callback functions to read and write memory regions. */ diff --git a/sys/amd64/include/vmparam.h b/sys/amd64/include/vmparam.h index ef352e776af6..d2ac3c6648b2 100644 --- a/sys/amd64/include/vmparam.h +++ b/sys/amd64/include/vmparam.h @@ -200,16 +200,14 @@ #define VM_MIN_KERNEL_ADDRESS kva_layout.km_low #define VM_MAX_KERNEL_ADDRESS kva_layout.km_high -#define KASAN_MIN_ADDRESS KV4ADDR(KASANPML4I, 0, 0, 0) -#define KASAN_MAX_ADDRESS KV4ADDR(KASANPML4I + NKASANPML4E, 0, 0, 0) +#define KASAN_MIN_ADDRESS (kva_layout.kasan_shadow_low) +#define KASAN_MAX_ADDRESS (kva_layout.kasan_shadow_high) -#define KMSAN_SHAD_MIN_ADDRESS KV4ADDR(KMSANSHADPML4I, 0, 0, 0) -#define KMSAN_SHAD_MAX_ADDRESS KV4ADDR(KMSANSHADPML4I + NKMSANSHADPML4E, \ - 0, 0, 0) +#define KMSAN_SHAD_MIN_ADDRESS (kva_layout.kmsan_shadow_low) +#define KMSAN_SHAD_MAX_ADDRESS (kva_layout.kmsan_shadow_high) -#define KMSAN_ORIG_MIN_ADDRESS KV4ADDR(KMSANORIGPML4I, 0, 0, 0) -#define KMSAN_ORIG_MAX_ADDRESS KV4ADDR(KMSANORIGPML4I + NKMSANORIGPML4E, \ - 0, 0, 0) +#define KMSAN_ORIG_MIN_ADDRESS (kva_layout.kmsan_origin_low) +#define KMSAN_ORIG_MAX_ADDRESS (kva_layout.kmsan_origin_high) /* * Formally kernel mapping starts at KERNBASE, but kernel linker diff --git a/sys/amd64/vmm/amd/svm.c b/sys/amd64/vmm/amd/svm.c index 6c16daaa47c2..2fe6a5bc3584 100644 --- a/sys/amd64/vmm/amd/svm.c +++ b/sys/amd64/vmm/amd/svm.c @@ -317,6 +317,33 @@ svm_set_tsc_offset(struct svm_vcpu *vcpu, uint64_t offset) #define MSR_AMD7TH_START 0xC0010000UL #define MSR_AMD7TH_END 0xC0011FFFUL +static void +svm_get_cs_info(struct vmcb *vmcb, struct vm_guest_paging *paging, int *cs_d, + uint64_t *base) +{ + struct vmcb_segment seg; + int error __diagused; + + error = vmcb_seg(vmcb, VM_REG_GUEST_CS, &seg); + KASSERT(error == 0, ("%s: vmcb_seg error %d", __func__, error)); + + switch (paging->cpu_mode) { + case CPU_MODE_REAL: + *base = seg.base; + *cs_d = 0; + break; + case CPU_MODE_PROTECTED: + case CPU_MODE_COMPATIBILITY: + *cs_d = !!(seg.attrib & VMCB_CS_ATTRIB_D); + *base = seg.base; + break; + default: + *base = 0; + *cs_d = 0; + break; + } +} + /* * Get the index and bit position for a MSR in permission bitmap. * Two bits are used for each MSR: lower bit for read and higher bit for write. @@ -735,10 +762,29 @@ svm_inout_str_seginfo(struct svm_vcpu *vcpu, int64_t info1, int in, if (in) { vis->seg_name = VM_REG_GUEST_ES; - } else { - /* The segment field has standard encoding */ + } else if (decode_assist()) { + /* + * The effective segment number in EXITINFO1[12:10] is populated + * only if the processor has the DecodeAssist capability. + * + * XXX this is not specified explicitly in APMv2 but can be + * verified empirically. + */ s = (info1 >> 10) & 0x7; + + /* The segment field has standard encoding */ vis->seg_name = vm_segment_name(s); + } else { + /* + * The segment register need to be manually decoded by fetching + * the instructions near ip. However, we are unable to fetch it + * while the interrupts are disabled. Therefore, we leave the + * value unset until the generic ins/outs handler runs. + */ + vis->seg_name = VM_REG_LAST; + svm_get_cs_info(vcpu->vmcb, &vis->paging, &vis->cs_d, + &vis->cs_base); + return; } error = svm_getdesc(vcpu, vis->seg_name, &vis->seg_desc); @@ -798,16 +844,6 @@ svm_handle_io(struct svm_vcpu *vcpu, struct vm_exit *vmexit) info1 = ctrl->exitinfo1; inout_string = info1 & BIT(2) ? 1 : 0; - /* - * The effective segment number in EXITINFO1[12:10] is populated - * only if the processor has the DecodeAssist capability. - * - * XXX this is not specified explicitly in APMv2 but can be verified - * empirically. - */ - if (inout_string && !decode_assist()) - return (UNHANDLED); - vmexit->exitcode = VM_EXITCODE_INOUT; vmexit->u.inout.in = (info1 & BIT(0)) ? 1 : 0; vmexit->u.inout.string = inout_string; @@ -825,6 +861,8 @@ svm_handle_io(struct svm_vcpu *vcpu, struct vm_exit *vmexit) vis->index = svm_inout_str_index(regs, vmexit->u.inout.in); vis->count = svm_inout_str_count(regs, vmexit->u.inout.rep); vis->addrsize = svm_inout_str_addrsize(info1); + vis->cs_d = 0; + vis->cs_base = 0; svm_inout_str_seginfo(vcpu, info1, vmexit->u.inout.in, vis); } @@ -866,10 +904,9 @@ static void svm_handle_inst_emul(struct vmcb *vmcb, uint64_t gpa, struct vm_exit *vmexit) { struct vm_guest_paging *paging; - struct vmcb_segment seg; struct vmcb_ctrl *ctrl; char *inst_bytes; - int error __diagused, inst_len; + int inst_len; ctrl = &vmcb->ctrl; paging = &vmexit->u.inst_emul.paging; @@ -879,29 +916,8 @@ svm_handle_inst_emul(struct vmcb *vmcb, uint64_t gpa, struct vm_exit *vmexit) vmexit->u.inst_emul.gla = VIE_INVALID_GLA; svm_paging_info(vmcb, paging); - error = vmcb_seg(vmcb, VM_REG_GUEST_CS, &seg); - KASSERT(error == 0, ("%s: vmcb_seg(CS) error %d", __func__, error)); - - switch(paging->cpu_mode) { - case CPU_MODE_REAL: - vmexit->u.inst_emul.cs_base = seg.base; - vmexit->u.inst_emul.cs_d = 0; - break; - case CPU_MODE_PROTECTED: - case CPU_MODE_COMPATIBILITY: - vmexit->u.inst_emul.cs_base = seg.base; - - /* - * Section 4.8.1 of APM2, Default Operand Size or D bit. - */ - vmexit->u.inst_emul.cs_d = (seg.attrib & VMCB_CS_ATTRIB_D) ? - 1 : 0; - break; - default: - vmexit->u.inst_emul.cs_base = 0; - vmexit->u.inst_emul.cs_d = 0; - break; - } + svm_get_cs_info(vmcb, paging, &vmexit->u.inst_emul.cs_d, + &vmexit->u.inst_emul.cs_base); /* * Copy the instruction bytes into 'vie' if available. diff --git a/sys/amd64/vmm/intel/vmx.c b/sys/amd64/vmm/intel/vmx.c index 957217ab2258..842281ab862e 100644 --- a/sys/amd64/vmm/intel/vmx.c +++ b/sys/amd64/vmm/intel/vmx.c @@ -2659,6 +2659,8 @@ vmx_exit_process(struct vmx *vmx, struct vmx_vcpu *vcpu, struct vm_exit *vmexit) vis->index = inout_str_index(vcpu, in); vis->count = inout_str_count(vcpu, vis->inout.rep); vis->addrsize = inout_str_addrsize(inst_info); + vis->cs_d = 0; + vis->cs_base = 0; inout_str_seginfo(vcpu, inst_info, in, vis); } SDT_PROBE3(vmm, vmx, exit, inout, vmx, vcpuid, vmexit); diff --git a/sys/amd64/vmm/vmm_instruction_emul.c b/sys/amd64/vmm/vmm_instruction_emul.c index c53e32889000..c54b6e6d0074 100644 --- a/sys/amd64/vmm/vmm_instruction_emul.c +++ b/sys/amd64/vmm/vmm_instruction_emul.c @@ -65,30 +65,6 @@ #include <x86/psl.h> #include <x86/specialreg.h> -/* struct vie_op.op_type */ -enum { - VIE_OP_TYPE_NONE = 0, - VIE_OP_TYPE_MOV, - VIE_OP_TYPE_MOVSX, - VIE_OP_TYPE_MOVZX, - VIE_OP_TYPE_AND, - VIE_OP_TYPE_OR, - VIE_OP_TYPE_SUB, - VIE_OP_TYPE_TWO_BYTE, - VIE_OP_TYPE_PUSH, - VIE_OP_TYPE_CMP, - VIE_OP_TYPE_POP, - VIE_OP_TYPE_MOVS, - VIE_OP_TYPE_GROUP1, - VIE_OP_TYPE_STOS, - VIE_OP_TYPE_BITTEST, - VIE_OP_TYPE_TWOB_GRP15, - VIE_OP_TYPE_ADD, - VIE_OP_TYPE_TEST, - VIE_OP_TYPE_BEXTR, - VIE_OP_TYPE_LAST -}; - /* struct vie_op.op_flags */ #define VIE_OP_F_IMM (1 << 0) /* 16/32-bit immediate operand */ #define VIE_OP_F_IMM8 (1 << 1) /* 8-bit immediate operand */ @@ -152,6 +128,16 @@ static const struct vie_op one_byte_opcodes[256] = { .op_byte = 0x3B, .op_type = VIE_OP_TYPE_CMP, }, + [0x6E] = { + .op_byte = 0x6E, + .op_type = VIE_OP_TYPE_OUTS, + .op_flags = VIE_OP_F_NO_MODRM | VIE_OP_F_NO_GLA_VERIFICATION, + }, + [0x6F] = { + .op_byte = 0x6F, + .op_type = VIE_OP_TYPE_OUTS, + .op_flags = VIE_OP_F_NO_MODRM | VIE_OP_F_NO_GLA_VERIFICATION, + }, [0x88] = { .op_byte = 0x88, .op_type = VIE_OP_TYPE_MOV, diff --git a/sys/amd64/vmm/vmm_ioport.c b/sys/amd64/vmm/vmm_ioport.c index fc1ecab9f209..8aab28f5e68e 100644 --- a/sys/amd64/vmm/vmm_ioport.c +++ b/sys/amd64/vmm/vmm_ioport.c @@ -145,9 +145,49 @@ emulate_inout_port(struct vcpu *vcpu, struct vm_exit *vmexit, bool *retu) } static int +decode_segment(struct vcpu *vcpu, enum vm_reg_name *segment) +{ + struct vm_guest_paging *paging; + struct vie vie; + struct vm_exit *vme; + int err; + int fault; + + vme = vm_exitinfo(vcpu); + paging = &vme->u.inout_str.paging; + + vie_init(&vie, NULL, 0); + err = vmm_fetch_instruction(vcpu, paging, + vme->rip + vme->u.inout_str.cs_base, VIE_INST_SIZE, &vie, &fault); + if (err || fault) + return (err); + + err = vmm_decode_instruction(vcpu, VIE_INVALID_GLA, paging->cpu_mode, + vme->u.inout_str.cs_d, &vie); + + if (err || vie.op.op_type != VIE_OP_TYPE_OUTS) + return (EINVAL); + if (vie.segment_override) + *segment = vie.segment_register; + else + *segment = VM_REG_GUEST_DS; + + return (0); +} + +static int emulate_inout_str(struct vcpu *vcpu, struct vm_exit *vmexit, bool *retu) { + int err; + *retu = true; + if (vmexit->u.inout_str.seg_name == VM_REG_LAST) { + err = decode_segment(vcpu, &vmexit->u.inout_str.seg_name); + if (err) + return (err); + return (vm_get_seg_desc(vcpu, vmexit->u.inout_str.seg_name, + &vmexit->u.inout_str.seg_desc)); + } return (0); /* Return to userspace to finish emulation */ } diff --git a/sys/arm/allwinner/aw_mmc.c b/sys/arm/allwinner/aw_mmc.c index 6bebf5e5fb5e..a8add957dc74 100644 --- a/sys/arm/allwinner/aw_mmc.c +++ b/sys/arm/allwinner/aw_mmc.c @@ -84,21 +84,26 @@ struct aw_mmc_conf { uint32_t dma_xferlen; + uint32_t dma_desc_shift; bool mask_data0; bool can_calibrate; bool new_timing; + bool zero_is_skip; }; static const struct aw_mmc_conf a10_mmc_conf = { .dma_xferlen = 0x2000, + .dma_desc_shift = 0, }; static const struct aw_mmc_conf a13_mmc_conf = { .dma_xferlen = 0x10000, + .dma_desc_shift = 0, }; static const struct aw_mmc_conf a64_mmc_conf = { .dma_xferlen = 0x10000, + .dma_desc_shift = 0, .mask_data0 = true, .can_calibrate = true, .new_timing = true, @@ -106,13 +111,24 @@ static const struct aw_mmc_conf a64_mmc_conf = { static const struct aw_mmc_conf a64_emmc_conf = { .dma_xferlen = 0x2000, + .dma_desc_shift = 0, .can_calibrate = true, }; +static const struct aw_mmc_conf d1_mmc_conf = { + .dma_xferlen = 0x1000, + .dma_desc_shift = 2, + .mask_data0 = true, + .can_calibrate = true, + .new_timing = true, + .zero_is_skip = true, +}; + static struct ofw_compat_data compat_data[] = { {"allwinner,sun4i-a10-mmc", (uintptr_t)&a10_mmc_conf}, {"allwinner,sun5i-a13-mmc", (uintptr_t)&a13_mmc_conf}, {"allwinner,sun7i-a20-mmc", (uintptr_t)&a13_mmc_conf}, + {"allwinner,sun20i-d1-mmc", (uintptr_t)&d1_mmc_conf}, {"allwinner,sun50i-a64-mmc", (uintptr_t)&a64_mmc_conf}, {"allwinner,sun50i-a64-emmc", (uintptr_t)&a64_emmc_conf}, {NULL, 0} @@ -607,16 +623,18 @@ aw_dma_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int err) dma_desc = sc->aw_dma_desc; for (i = 0; i < nsegs; i++) { - if (segs[i].ds_len == sc->aw_mmc_conf->dma_xferlen) + if ((segs[i].ds_len == sc->aw_mmc_conf->dma_xferlen) && + !sc->aw_mmc_conf->zero_is_skip) dma_desc[i].buf_size = 0; /* Size of 0 indicate max len */ else dma_desc[i].buf_size = segs[i].ds_len; - dma_desc[i].buf_addr = segs[i].ds_addr; + dma_desc[i].buf_addr = segs[i].ds_addr >> + sc->aw_mmc_conf->dma_desc_shift; dma_desc[i].config = AW_MMC_DMA_CONFIG_CH | - AW_MMC_DMA_CONFIG_OWN | AW_MMC_DMA_CONFIG_DIC; - - dma_desc[i].next = sc->aw_dma_desc_phys + - ((i + 1) * sizeof(struct aw_mmc_dma_desc)); + AW_MMC_DMA_CONFIG_OWN | AW_MMC_DMA_CONFIG_DIC; + dma_desc[i].next = (sc->aw_dma_desc_phys + + (i + 1) * sizeof(struct aw_mmc_dma_desc)) >> + sc->aw_mmc_conf->dma_desc_shift; } dma_desc[0].config |= AW_MMC_DMA_CONFIG_FD; @@ -678,7 +696,8 @@ aw_mmc_prepare_dma(struct aw_mmc_softc *sc) AW_MMC_WRITE_4(sc, AW_MMC_IDIE, val); /* Set DMA descritptor list address */ - AW_MMC_WRITE_4(sc, AW_MMC_DLBA, sc->aw_dma_desc_phys); + AW_MMC_WRITE_4(sc, AW_MMC_DLBA, sc->aw_dma_desc_phys >> + sc->aw_mmc_conf->dma_desc_shift); /* FIFO trigger level */ AW_MMC_WRITE_4(sc, AW_MMC_FWLR, AW_MMC_DMA_FTRGLEVEL); diff --git a/sys/arm64/arm64/pmap.c b/sys/arm64/arm64/pmap.c index 459cc8ebe505..2152f7fcc1c6 100644 --- a/sys/arm64/arm64/pmap.c +++ b/sys/arm64/arm64/pmap.c @@ -8501,18 +8501,20 @@ pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va, /* * Invalidate the 2MB page mapping and return "failure" if the - * mapping was never accessed. + * mapping was never accessed and not wired. */ if ((oldl2 & ATTR_AF) == 0) { - KASSERT((oldl2 & ATTR_SW_WIRED) == 0, - ("pmap_demote_l2: a wired mapping is missing ATTR_AF")); - pmap_demote_l2_abort(pmap, va, l2, lockp); - CTR2(KTR_PMAP, "pmap_demote_l2: failure for va %#lx in pmap %p", - va, pmap); - goto fail; - } - - if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) { + if ((oldl2 & ATTR_SW_WIRED) == 0) { + pmap_demote_l2_abort(pmap, va, l2, lockp); + CTR2(KTR_PMAP, + "pmap_demote_l2: failure for va %#lx in pmap %p", + va, pmap); + goto fail; + } + ml3 = pmap_remove_pt_page(pmap, va); + /* Fill the PTP with L3Es that have ATTR_AF cleared. */ + ml3->valid = 0; + } else if ((ml3 = pmap_remove_pt_page(pmap, va)) == NULL) { KASSERT((oldl2 & ATTR_SW_WIRED) == 0, ("pmap_demote_l2: page table page for a wired mapping" " is missing")); @@ -8568,7 +8570,7 @@ pmap_demote_l2_locked(pmap_t pmap, pt_entry_t *l2, vm_offset_t va, /* * If the PTP is not leftover from an earlier promotion or it does not * have ATTR_AF set in every L3E, then fill it. The new L3Es will all - * have ATTR_AF set. + * have ATTR_AF set, unless this is a wired mapping with ATTR_AF clear. * * When pmap_update_entry() clears the old L2 mapping, it (indirectly) * performs a dsb(). That dsb() ensures that the stores for filling diff --git a/sys/cam/cam_xpt.c b/sys/cam/cam_xpt.c index 2ec736e7f4ac..cae29226d13c 100644 --- a/sys/cam/cam_xpt.c +++ b/sys/cam/cam_xpt.c @@ -2515,6 +2515,15 @@ xpt_action(union ccb *start_ccb) ("xpt_action: func %#x %s\n", start_ccb->ccb_h.func_code, xpt_action_name(start_ccb->ccb_h.func_code))); + /* + * Either it isn't queued, or it has a real priority. There still too + * many places that reuse CCBs with a real priority to do immediate + * queries to do the other side of this assert. + */ + KASSERT((start_ccb->ccb_h.func_code & XPT_FC_QUEUED) == 0 || + start_ccb->ccb_h.pinfo.priority != CAM_PRIORITY_NONE, + ("%s: queued ccb and CAM_PRIORITY_NONE illegal.", __func__)); + start_ccb->ccb_h.status = CAM_REQ_INPROG; (*(start_ccb->ccb_h.path->bus->xport->ops->action))(start_ccb); } diff --git a/sys/cam/mmc/mmc_da.c b/sys/cam/mmc/mmc_da.c index 7f8bf3516804..322141a72707 100644 --- a/sys/cam/mmc/mmc_da.c +++ b/sys/cam/mmc/mmc_da.c @@ -1081,7 +1081,7 @@ sdda_start_init_task(void *context, int pending) CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("sdda_start_init_task\n")); new_ccb = xpt_alloc_ccb(); xpt_setup_ccb(&new_ccb->ccb_h, periph->path, - CAM_PRIORITY_NONE); + CAM_PRIORITY_NORMAL); cam_periph_lock(periph); cam_periph_hold(periph, PRIBIO|PCATCH); diff --git a/sys/cam/mmc/mmc_xpt.c b/sys/cam/mmc/mmc_xpt.c index 4fce03004994..f5f66f5214a8 100644 --- a/sys/cam/mmc/mmc_xpt.c +++ b/sys/cam/mmc/mmc_xpt.c @@ -610,7 +610,6 @@ mmcprobe_start(struct cam_periph *periph, union ccb *start_ccb) CAM_DEBUG(start_ccb->ccb_h.path, CAM_DEBUG_PROBE, ("Start with PROBE_RESET\n")); /* FALLTHROUGH */ case PROBE_IDENTIFY: - xpt_path_inq(&start_ccb->cpi, periph->path); CAM_DEBUG(start_ccb->ccb_h.path, CAM_DEBUG_PROBE, ("Start with PROBE_IDENTIFY\n")); init_standard_ccb(start_ccb, XPT_MMC_GET_TRAN_SETTINGS); break; diff --git a/sys/dev/drm2/drm_fb_helper.c b/sys/dev/drm2/drm_fb_helper.c index f67cc9f60d02..1f4abd255690 100644 --- a/sys/dev/drm2/drm_fb_helper.c +++ b/sys/dev/drm2/drm_fb_helper.c @@ -51,7 +51,7 @@ struct vt_kms_softc { struct task fb_mode_task; }; -/* Call restore out of vt(9) locks. */ +/* Call restore out of vt(4) locks. */ static void vt_restore_fbdev_mode(void *arg, int pending) { diff --git a/sys/dev/efidev/efirt.c b/sys/dev/efidev/efirt.c index b0fa33daeca7..b55c1c191077 100644 --- a/sys/dev/efidev/efirt.c +++ b/sys/dev/efidev/efirt.c @@ -107,7 +107,8 @@ static int efi_status2err[25] = { enum efi_table_type { TYPE_ESRT = 0, - TYPE_PROP + TYPE_PROP, + TYPE_MEMORY_ATTR }; static int efi_enter(void); @@ -445,6 +446,42 @@ get_table_length(enum efi_table_type type, size_t *table_len, void **taddr) free(buf, M_TEMP); return (0); } + case TYPE_MEMORY_ATTR: + { + efi_guid_t guid = EFI_MEMORY_ATTRIBUTES_TABLE; + struct efi_memory_attribute_table *tbl_addr, *mem_addr; + int error; + void *buf; + size_t len = sizeof(struct efi_memory_attribute_table); + + error = efi_get_table(&guid, (void **)&tbl_addr); + if (error) + return (error); + + buf = malloc(len, M_TEMP, M_WAITOK); + error = physcopyout((vm_paddr_t)tbl_addr, buf, len); + if (error) { + free(buf, M_TEMP); + return (error); + } + + mem_addr = (struct efi_memory_attribute_table *)buf; + if (mem_addr->version != 2) { + free(buf, M_TEMP); + return (EINVAL); + } + len += mem_addr->descriptor_size * mem_addr->num_ents; + if (len > EFI_TABLE_ALLOC_MAX) { + free(buf, M_TEMP); + return (ENOMEM); + } + + *table_len = len; + if (taddr != NULL) + *taddr = tbl_addr; + free(buf, M_TEMP); + return (0); + } } return (ENOENT); } @@ -457,7 +494,8 @@ copy_table(efi_guid_t *guid, void **buf, size_t buf_len, size_t *table_len) enum efi_table_type type; } tables[] = { { EFI_TABLE_ESRT, TYPE_ESRT }, - { EFI_PROPERTIES_TABLE, TYPE_PROP } + { EFI_PROPERTIES_TABLE, TYPE_PROP }, + { EFI_MEMORY_ATTRIBUTES_TABLE, TYPE_MEMORY_ATTR } }; size_t table_idx; void *taddr; diff --git a/sys/dev/md/md.c b/sys/dev/md/md.c index 29dc0c880e3a..ec1664fac701 100644 --- a/sys/dev/md/md.c +++ b/sys/dev/md/md.c @@ -89,6 +89,8 @@ #include <sys/unistd.h> #include <sys/vnode.h> #include <sys/disk.h> +#include <sys/param.h> +#include <sys/bus.h> #include <geom/geom.h> #include <geom/geom_int.h> @@ -2082,8 +2084,10 @@ g_md_init(struct g_class *mp __unused) { caddr_t mod; u_char *ptr, *name, *type; + u_char scratch[40]; unsigned len; int i; + vm_offset_t paddr; /* figure out log2(NINDIR) */ for (i = NINDIR, nshift = -1; i; nshift++) @@ -2123,6 +2127,25 @@ g_md_init(struct g_class *mp __unused) sx_xunlock(&md_sx); } } + + /* + * Load up to 32 pre-loaded disks + */ + for (int i = 0; i < 32; i++) { + if (resource_long_value("md", i, "physaddr", + (long *) &paddr) != 0 || + resource_int_value("md", i, "len", &len) != 0) + break; + ptr = (char *)pmap_map(NULL, paddr, paddr + len, VM_PROT_READ); + if (ptr != NULL && len != 0) { + sprintf(scratch, "preload%d 0x%016jx", i, + (uintmax_t)paddr); + sx_xlock(&md_sx); + md_preloaded(ptr, len, scratch); + sx_xunlock(&md_sx); + } + } + status_dev = make_dev(&mdctl_cdevsw, INT_MAX, UID_ROOT, GID_WHEEL, 0600, MDCTL_NAME); g_topology_lock(); diff --git a/sys/dev/nvme/nvme_ctrlr.c b/sys/dev/nvme/nvme_ctrlr.c index 73a7cee4aad0..fd7f00ced14b 100644 --- a/sys/dev/nvme/nvme_ctrlr.c +++ b/sys/dev/nvme/nvme_ctrlr.c @@ -48,7 +48,7 @@ #define B4_CHK_RDY_DELAY_MS 2300 /* work around controller bug */ static void nvme_ctrlr_construct_and_submit_aer(struct nvme_controller *ctrlr, - struct nvme_async_event_request *aer); + struct nvme_async_event_request *aer); static void nvme_ctrlr_barrier(struct nvme_controller *ctrlr, int flags) @@ -680,96 +680,6 @@ nvme_ctrlr_log_critical_warnings(struct nvme_controller *ctrlr, } static void -nvme_ctrlr_async_event_log_page_cb(void *arg, const struct nvme_completion *cpl) -{ - struct nvme_async_event_request *aer = arg; - struct nvme_health_information_page *health_info; - struct nvme_ns_list *nsl; - struct nvme_error_information_entry *err; - int i; - - /* - * If the log page fetch for some reason completed with an error, - * don't pass log page data to the consumers. In practice, this case - * should never happen. - */ - if (nvme_completion_is_error(cpl)) - nvme_notify_async_consumers(aer->ctrlr, &aer->cpl, - aer->log_page_id, NULL, 0); - else { - /* Convert data to host endian */ - switch (aer->log_page_id) { - case NVME_LOG_ERROR: - err = (struct nvme_error_information_entry *)aer->log_page_buffer; - for (i = 0; i < (aer->ctrlr->cdata.elpe + 1); i++) - nvme_error_information_entry_swapbytes(err++); - break; - case NVME_LOG_HEALTH_INFORMATION: - nvme_health_information_page_swapbytes( - (struct nvme_health_information_page *)aer->log_page_buffer); - break; - case NVME_LOG_CHANGED_NAMESPACE: - nvme_ns_list_swapbytes( - (struct nvme_ns_list *)aer->log_page_buffer); - break; - case NVME_LOG_COMMAND_EFFECT: - nvme_command_effects_page_swapbytes( - (struct nvme_command_effects_page *)aer->log_page_buffer); - break; - case NVME_LOG_RES_NOTIFICATION: - nvme_res_notification_page_swapbytes( - (struct nvme_res_notification_page *)aer->log_page_buffer); - break; - case NVME_LOG_SANITIZE_STATUS: - nvme_sanitize_status_page_swapbytes( - (struct nvme_sanitize_status_page *)aer->log_page_buffer); - break; - default: - break; - } - - if (aer->log_page_id == NVME_LOG_HEALTH_INFORMATION) { - health_info = (struct nvme_health_information_page *) - aer->log_page_buffer; - nvme_ctrlr_log_critical_warnings(aer->ctrlr, - health_info->critical_warning); - /* - * Critical warnings reported through the - * SMART/health log page are persistent, so - * clear the associated bits in the async event - * config so that we do not receive repeated - * notifications for the same event. - */ - aer->ctrlr->async_event_config &= - ~health_info->critical_warning; - nvme_ctrlr_cmd_set_async_event_config(aer->ctrlr, - aer->ctrlr->async_event_config, NULL, NULL); - } else if (aer->log_page_id == NVME_LOG_CHANGED_NAMESPACE && - !nvme_use_nvd) { - nsl = (struct nvme_ns_list *)aer->log_page_buffer; - for (i = 0; i < nitems(nsl->ns) && nsl->ns[i] != 0; i++) { - if (nsl->ns[i] > NVME_MAX_NAMESPACES) - break; - nvme_notify_ns(aer->ctrlr, nsl->ns[i]); - } - } - - /* - * Pass the cpl data from the original async event completion, - * not the log page fetch. - */ - nvme_notify_async_consumers(aer->ctrlr, &aer->cpl, - aer->log_page_id, aer->log_page_buffer, aer->log_page_size); - } - - /* - * Repost another asynchronous event request to replace the one - * that just completed. - */ - nvme_ctrlr_construct_and_submit_aer(aer->ctrlr, aer); -} - -static void nvme_ctrlr_async_event_cb(void *arg, const struct nvme_completion *cpl) { struct nvme_async_event_request *aer = arg; @@ -784,33 +694,18 @@ nvme_ctrlr_async_event_cb(void *arg, const struct nvme_completion *cpl) return; } - /* Associated log page is in bits 23:16 of completion entry dw0. */ + /* + * Save the completion status and associated log page is in bits 23:16 + * of completion entry dw0. Print a message and queue it for further + * processing. + */ + memcpy(&aer->cpl, cpl, sizeof(*cpl)); aer->log_page_id = NVMEV(NVME_ASYNC_EVENT_LOG_PAGE_ID, cpl->cdw0); - nvme_printf(aer->ctrlr, "async event occurred (type 0x%x, info 0x%02x," " page 0x%02x)\n", NVMEV(NVME_ASYNC_EVENT_TYPE, cpl->cdw0), NVMEV(NVME_ASYNC_EVENT_INFO, cpl->cdw0), aer->log_page_id); - - if (is_log_page_id_valid(aer->log_page_id)) { - aer->log_page_size = nvme_ctrlr_get_log_page_size(aer->ctrlr, - aer->log_page_id); - memcpy(&aer->cpl, cpl, sizeof(*cpl)); - nvme_ctrlr_cmd_get_log_page(aer->ctrlr, aer->log_page_id, - NVME_GLOBAL_NAMESPACE_TAG, aer->log_page_buffer, - aer->log_page_size, nvme_ctrlr_async_event_log_page_cb, - aer); - /* Wait to notify consumers until after log page is fetched. */ - } else { - nvme_notify_async_consumers(aer->ctrlr, cpl, aer->log_page_id, - NULL, 0); - - /* - * Repost another asynchronous event request to replace the one - * that just completed. - */ - nvme_ctrlr_construct_and_submit_aer(aer->ctrlr, aer); - } + taskqueue_enqueue(aer->ctrlr->taskqueue, &aer->task); } static void @@ -819,15 +714,21 @@ nvme_ctrlr_construct_and_submit_aer(struct nvme_controller *ctrlr, { struct nvme_request *req; - aer->ctrlr = ctrlr; /* - * XXX-MJ this should be M_WAITOK but we might be in a non-sleepable - * callback context. AER completions should be handled on a dedicated - * thread. + * We're racing the reset thread, so let that process submit this again. + * XXX does this really solve that race? And is that race even possible + * since we only reset when we've no theard from the card in a long + * time. Why would we get an AER in the middle of that just before we + * kick off the reset? */ - req = nvme_allocate_request_null(M_NOWAIT, nvme_ctrlr_async_event_cb, + if (ctrlr->is_resetting) + return; + + aer->ctrlr = ctrlr; + req = nvme_allocate_request_null(M_WAITOK, nvme_ctrlr_async_event_cb, aer); aer->req = req; + aer->log_page_id = 0; /* Not a valid page */ /* * Disable timeout here, since asynchronous event requests should by @@ -1203,6 +1104,140 @@ nvme_ctrlr_reset_task(void *arg, int pending) atomic_cmpset_32(&ctrlr->is_resetting, 1, 0); } +static void +nvme_ctrlr_aer_done(void *arg, const struct nvme_completion *cpl) +{ + struct nvme_async_event_request *aer = arg; + + mtx_lock(&aer->mtx); + if (nvme_completion_is_error(cpl)) + aer->log_page_size = (uint32_t)-1; + else + aer->log_page_size = nvme_ctrlr_get_log_page_size( + aer->ctrlr, aer->log_page_id); + wakeup(aer); + mtx_unlock(&aer->mtx); +} + +static void +nvme_ctrlr_aer_task(void *arg, int pending) +{ + struct nvme_async_event_request *aer = arg; + struct nvme_controller *ctrlr = aer->ctrlr; + uint32_t len; + + /* + * We're resetting, so just punt. + */ + if (ctrlr->is_resetting) + return; + + if (!is_log_page_id_valid(aer->log_page_id)) { + /* + * Repost another asynchronous event request to replace the one + * that just completed. + */ + nvme_notify_async_consumers(ctrlr, &aer->cpl, aer->log_page_id, + NULL, 0); + nvme_ctrlr_construct_and_submit_aer(ctrlr, aer); + goto out; + } + + aer->log_page_size = 0; + len = nvme_ctrlr_get_log_page_size(aer->ctrlr, aer->log_page_id); + nvme_ctrlr_cmd_get_log_page(aer->ctrlr, aer->log_page_id, + NVME_GLOBAL_NAMESPACE_TAG, aer->log_page_buffer, len, + nvme_ctrlr_aer_done, aer); + mtx_lock(&aer->mtx); + while (aer->log_page_size == 0) + mtx_sleep(aer, &aer->mtx, PRIBIO, "nvme_pt", 0); + mtx_unlock(&aer->mtx); + + if (aer->log_page_size != (uint32_t)-1) { + /* + * If the log page fetch for some reason completed with an + * error, don't pass log page data to the consumers. In + * practice, this case should never happen. + */ + nvme_notify_async_consumers(aer->ctrlr, &aer->cpl, + aer->log_page_id, NULL, 0); + goto out; + } + + /* Convert data to host endian */ + switch (aer->log_page_id) { + case NVME_LOG_ERROR: { + struct nvme_error_information_entry *err = + (struct nvme_error_information_entry *)aer->log_page_buffer; + for (int i = 0; i < (aer->ctrlr->cdata.elpe + 1); i++) + nvme_error_information_entry_swapbytes(err++); + break; + } + case NVME_LOG_HEALTH_INFORMATION: + nvme_health_information_page_swapbytes( + (struct nvme_health_information_page *)aer->log_page_buffer); + break; + case NVME_LOG_CHANGED_NAMESPACE: + nvme_ns_list_swapbytes( + (struct nvme_ns_list *)aer->log_page_buffer); + break; + case NVME_LOG_COMMAND_EFFECT: + nvme_command_effects_page_swapbytes( + (struct nvme_command_effects_page *)aer->log_page_buffer); + break; + case NVME_LOG_RES_NOTIFICATION: + nvme_res_notification_page_swapbytes( + (struct nvme_res_notification_page *)aer->log_page_buffer); + break; + case NVME_LOG_SANITIZE_STATUS: + nvme_sanitize_status_page_swapbytes( + (struct nvme_sanitize_status_page *)aer->log_page_buffer); + break; + default: + break; + } + + if (aer->log_page_id == NVME_LOG_HEALTH_INFORMATION) { + struct nvme_health_information_page *health_info = + (struct nvme_health_information_page *)aer->log_page_buffer; + + /* + * Critical warnings reported through the SMART/health log page + * are persistent, so clear the associated bits in the async + * event config so that we do not receive repeated notifications + * for the same event. + */ + nvme_ctrlr_log_critical_warnings(aer->ctrlr, + health_info->critical_warning); + aer->ctrlr->async_event_config &= + ~health_info->critical_warning; + nvme_ctrlr_cmd_set_async_event_config(aer->ctrlr, + aer->ctrlr->async_event_config, NULL, NULL); + } else if (aer->log_page_id == NVME_LOG_CHANGED_NAMESPACE) { + struct nvme_ns_list *nsl = + (struct nvme_ns_list *)aer->log_page_buffer; + for (int i = 0; i < nitems(nsl->ns) && nsl->ns[i] != 0; i++) { + if (nsl->ns[i] > NVME_MAX_NAMESPACES) + break; + nvme_notify_ns(aer->ctrlr, nsl->ns[i]); + } + } + + /* + * Pass the cpl data from the original async event completion, not the + * log page fetch. + */ + nvme_notify_async_consumers(aer->ctrlr, &aer->cpl, + aer->log_page_id, aer->log_page_buffer, aer->log_page_size); + + /* + * Repost another asynchronous event request to replace the one + * that just completed. + */ +out: + nvme_ctrlr_construct_and_submit_aer(ctrlr, aer); +} + /* * Poll all the queues enabled on the device for completion. */ @@ -1574,13 +1609,8 @@ nvme_ctrlr_construct(struct nvme_controller *ctrlr, device_t dev) /* * Create 2 threads for the taskqueue. The reset thread will block when * it detects that the controller has failed until all I/O has been - * failed up the stack. The fail_req task needs to be able to run in - * this case to finish the request failure for some cases. - * - * We could partially solve this race by draining the failed requeust - * queue before proceding to free the sim, though nothing would stop - * new I/O from coming in after we do that drain, but before we reach - * cam_sim_free, so this big hammer is used instead. + * failed up the stack. The second thread is used for AER events, which + * can block, but only briefly for memory and log page fetching. */ ctrlr->taskqueue = taskqueue_create("nvme_taskq", M_WAITOK, taskqueue_thread_enqueue, &ctrlr->taskqueue); @@ -1590,7 +1620,12 @@ nvme_ctrlr_construct(struct nvme_controller *ctrlr, device_t dev) ctrlr->is_initialized = false; ctrlr->notification_sent = 0; TASK_INIT(&ctrlr->reset_task, 0, nvme_ctrlr_reset_task, ctrlr); - STAILQ_INIT(&ctrlr->fail_req); + for (int i = 0; i < NVME_MAX_ASYNC_EVENTS; i++) { + struct nvme_async_event_request *aer = &ctrlr->aer[i]; + + TASK_INIT(&aer->task, 0, nvme_ctrlr_aer_task, aer); + mtx_init(&aer->mtx, "AER mutex", NULL, MTX_DEF); + } ctrlr->is_failed = false; make_dev_args_init(&md_args); @@ -1678,8 +1713,14 @@ nvme_ctrlr_destruct(struct nvme_controller *ctrlr, device_t dev) } noadminq: - if (ctrlr->taskqueue) + if (ctrlr->taskqueue) { taskqueue_free(ctrlr->taskqueue); + for (int i = 0; i < NVME_MAX_ASYNC_EVENTS; i++) { + struct nvme_async_event_request *aer = &ctrlr->aer[i]; + + mtx_destroy(&aer->mtx); + } + } if (ctrlr->tag) bus_teardown_intr(ctrlr->dev, ctrlr->res, ctrlr->tag); diff --git a/sys/dev/nvme/nvme_private.h b/sys/dev/nvme/nvme_private.h index 949e69ec9290..36f00fedc48e 100644 --- a/sys/dev/nvme/nvme_private.h +++ b/sys/dev/nvme/nvme_private.h @@ -123,6 +123,8 @@ struct nvme_request { struct nvme_async_event_request { struct nvme_controller *ctrlr; struct nvme_request *req; + struct task task; + struct mtx mtx; struct nvme_completion cpl; uint32_t log_page_id; uint32_t log_page_size; @@ -307,8 +309,6 @@ struct nvme_controller { bool isr_warned; bool is_initialized; - STAILQ_HEAD(, nvme_request) fail_req; - /* Host Memory Buffer */ int hmb_nchunks; size_t hmb_chunk; diff --git a/sys/dev/qlnx/qlnxe/qlnx_os.c b/sys/dev/qlnx/qlnxe/qlnx_os.c index 9d23d5df1d2b..4ad190374f87 100644 --- a/sys/dev/qlnx/qlnxe/qlnx_os.c +++ b/sys/dev/qlnx/qlnxe/qlnx_os.c @@ -2308,8 +2308,6 @@ qlnx_init_ifnet(device_t dev, qlnx_host_t *ha) else if (device_id == QLOGIC_PCI_DEVICE_ID_1644) if_setbaudrate(ifp, IF_Gbps(100)); - if_setcapabilities(ifp, IFCAP_LINKSTATE); - if_setinitfn(ifp, qlnx_init); if_setsoftc(ifp, ha); if_setflags(ifp, IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST); @@ -2343,7 +2341,6 @@ qlnx_init_ifnet(device_t dev, qlnx_host_t *ha) if_setcapabilities(ifp, IFCAP_HWCSUM); if_setcapabilitiesbit(ifp, IFCAP_JUMBO_MTU, 0); - if_setcapabilitiesbit(ifp, IFCAP_VLAN_MTU, 0); if_setcapabilitiesbit(ifp, IFCAP_VLAN_HWTAGGING, 0); if_setcapabilitiesbit(ifp, IFCAP_VLAN_HWFILTER, 0); @@ -2352,6 +2349,8 @@ qlnx_init_ifnet(device_t dev, qlnx_host_t *ha) if_setcapabilitiesbit(ifp, IFCAP_TSO4, 0); if_setcapabilitiesbit(ifp, IFCAP_TSO6, 0); if_setcapabilitiesbit(ifp, IFCAP_LRO, 0); + if_setcapabilitiesbit(ifp, IFCAP_LINKSTATE, 0); + if_setcapabilitiesbit(ifp, IFCAP_HWSTATS, 0); if_sethwtsomax(ifp, QLNX_MAX_TSO_FRAME_SIZE - (ETHER_HDR_LEN + ETHER_VLAN_ENCAP_LEN)); diff --git a/sys/dev/vt/hw/vga/vt_vga.c b/sys/dev/vt/hw/vga/vt_vga.c index 64039575c0ad..675c0573bd7e 100644 --- a/sys/dev/vt/hw/vga/vt_vga.c +++ b/sys/dev/vt/hw/vga/vt_vga.c @@ -1347,7 +1347,7 @@ vga_postswitch(struct vt_device *vd) /* Reinit VGA mode, to restore view after app which change mode. */ vga_initialize(vd, (vd->vd_flags & VDF_TEXTMODE)); - /* Ask vt(9) to update chars on visible area. */ + /* Ask vt(4) to update chars on visible area. */ vd->vd_flags |= VDF_INVALID; } diff --git a/sys/dev/vt/vt_core.c b/sys/dev/vt/vt_core.c index b0f58b38a6f1..b51ef6766de4 100644 --- a/sys/dev/vt/vt_core.c +++ b/sys/dev/vt/vt_core.c @@ -125,10 +125,10 @@ static const struct terminal_class vt_termclass = { (vw)->vw_number) static SYSCTL_NODE(_kern, OID_AUTO, vt, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, - "vt(9) parameters"); + "vt(4) parameters"); static VT_SYSCTL_INT(enable_altgr, 1, "Enable AltGr key (Do not assume R.Alt as Alt)"); static VT_SYSCTL_INT(enable_bell, 0, "Enable bell"); -static VT_SYSCTL_INT(debug, 0, "vt(9) debug level"); +static VT_SYSCTL_INT(debug, 0, "vt(4) debug level"); static VT_SYSCTL_INT(deadtimer, 15, "Time to wait busy process in VT_PROCESS mode"); static VT_SYSCTL_INT(suspendswitch, 1, "Switch to VT0 before suspend"); diff --git a/sys/fs/fuse/fuse_internal.h b/sys/fs/fuse/fuse_internal.h index cddf88095840..932012b5f52a 100644 --- a/sys/fs/fuse/fuse_internal.h +++ b/sys/fs/fuse/fuse_internal.h @@ -208,9 +208,9 @@ fuse_match_cred(struct ucred *basecred, struct ucred *usercred) if (basecred->cr_uid == usercred->cr_uid && basecred->cr_uid == usercred->cr_ruid && basecred->cr_uid == usercred->cr_svuid && - basecred->cr_groups[0] == usercred->cr_groups[0] && - basecred->cr_groups[0] == usercred->cr_rgid && - basecred->cr_groups[0] == usercred->cr_svgid) + basecred->cr_gid == usercred->cr_gid && + basecred->cr_gid == usercred->cr_rgid && + basecred->cr_gid == usercred->cr_svgid) return (0); return (EPERM); diff --git a/sys/fs/fuse/fuse_ipc.c b/sys/fs/fuse/fuse_ipc.c index 0b6048644d32..a751c09159ff 100644 --- a/sys/fs/fuse/fuse_ipc.c +++ b/sys/fs/fuse/fuse_ipc.c @@ -868,7 +868,7 @@ fuse_setup_ihead(struct fuse_in_header *ihead, struct fuse_ticket *ftick, ihead->pid = pid; ihead->uid = cred->cr_uid; - ihead->gid = cred->cr_groups[0]; + ihead->gid = cred->cr_gid; } /* diff --git a/sys/fs/fuse/fuse_vnops.c b/sys/fs/fuse/fuse_vnops.c index ae28617537fd..32872e8f3f3a 100644 --- a/sys/fs/fuse/fuse_vnops.c +++ b/sys/fs/fuse/fuse_vnops.c @@ -884,7 +884,7 @@ fuse_vnop_copy_file_range(struct vop_copy_file_range_args *ap) return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not " "support different credentials for infd and outfd")); - if (incred->cr_groups[0] != outcred->cr_groups[0]) + if (incred->cr_gid != outcred->cr_gid) return (EXTERROR(ENOSYS, "FUSE_COPY_FILE_RANGE does not " "support different credentials for infd and outfd")); diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c index 0c94f4e7dc52..222cfc03e4b3 100644 --- a/sys/fs/nfs/nfs_commonport.c +++ b/sys/fs/nfs/nfs_commonport.c @@ -379,7 +379,8 @@ newnfs_setroot(struct ucred *cred) { cred->cr_uid = 0; - cred->cr_groups[0] = 0; + cred->cr_gid = 0; + /* XXXKE Fix this if cr_gid gets separated out. */ cred->cr_ngroups = 1; } diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c index 2f3c59b68518..36b534be531e 100644 --- a/sys/fs/nfsclient/nfs_clrpcops.c +++ b/sys/fs/nfsclient/nfs_clrpcops.c @@ -6933,7 +6933,8 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit, if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) { tcred = NFSNEWCRED(cred); tcred->cr_uid = flp->nfsfl_ffm[mirror].user; - tcred->cr_groups[0] = flp->nfsfl_ffm[mirror].group; + tcred->cr_gid = flp->nfsfl_ffm[mirror].group; + /* XXXKE Fix this if cr_gid gets separated out. */ tcred->cr_ngroups = 1; } else tcred = cred; diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index 0bdfedffafcb..8cd092118d0e 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -850,7 +850,7 @@ pfs_readdir(struct vop_readdir_args *va) struct uio *uio; struct pfsentry *pfsent, *pfsent2; struct pfsdirentlist lst; - off_t offset; + off_t coffset, offset; int error, i, resid; STAILQ_INIT(&lst); @@ -860,6 +860,9 @@ pfs_readdir(struct vop_readdir_args *va) PFS_TRACE(("%s pid %lu", pd->pn_name, (unsigned long)pid)); pfs_assert_not_owned(pd); + if (va->a_eofflag != NULL) + *va->a_eofflag = 0; + if (vn->v_type != VDIR) PFS_RETURN (ENOTDIR); KASSERT_PN_IS_DIR(pd); @@ -878,6 +881,10 @@ pfs_readdir(struct vop_readdir_args *va) if (pid != NO_PID && !pfs_lookup_proc(pid, &proc)) PFS_RETURN (ENOENT); + /* + * The allproc lock is required in pfs_iterate() for procdir + * directories. + */ sx_slock(&allproc_lock); pfs_lock(pd); @@ -897,23 +904,15 @@ pfs_readdir(struct vop_readdir_args *va) } } - /* skip unwanted entries */ - for (pn = NULL, p = NULL; offset > 0; offset -= PFS_DELEN) { + for (pn = NULL, p = NULL, coffset = 0; resid >= PFS_DELEN; + coffset += PFS_DELEN) { if (pfs_iterate(curthread, proc, pd, &pn, &p) == -1) { - /* nothing left... */ - if (proc != NULL) { - _PRELE(proc); - PROC_UNLOCK(proc); - } - pfs_unlock(pd); - sx_sunlock(&allproc_lock); - PFS_RETURN (0); + if (va->a_eofflag != NULL) + *va->a_eofflag = 1; + break; } - } - - /* fill in entries */ - while (pfs_iterate(curthread, proc, pd, &pn, &p) != -1 && - resid >= PFS_DELEN) { + if (coffset < offset) + continue; if ((pfsent = malloc(sizeof(struct pfsentry), M_IOV, M_NOWAIT | M_ZERO)) == NULL) { error = ENOMEM; diff --git a/sys/fs/smbfs/smbfs_io.c b/sys/fs/smbfs/smbfs_io.c index 35454998fc8e..8c484381ed59 100644 --- a/sys/fs/smbfs/smbfs_io.c +++ b/sys/fs/smbfs/smbfs_io.c @@ -71,7 +71,7 @@ SYSCTL_INT(_vfs_smbfs, OID_AUTO, fastlookup, CTLFLAG_RW, &smbfs_fastlookup, 0, " #define DE_SIZE (sizeof(struct dirent)) static int -smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) +smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred, int *eofp) { struct dirent de; struct componentname cn; @@ -86,6 +86,8 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) SMBVDEBUG("dirname='%s'\n", np->n_name); scred = smbfs_malloc_scred(); smb_makescred(scred, uio->uio_td, cred); + if (eofp != NULL) + *eofp = 0; offset = uio->uio_offset / DE_SIZE; /* offset in the directory */ limit = uio->uio_resid / DE_SIZE; if (uio->uio_resid < DE_SIZE || uio->uio_offset < 0) { @@ -138,8 +140,7 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) if (error) { smbfs_findclose(np->n_dirseq, scred); np->n_dirseq = NULL; - error = ENOENT ? 0 : error; - goto out; + goto out1; } } error = 0; @@ -170,16 +171,21 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) if (error) break; } - if (error == ENOENT) - error = 0; uio->uio_offset = offset * DE_SIZE; +out1: + if (error == ENOENT) { + if (eofp != NULL) + *eofp = 1; + error = 0; + } out: smbfs_free_scred(scred); return error; } int -smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred) +smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred, + int *eofp) { struct smbmount *smp = VFSTOSMBFS(vp->v_mount); struct smbnode *np = VTOSMB(vp); @@ -209,7 +215,7 @@ smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred) lks = LK_EXCLUSIVE; /* lockstatus(vp->v_vnlock); */ if (lks == LK_SHARED) vn_lock(vp, LK_UPGRADE | LK_RETRY); - error = smbfs_readvdir(vp, uiop, cred); + error = smbfs_readvdir(vp, uiop, cred, eofp); if (lks == LK_SHARED) vn_lock(vp, LK_DOWNGRADE | LK_RETRY); return error; diff --git a/sys/fs/smbfs/smbfs_node.h b/sys/fs/smbfs/smbfs_node.h index f28f0007100a..8c8ce038b913 100644 --- a/sys/fs/smbfs/smbfs_node.h +++ b/sys/fs/smbfs/smbfs_node.h @@ -93,7 +93,7 @@ u_int32_t smbfs_hash(const u_char *name, int nmlen); int smbfs_getpages(struct vop_getpages_args *); int smbfs_putpages(struct vop_putpages_args *); -int smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred); +int smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred, int *eofp); int smbfs_writevnode(struct vnode *vp, struct uio *uiop, struct ucred *cred, int ioflag); void smbfs_attr_cacheenter(struct vnode *vp, struct smbfattr *fap); int smbfs_attr_cachelookup(struct vnode *vp ,struct vattr *va); diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index 5d412cabadb8..63b249c93771 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -466,7 +466,7 @@ smbfs_read(struct vop_read_args *ap) SMBVDEBUG("\n"); if (vp->v_type != VREG && vp->v_type != VDIR) return EPERM; - return smbfs_readvnode(vp, uio, ap->a_cred); + return smbfs_readvnode(vp, uio, ap->a_cred, NULL); } static int @@ -748,7 +748,6 @@ smbfs_readdir(struct vop_readdir_args *ap) { struct vnode *vp = ap->a_vp; struct uio *uio = ap->a_uio; - int error; if (vp->v_type != VDIR) return (EPERM); @@ -758,8 +757,7 @@ smbfs_readdir(struct vop_readdir_args *ap) return (EOPNOTSUPP); } #endif - error = smbfs_readvnode(vp, uio, ap->a_cred); - return error; + return (smbfs_readvnode(vp, uio, ap->a_cred, ap->a_eofflag)); } /* ARGSUSED */ diff --git a/sys/geom/concat/g_concat.c b/sys/geom/concat/g_concat.c index 2b1cb575cac8..2173a84c7acf 100644 --- a/sys/geom/concat/g_concat.c +++ b/sys/geom/concat/g_concat.c @@ -590,6 +590,7 @@ g_concat_add_disk(struct g_concat_softc *sc, struct g_provider *pp, u_int no) strcmp(md.md_name, sc->sc_name) != 0 || md.md_id != sc->sc_id) { G_CONCAT_DEBUG(0, "Metadata on %s changed.", pp->name); + error = EINVAL; goto fail; } diff --git a/sys/geom/geom_subr.c b/sys/geom/geom_subr.c index 41cc115225f9..aba4bf7c44c4 100644 --- a/sys/geom/geom_subr.c +++ b/sys/geom/geom_subr.c @@ -381,8 +381,8 @@ g_new_geomf(struct g_class *mp, const char *fmt, ...) sbuf_vprintf(sb, fmt, ap); va_end(ap); sbuf_finish(sb); - gp = g_malloc(sizeof *gp, M_WAITOK | M_ZERO); - gp->name = g_malloc(sbuf_len(sb) + 1, M_WAITOK | M_ZERO); + gp = g_malloc(sizeof *gp + sbuf_len(sb) + 1, M_WAITOK | M_ZERO); + gp->name = (char *)(gp + 1); gp->class = mp; gp->rank = 1; LIST_INIT(&gp->consumer); @@ -420,7 +420,6 @@ g_destroy_geom(struct g_geom *gp) g_cancel_event(gp); LIST_REMOVE(gp, geom); TAILQ_REMOVE(&geoms, gp, geoms); - g_free(gp->name); g_free(gp); } diff --git a/sys/geom/virstor/g_virstor.c b/sys/geom/virstor/g_virstor.c index b8cf32875660..73bd9f73055a 100644 --- a/sys/geom/virstor/g_virstor.c +++ b/sys/geom/virstor/g_virstor.c @@ -589,7 +589,7 @@ virstor_ctl_remove(struct gctl_req *req, struct g_class *cp) M_GVIRSTOR, M_WAITOK | M_ZERO); bcopy(sc->components, newcomp, found * sizeof(*sc->components)); bcopy(&sc->components[found + 1], newcomp + found, - found * sizeof(*sc->components)); + (sc->n_components - (found + 1)) * sizeof(*sc->components)); if ((sc->components[j].flags & VIRSTOR_PROVIDER_ALLOCATED) != 0) { LOG_MSG(LVL_ERROR, "Allocated provider %s cannot be " "removed from %s", diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index d9aeec68e620..0f0bc056cafd 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -287,7 +287,7 @@ sys_getgid(struct thread *td, struct getgid_args *uap) td->td_retval[0] = td->td_ucred->cr_rgid; #if defined(COMPAT_43) - td->td_retval[1] = td->td_ucred->cr_groups[0]; + td->td_retval[1] = td->td_ucred->cr_gid; #endif return (0); } @@ -307,7 +307,7 @@ int sys_getegid(struct thread *td, struct getegid_args *uap) { - td->td_retval[0] = td->td_ucred->cr_groups[0]; + td->td_retval[0] = td->td_ucred->cr_gid; return (0); } @@ -1080,7 +1080,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap) gid != oldcred->cr_svgid && /* allow setgid(saved gid) */ #endif #ifdef POSIX_APPENDIX_B_4_2_2 /* Use BSD-compat clause from B.4.2.2 */ - gid != oldcred->cr_groups[0] && /* allow setgid(getegid()) */ + gid != oldcred->cr_gid && /* allow setgid(getegid()) */ #endif (error = priv_check_cred(oldcred, PRIV_CRED_SETGID)) != 0) goto fail; @@ -1092,7 +1092,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap) */ if ( #ifdef POSIX_APPENDIX_B_4_2_2 /* use the clause from B.4.2.2 */ - gid == oldcred->cr_groups[0] || + gid == oldcred->cr_gid || #endif /* We are using privs. */ priv_check_cred(oldcred, PRIV_CRED_SETGID) == 0) @@ -1121,7 +1121,7 @@ sys_setgid(struct thread *td, struct setgid_args *uap) * In all cases permitted cases, we are changing the egid. * Copy credentials so other references do not see our changes. */ - if (oldcred->cr_groups[0] != gid) { + if (oldcred->cr_gid != gid) { change_egid(newcred, gid); setsugid(p); } @@ -1167,7 +1167,7 @@ sys_setegid(struct thread *td, struct setegid_args *uap) (error = priv_check_cred(oldcred, PRIV_CRED_SETEGID)) != 0) goto fail; - if (oldcred->cr_groups[0] != egid) { + if (oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -1393,12 +1393,12 @@ sys_setregid(struct thread *td, struct setregid_args *uap) if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid) || - (egid != (gid_t)-1 && egid != oldcred->cr_groups[0] && + (egid != (gid_t)-1 && egid != oldcred->cr_gid && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid)) && (error = priv_check_cred(oldcred, PRIV_CRED_SETREGID)) != 0) goto fail; - if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { + if (egid != (gid_t)-1 && oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -1406,9 +1406,9 @@ sys_setregid(struct thread *td, struct setregid_args *uap) change_rgid(newcred, rgid); setsugid(p); } - if ((rgid != (gid_t)-1 || newcred->cr_groups[0] != newcred->cr_rgid) && - newcred->cr_svgid != newcred->cr_groups[0]) { - change_svgid(newcred, newcred->cr_groups[0]); + if ((rgid != (gid_t)-1 || newcred->cr_gid != newcred->cr_rgid) && + newcred->cr_svgid != newcred->cr_gid) { + change_svgid(newcred, newcred->cr_gid); setsugid(p); } proc_set_cred(p, newcred); @@ -1547,17 +1547,17 @@ sys_setresgid(struct thread *td, struct setresgid_args *uap) if (((rgid != (gid_t)-1 && rgid != oldcred->cr_rgid && rgid != oldcred->cr_svgid && - rgid != oldcred->cr_groups[0]) || + rgid != oldcred->cr_gid) || (egid != (gid_t)-1 && egid != oldcred->cr_rgid && egid != oldcred->cr_svgid && - egid != oldcred->cr_groups[0]) || + egid != oldcred->cr_gid) || (sgid != (gid_t)-1 && sgid != oldcred->cr_rgid && sgid != oldcred->cr_svgid && - sgid != oldcred->cr_groups[0])) && + sgid != oldcred->cr_gid)) && (error = priv_check_cred(oldcred, PRIV_CRED_SETRESGID)) != 0) goto fail; - if (egid != (gid_t)-1 && oldcred->cr_groups[0] != egid) { + if (egid != (gid_t)-1 && oldcred->cr_gid != egid) { change_egid(newcred, egid); setsugid(p); } @@ -1626,8 +1626,8 @@ sys_getresgid(struct thread *td, struct getresgid_args *uap) error1 = copyout(&cred->cr_rgid, uap->rgid, sizeof(cred->cr_rgid)); if (uap->egid) - error2 = copyout(&cred->cr_groups[0], - uap->egid, sizeof(cred->cr_groups[0])); + error2 = copyout(&cred->cr_gid, + uap->egid, sizeof(cred->cr_gid)); if (uap->sgid) error3 = copyout(&cred->cr_svgid, uap->sgid, sizeof(cred->cr_svgid)); @@ -1737,7 +1737,7 @@ groupmember(gid_t gid, const struct ucred *cred) groups_check_positive_len(cred->cr_ngroups); - if (gid == cred->cr_groups[0]) + if (gid == cred->cr_gid) return (true); return (group_is_supplementary(gid, cred)); @@ -3015,7 +3015,7 @@ void change_egid(struct ucred *newcred, gid_t egid) { - newcred->cr_groups[0] = egid; + newcred->cr_gid = egid; } /*- diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 918b256e6c59..29774cf87393 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -6533,17 +6533,6 @@ vop_read_pgcache_post(void *ap, int rc) VFS_KNOTE_UNLOCKED(a->a_vp, NOTE_READ); } -void -vop_readdir_post(void *ap, int rc) -{ - struct vop_readdir_args *a = ap; - - if (!rc) { - VFS_KNOTE_LOCKED(a->a_vp, NOTE_READ); - INOTIFY(a->a_vp, IN_ACCESS); - } -} - static struct knlist fs_knlist; static void diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index c71e0d9ee569..25d40a9806cb 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -2253,10 +2253,10 @@ kern_accessat(struct thread *td, int fd, const char *path, cred = td->td_ucred; if ((flag & AT_EACCESS) == 0 && ((cred->cr_uid != cred->cr_ruid || - cred->cr_rgid != cred->cr_groups[0]))) { + cred->cr_rgid != cred->cr_gid))) { usecred = crdup(cred); usecred->cr_uid = cred->cr_ruid; - usecred->cr_groups[0] = cred->cr_rgid; + usecred->cr_gid = cred->cr_rgid; td->td_ucred = usecred; } else usecred = cred; diff --git a/sys/kern/vnode_if.src b/sys/kern/vnode_if.src index 38138a4af921..2e63215b2f97 100644 --- a/sys/kern/vnode_if.src +++ b/sys/kern/vnode_if.src @@ -242,8 +242,8 @@ vop_read_pgcache { %% write vp L L L -%! write pre VOP_WRITE_PRE -%! write post VOP_WRITE_POST +%! write pre vop_write_pre +%! write post vop_write_post vop_write { IN struct vnode *vp; @@ -380,6 +380,7 @@ vop_symlink { %% readdir vp L L L +%! readdir pre vop_readdir_pre %! readdir post vop_readdir_post vop_readdir { diff --git a/sys/modules/efirt/Makefile b/sys/modules/efirt/Makefile index 4738996fd4e6..c46484465b68 100644 --- a/sys/modules/efirt/Makefile +++ b/sys/modules/efirt/Makefile @@ -9,7 +9,7 @@ SRCS+= device_if.h bus_if.h clock_if.h DPSRCS+= assym.inc .if ${MACHINE_CPUARCH} == "amd64" -SRCS+= opt_hwpmc_hooks.h opt_kstack_pages.h +SRCS+= opt_acpi.h opt_hwpmc_hooks.h opt_kstack_pages.h .endif efirt_support.o: efirt_support.S assym.inc diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 7bdbc565f4ca..6755997fd1f0 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -341,6 +341,7 @@ ovpn_nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *sa) size_t len; const void *addr = nvlist_get_binary(nvl, "address", &len); in->sin_family = af; + in->sin_len = sizeof(*in); if (len != sizeof(in->sin_addr)) return (EINVAL); @@ -355,6 +356,7 @@ ovpn_nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *sa) size_t len; const void *addr = nvlist_get_binary(nvl, "address", &len); in6->sin6_family = af; + in6->sin6_len = sizeof(*in6); if (len != sizeof(in6->sin6_addr)) return (EINVAL); diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 452a8eb4024b..d55afe750869 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -331,6 +331,14 @@ MALLOC_DECLARE(M_PF_RULE_ITEM); SDT_PROVIDER_DECLARE(pf); SDT_PROBE_DECLARE(pf, , test, reason_set); +SDT_PROBE_DECLARE(pf, , log, log); + +#define DPFPRINTF(n, fmt, x...) \ + do { \ + SDT_PROBE2(pf, , log, log, (n), fmt); \ + if (V_pf_status.debug >= (n)) \ + printf(fmt "\n", ##x); \ + } while (0) struct pfi_dynaddr { TAILQ_ENTRY(pfi_dynaddr) entry; @@ -1676,6 +1684,9 @@ struct pf_pdesc { u_int32_t fragoff; /* fragment header offset */ u_int32_t jumbolen; /* length from v6 jumbo header */ u_int32_t badopts; /* v4 options or v6 routing headers */ +#define PF_OPT_OTHER 0x0001 +#define PF_OPT_JUMBO 0x0002 +#define PF_OPT_ROUTER_ALERT 0x0004 u_int16_t *ip_sum; u_int16_t flags; /* Let SCRUB trigger behavior in diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c index b889131b544b..538cd43a88a3 100644 --- a/sys/netinet/in_fib_dxr.c +++ b/sys/netinet/in_fib_dxr.c @@ -345,7 +345,7 @@ initheap(struct dxr_aux *da, uint32_t dst_u32, uint32_t chunk) struct heap_entry *fhp = &da->heap[0]; struct rtentry *rt; struct route_nhop_data rnd; - + da->heap_index = 0; da->dst.sin_addr.s_addr = htonl(dst_u32); rt = fib4_lookup_rt(da->fibnum, da->dst.sin_addr, 0, NHR_UNLOCKED, @@ -1143,7 +1143,7 @@ dxr_destroy(void *data) free(da, M_DXRAUX); } -static void +static void epoch_dxr_destroy(epoch_context_t ctx) { struct dxr *dxr = __containerof(ctx, struct dxr, epoch_ctx); @@ -1202,7 +1202,7 @@ dxr_dump_end(void *data, struct fib_dp *dp) static enum flm_op_result dxr_dump_rib_item(struct rtentry *rt, void *data) { - + return (FLM_SUCCESS); } diff --git a/sys/netinet/tcp_log_buf.h b/sys/netinet/tcp_log_buf.h index 3e7eef8a1cda..f8c064b6a104 100644 --- a/sys/netinet/tcp_log_buf.h +++ b/sys/netinet/tcp_log_buf.h @@ -377,12 +377,12 @@ extern int32_t tcp_trace_point_count; /* * Returns true if any sort of BB logging is enabled, - * commonly used throughout the codebase. + * commonly used throughout the codebase. */ static inline int tcp_bblogging_on(struct tcpcb *tp) { - if (tp->_t_logstate <= TCP_LOG_STATE_OFF) + if (tp->_t_logstate <= TCP_LOG_STATE_OFF) return (0); if (tp->_t_logstate == TCP_LOG_VIA_BBPOINTS) return (0); @@ -427,7 +427,7 @@ tcp_set_bblog_state(struct tcpcb *tp, uint8_t ls, uint8_t bbpoint) } } -static inline uint32_t +static inline uint32_t tcp_get_bblog_state(struct tcpcb *tp) { return (tp->_t_logstate); diff --git a/sys/netinet/tcp_lro.c b/sys/netinet/tcp_lro.c index 10afed17bf3b..7512679bd4e9 100644 --- a/sys/netinet/tcp_lro.c +++ b/sys/netinet/tcp_lro.c @@ -1301,9 +1301,9 @@ tcp_lro_rx_common(struct lro_ctrl *lc, struct mbuf *m, uint32_t csum, bool use_h return (TCP_LRO_CANNOT); #endif if (((m->m_pkthdr.csum_flags & (CSUM_DATA_VALID | CSUM_PSEUDO_HDR)) != - ((CSUM_DATA_VALID | CSUM_PSEUDO_HDR))) || + ((CSUM_DATA_VALID | CSUM_PSEUDO_HDR))) || (m->m_pkthdr.csum_data != 0xffff)) { - /* + /* * The checksum either did not have hardware offload * or it was a bad checksum. We can't LRO such * a packet. @@ -1334,7 +1334,7 @@ tcp_lro_rx_common(struct lro_ctrl *lc, struct mbuf *m, uint32_t csum, bool use_h #endif /* If no hardware or arrival stamp on the packet add timestamp */ if ((m->m_flags & (M_TSTMP_LRO | M_TSTMP)) == 0) { - m->m_pkthdr.rcv_tstmp = bintime2ns(&lc->lro_last_queue_time); + m->m_pkthdr.rcv_tstmp = bintime2ns(&lc->lro_last_queue_time); m->m_flags |= M_TSTMP_LRO; } @@ -1429,9 +1429,9 @@ tcp_lro_rx(struct lro_ctrl *lc, struct mbuf *m, uint32_t csum) int error; if (((m->m_pkthdr.csum_flags & (CSUM_DATA_VALID | CSUM_PSEUDO_HDR)) != - ((CSUM_DATA_VALID | CSUM_PSEUDO_HDR))) || + ((CSUM_DATA_VALID | CSUM_PSEUDO_HDR))) || (m->m_pkthdr.csum_data != 0xffff)) { - /* + /* * The checksum either did not have hardware offload * or it was a bad checksum. We can't LRO such * a packet. @@ -1481,7 +1481,7 @@ tcp_lro_queue_mbuf(struct lro_ctrl *lc, struct mbuf *mb) ((mb->m_flags & M_TSTMP) == 0)) { /* Add in an LRO time since no hardware */ binuptime(&lc->lro_last_queue_time); - mb->m_pkthdr.rcv_tstmp = bintime2ns(&lc->lro_last_queue_time); + mb->m_pkthdr.rcv_tstmp = bintime2ns(&lc->lro_last_queue_time); mb->m_flags |= M_TSTMP_LRO; } diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 90d789f0e224..4405098a8620 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -744,7 +744,7 @@ tcp_sack_doack(struct tcpcb *tp, struct tcpopt *to, tcp_seq th_ack) while (cur != NULL) { if (!(sblkp >= sack_blocks)) { if (((loss_sblks >= tcprexmtthresh) || - (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) + (loss_thresh > (tcprexmtthresh-1)*tp->t_maxseg))) break; loss_thresh += loss_hiack - cur->end; loss_hiack = cur->start; diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c index d2636f01714e..b232d3f08fe6 100644 --- a/sys/netinet/tcp_stacks/bbr.c +++ b/sys/netinet/tcp_stacks/bbr.c @@ -5126,8 +5126,8 @@ bbr_timeout_rxt(struct tcpcb *tp, struct tcp_bbr *bbr, uint32_t cts) tp->t_maxseg = tp->t_pmtud_saved_maxseg; if (tp->t_maxseg < V_tcp_mssdflt) { /* - * The MSS is so small we should not - * process incoming SACK's since we are + * The MSS is so small we should not + * process incoming SACK's since we are * subject to attack in such a case. */ tp->t_flags2 |= TF2_PROC_SACK_PROHIBIT; @@ -10141,7 +10141,7 @@ bbr_init(struct tcpcb *tp, void **ptr) * flags. */ bbr_stop_all_timers(tp, bbr); - /* + /* * Validate the timers are not in usec, if they are convert. * BBR should in theory move to USEC and get rid of a * lot of the TICKS_2 calls.. but for now we stay @@ -11544,7 +11544,7 @@ bbr_do_segment_nounlock(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th, bbr_check_bbr_for_state(bbr, cts, __LINE__, (bbr->r_ctl.rc_lost - lost)); if (nxt_pkt == 0) { if ((bbr->r_wanted_output != 0) || - (tp->t_flags & TF_ACKNOW)) { + (tp->t_flags & TF_ACKNOW)) { bbr->rc_output_starts_timer = 0; did_out = 1; @@ -13172,11 +13172,7 @@ send: mb, moff, &len, if_hw_tsomaxsegcount, if_hw_tsomaxsegsize, msb, - ((rsm == NULL) ? hw_tls : 0) -#ifdef NETFLIX_COPY_ARGS - , NULL, NULL -#endif - ); + ((rsm == NULL) ? hw_tls : 0)); if (len <= maxseg) { /* * Must have ran out of mbufs for the copy @@ -13806,8 +13802,8 @@ nomore: tp->t_maxseg = old_maxseg - 40; if (tp->t_maxseg < V_tcp_mssdflt) { /* - * The MSS is so small we should not - * process incoming SACK's since we are + * The MSS is so small we should not + * process incoming SACK's since we are * subject to attack in such a case. */ tp->t_flags2 |= TF2_PROC_SACK_PROHIBIT; diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c index 5280f18dc983..940a4024bb73 100644 --- a/sys/netinet/tcp_stacks/rack.c +++ b/sys/netinet/tcp_stacks/rack.c @@ -7888,8 +7888,8 @@ drop_it: tp->t_maxseg = tp->t_pmtud_saved_maxseg; if (tp->t_maxseg < V_tcp_mssdflt) { /* - * The MSS is so small we should not - * process incoming SACK's since we are + * The MSS is so small we should not + * process incoming SACK's since we are * subject to attack in such a case. */ tp->t_flags2 |= TF2_PROC_SACK_PROHIBIT; @@ -14638,9 +14638,6 @@ rack_init(struct tcpcb *tp, void **ptr) if (rack->r_ctl.pcm_s == NULL) { rack->r_ctl.pcm_i.cnt_alloc = 0; } -#ifdef NETFLIX_STATS - rack->r_ctl.side_chan_dis_mask = tcp_sidechannel_disable_mask; -#endif rack->r_ctl.rack_per_upper_bound_ss = (uint8_t)rack_per_upper_bound_ss; rack->r_ctl.rack_per_upper_bound_ca = (uint8_t)rack_per_upper_bound_ca; if (rack_enable_shared_cwnd) @@ -15564,7 +15561,7 @@ rack_log_pcm(struct tcp_rack *rack, uint8_t mod, uint32_t flex1, uint32_t flex2, if (tcp_bblogging_on(rack->rc_tp)) { union tcp_log_stackspecific log; struct timeval tv; - + (void)tcp_get_usecs(&tv); memset(&log, 0, sizeof(log)); log.u_bbr.timeStamp = tcp_tv_to_usectick(&tv); @@ -17987,7 +17984,7 @@ start_set: tp->gput_ack = tp->gput_seq + rack_get_measure_window(tp, rack); rack->r_ctl.rc_gp_cumack_ts = 0; if ((rack->r_ctl.cleared_app_ack == 1) && - (SEQ_GEQ(rack->r_ctl.cleared_app_ack, tp->gput_seq))) { + (SEQ_GEQ(tp->gput_seq, rack->r_ctl.cleared_app_ack_seq))) { /* * We just cleared an application limited period * so the next seq out needs to skip the first @@ -19915,7 +19912,7 @@ rack_output(struct tcpcb *tp) goto nomore; } else { /* Return == 0, if there is more we can send tot_len wise fall through and send */ - if (tot_len_this_send >= pace_max_seg) + if (tot_len_this_send >= pace_max_seg) return (ret); #ifdef TCP_ACCOUNTING /* We need to re-pin since fast_output un-pined */ @@ -21556,11 +21553,7 @@ send: m->m_next = tcp_m_copym( mb, moff, &len, if_hw_tsomaxsegcount, if_hw_tsomaxsegsize, msb, - ((rsm == NULL) ? hw_tls : 0) -#ifdef NETFLIX_COPY_ARGS - , &s_mb, &s_moff -#endif - ); + ((rsm == NULL) ? hw_tls : 0)); if (len <= (tp->t_maxseg - optlen)) { /* * Must have ran out of mbufs for the copy diff --git a/sys/netinet/tcp_stacks/rack_pcm.c b/sys/netinet/tcp_stacks/rack_pcm.c index b0e300847c4a..101e6826536c 100644 --- a/sys/netinet/tcp_stacks/rack_pcm.c +++ b/sys/netinet/tcp_stacks/rack_pcm.c @@ -172,7 +172,7 @@ rack_update_pcm_ack(struct tcp_rack *rack, int was_cumack, uint32_t start, uint3 goto skip_ack_accounting; } /* - * Record ACK data. + * Record ACK data. */ ack_arrival = tcp_tv_to_lusectick(&rack->r_ctl.act_rcv_time); if (SEQ_GT(end, rack->r_ctl.pcm_i.eseq)) { @@ -305,7 +305,7 @@ skip_ack_accounting: 0, &log, false, NULL, NULL, 0, &tv); } } - /* + /* * Here we need a lot to be added including: * 1) Some form of measurement, where if we think the measurement * is valid we iterate over the PCM data and come up with a path diff --git a/sys/netinet/tcp_stacks/sack_filter.c b/sys/netinet/tcp_stacks/sack_filter.c index fc9ee8454a1e..2b70548f3cc6 100644 --- a/sys/netinet/tcp_stacks/sack_filter.c +++ b/sys/netinet/tcp_stacks/sack_filter.c @@ -400,7 +400,7 @@ sack_filter_run(struct sack_filter *sf, struct sackblk *in, int numblks, tcp_seq break; } /* Copy it out to the outbound */ - memcpy(&in[at], &blkboard[i], sizeof(struct sackblk)); + memcpy(&in[at], &blkboard[i], sizeof(struct sackblk)); at++; room--; /* now lets add it to our sack-board */ @@ -588,7 +588,7 @@ sack_filter_blks(struct tcpcb *tp, struct sack_filter *sf, struct sackblk *in, i sf->sf_ack = th_ack; for(i=0, sf->sf_cur=0; i<numblks; i++) { - if ((in[i].end != tp->snd_max) && + if ((in[i].end != tp->snd_max) && ((in[i].end - in[i].start) < segmax)) { /* * We do not accept blocks less than a MSS minus all @@ -707,7 +707,7 @@ main(int argc, char **argv) out = stdout; memset(&tp, 0, sizeof(tp)); tp.t_maxseg = 1460; - + while ((i = getopt(argc, argv, "dIi:o:?hS:")) != -1) { switch (i) { case 'S': @@ -883,7 +883,7 @@ main(int argc, char **argv) } else { printf("can't open sack_setup.bin -- sorry no load\n"); } - + } else if (strncmp(buffer, "help", 4) == 0) { help: fprintf(out, "You can input:\n"); diff --git a/sys/netinet/tcp_stacks/sack_filter.h b/sys/netinet/tcp_stacks/sack_filter.h index b12fcf84567c..a1c0684a4359 100644 --- a/sys/netinet/tcp_stacks/sack_filter.h +++ b/sys/netinet/tcp_stacks/sack_filter.h @@ -42,7 +42,7 @@ * previously processed sack information. * * The second thing that the sack filter does is help protect against malicious - * attackers that are trying to attack any linked lists (or other data structures) + * attackers that are trying to attack any linked lists (or other data structures) * that are used in sack processing. Consider an attacker sending in sacks for * every other byte of data outstanding. This could in theory drastically split * up any scoreboard you are maintaining and make you search through a very large diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index db415f6bdf03..26e7e53d540c 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -4537,7 +4537,7 @@ tcp_change_time_units(struct tcpcb *tp, int granularity) panic("Unknown granularity:%d tp:%p", granularity, tp); } -#endif +#endif } void diff --git a/sys/netinet/tcp_timer.c b/sys/netinet/tcp_timer.c index 32ce3001929c..3b9fe7a317b0 100644 --- a/sys/netinet/tcp_timer.c +++ b/sys/netinet/tcp_timer.c @@ -757,8 +757,8 @@ tcp_timer_rexmt(struct tcpcb *tp) tp->t_maxseg = tp->t_pmtud_saved_maxseg; if (tp->t_maxseg < V_tcp_mssdflt) { /* - * The MSS is so small we should not - * process incoming SACK's since we are + * The MSS is so small we should not + * process incoming SACK's since we are * subject to attack in such a case. */ tp->t_flags2 |= TF2_PROC_SACK_PROHIBIT; diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 687b0d538666..70e4c04b79e5 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1768,9 +1768,9 @@ tcp_ctloutput_set(struct inpcb *inp, struct sockopt *sopt) /* * Release the ref count the lookup * acquired. - */ + */ refcount_release(&blk->tfb_refcnt); - /* + /* * Now there is a chance that the * init() function mucked with some * things before it failed, such as @@ -1800,7 +1800,7 @@ tcp_ctloutput_set(struct inpcb *inp, struct sockopt *sopt) * new one already. */ refcount_release(&tp->t_fb->tfb_refcnt); - /* + /* * Set in the new stack. */ tp->t_fb = blk; @@ -1934,7 +1934,7 @@ tcp_set_cc_mod(struct inpcb *inp, struct sockopt *sopt) CC_LIST_RUNLOCK(); return(ESRCH); } - /* + /* * With a reference the algorithm cannot be removed * so we hold a reference through the change process. */ diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 059b2aff689d..b90f65e83cb1 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -182,7 +182,7 @@ struct tcp_sendfile_track { * snd_una). When the response comes back indicating * that there was data (return value 1), then the caller * can build a sendmap entry based on the range and the - * times. The next query would then be done at the + * times. The next query would then be done at the * newly created sendmap_end. Repeated until sendmap_end == snd_max. * * Flags in sendmap_flags are defined below as well. @@ -197,7 +197,7 @@ struct tcp_sendfile_track { * The rack_times are a misc collection of information that * the old stack might possibly fill in. Of course its possible * that an old stack may not have a piece of information. If so - * then setting that value to zero is advised. Setting any + * then setting that value to zero is advised. Setting any * timestamp passed should only place a zero in it when it * is unfilled. This may mean that a time is off by a micro-second * but this is ok in the grand scheme of things. @@ -205,13 +205,13 @@ struct tcp_sendfile_track { * When switching stacks it is desireable to get as much information * from the old stack to the new stack as possible. Though not always * will the stack be compatible in the types of information. The - * init() function needs to take care when it begins changing + * init() function needs to take care when it begins changing * things such as inp_flags2 and the timer units to position these * changes at a point where it is unlikely they will fail after * making such changes. A stack optionally can have an "undo" - * function + * function * - * To transfer information to the old stack from the new in + * To transfer information to the old stack from the new in * respect to LRO and the inp_flags2, the new stack should set * the inp_flags2 to what it supports. The old stack in its * fini() function should call the tcp_handle_orphaned_packets() @@ -544,13 +544,13 @@ typedef enum { * do is: * a) Make sure that the inp_flags2 is setup correctly * for LRO. There are two flags that the previous - * stack may have set INP_MBUF_ACKCMP and + * stack may have set INP_MBUF_ACKCMP and * INP_SUPPORTS_MBUFQ. If the new stack does not * support these it *should* clear the flags. * b) Make sure that the timers are in the proper * granularity that the stack wants. The stack * should check the t_tmr_granularity field. Currently - * there are two values that it may hold + * there are two values that it may hold * TCP_TMR_GRANULARITY_TICKS and TCP_TMR_GRANULARITY_USEC. * Use the functions tcp_timer_convert(tp, granularity); * to move the timers to the correct format for your stack. @@ -558,14 +558,14 @@ typedef enum { * The new stack may also optionally query the tfb_chg_query * function if the old stack has one. The new stack may ask * for one of three entries and can also state to the old - * stack its support for the INP_MBUF_ACKCMP and + * stack its support for the INP_MBUF_ACKCMP and * INP_SUPPORTS_MBUFQ. This is important since if there are * queued ack's without that statement the old stack will * be forced to discard the queued acks. The requests that * can be made for information by the new stacks are: * * Note also that the tfb_tcp_fb_init() when called can - * determine if a query is needed by looking at the + * determine if a query is needed by looking at the * value passed in the ptr. The ptr is designed to be * set in with any allocated memory, but the address * of the condtion (ptr == &tp->t_fb_ptr) will be @@ -573,17 +573,17 @@ typedef enum { * setup of a tcb (which means no query would be needed). * If, however, the value is not t_fb_ptr, then the caller * is in the middle of a stack switch and is the new stack. - * A query would be appropriate (if the new stack support + * A query would be appropriate (if the new stack support * the query mechanism). * * TCP_QUERY_SENDMAP - Query of outstanding data. * TCP_QUERY_TIMERS_UP - Query about running timers. - * TCP_SUPPORTED_LRO - Declaration in req_param of - * the inp_flags2 supported by + * TCP_SUPPORTED_LRO - Declaration in req_param of + * the inp_flags2 supported by * the new stack. * TCP_QUERY_RACK_TIMES - Enquire about various timestamps * and states the old stack may be in. - * + * * tfb_tcp_fb_fini is changed to add a flag to tell * the old stack if the tcb is being destroyed or * not. A one in the flag means the TCB is being diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 923633d76df7..c129c8c49921 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -196,7 +196,7 @@ SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "Firewall"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass, CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_one_pass), 0, - "Only do a single pass through ipfw when using dummynet(4)"); + "Only do a single pass through ipfw when using dummynet(4), ipfw_nat or other divert(4)-like interfaces"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(autoinc_step), 0, "Rule number auto-increment step"); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 4e03584b8f85..ee10a997c977 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -110,8 +110,6 @@ #include <netpfil/pf/pfsync_nv.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - struct pfsync_bucket; struct pfsync_softc; @@ -597,9 +595,9 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) if ((rpool_first == NULL) || (TAILQ_NEXT(rpool_first, entries) != NULL)) { DPFPRINTF(PF_DEBUG_MISC, - ("%s: can't recover routing information " - "because of empty or bad redirection pool\n", - __func__)); + "%s: can't recover routing information " + "because of empty or bad redirection pool", + __func__); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } rt = r->rt; @@ -610,8 +608,8 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) * give up on recovering. */ DPFPRINTF(PF_DEBUG_MISC, - ("%s: can't recover routing information " - "because of different ruleset\n", __func__)); + "%s: can't recover routing information " + "because of different ruleset", __func__); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } break; @@ -624,8 +622,8 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) rt_kif = pfi_kkif_find(sp->pfs_1400.rt_ifname); if (rt_kif == NULL) { DPFPRINTF(PF_DEBUG_MISC, - ("%s: unknown route interface: %s\n", - __func__, sp->pfs_1400.rt_ifname)); + "%s: unknown route interface: %s", + __func__, sp->pfs_1400.rt_ifname); return ((flags & PFSYNC_SI_IOCTL) ? EINVAL : 0); } rt = sp->pfs_1400.rt; diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 009f7e4d78b1..41e9ca27912d 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -119,8 +119,6 @@ #include <machine/in_cksum.h> #include <security/mac/mac_framework.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - SDT_PROVIDER_DEFINE(pf); SDT_PROBE_DEFINE2(pf, , test, reason_set, "int", "int"); SDT_PROBE_DEFINE4(pf, ip, test, done, "int", "int", "struct pf_krule *", @@ -161,6 +159,7 @@ SDT_PROBE_DEFINE2(pf, eth, test_rule, match, "int", "struct pf_keth_rule *"); SDT_PROBE_DEFINE2(pf, eth, test_rule, final_match, "int", "struct pf_keth_rule *"); SDT_PROBE_DEFINE2(pf, purge, state, rowcount, "int", "size_t"); +SDT_PROBE_DEFINE2(pf, , log, log, "int", "const char *"); /* * Global variables @@ -375,6 +374,8 @@ static u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, int, u_int16_t); static int pf_check_proto_cksum(struct mbuf *, int, int, u_int8_t, sa_family_t); +static int pf_walk_option(struct pf_pdesc *, struct ip *, + int, int, u_short *); static int pf_walk_header(struct pf_pdesc *, struct ip *, u_short *); #ifdef INET6 static int pf_walk_option6(struct pf_pdesc *, struct ip6_hdr *, @@ -4615,8 +4616,8 @@ pf_match_rcvif(struct mbuf *m, struct pf_krule *r) if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, @%d via %s\n", __func__, r->nr, - r->rcv_ifname)); + "%s: kif == NULL, @%d via %s", __func__, r->nr, + r->rcv_ifname); return (0); } @@ -4975,7 +4976,7 @@ pf_socket_lookup(struct pf_pdesc *pd) } INP_RLOCK_ASSERT(inp); pd->lookup.uid = inp->inp_cred->cr_uid; - pd->lookup.gid = inp->inp_cred->cr_groups[0]; + pd->lookup.gid = inp->inp_cred->cr_gid; INP_RUNLOCK(inp); return (1); @@ -5242,8 +5243,8 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) if (__predict_false(m->m_len < sizeof(struct ether_header)) && (m = *m0 = m_pullup(*m0, sizeof(struct ether_header))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ether_header)" - ", pullup failed\n", __func__)); + "%s: m_len < sizeof(struct ether_header)" + ", pullup failed", __func__); return (PF_DROP); } e = mtod(m, struct ether_header *); @@ -5759,7 +5760,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, if (inp != NULL) { INP_LOCK_ASSERT(inp); pd->lookup.uid = inp->inp_cred->cr_uid; - pd->lookup.gid = inp->inp_cred->cr_groups[0]; + pd->lookup.gid = inp->inp_cred->cr_gid; pd->lookup.done = 1; } @@ -6168,8 +6169,8 @@ pf_create_state(struct pf_krule *r, struct pf_test_ctx *ctx, &s->src, &s->dst, &ctx->rewrite)) { /* This really shouldn't happen!!! */ DPFPRINTF(PF_DEBUG_URGENT, - ("%s: tcp normalize failed on first " - "pkt\n", __func__)); + "%s: tcp normalize failed on first " + "pkt", __func__); goto csfailed; } } else if (pd->proto == IPPROTO_SCTP) { @@ -7965,8 +7966,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, ipoff2, &h2, sizeof(h2), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(ip)\n")); + "pf: ICMP error message too short " + "(ip)"); return (PF_DROP); } /* @@ -7996,8 +7997,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, ipoff2, &h2_6, sizeof(h2_6), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(ip6)\n")); + "pf: ICMP error message too short " + "(ip6)"); return (PF_DROP); } pd2.off = ipoff2; @@ -8049,8 +8050,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, th, 8, NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(tcp)\n")); + "pf: ICMP error message too short " + "(tcp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.tcp.th_sum; @@ -8244,8 +8245,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, uh, sizeof(*uh), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(udp)\n")); + "pf: ICMP error message too short " + "(udp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.udp.uh_sum; @@ -8376,8 +8377,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (! pf_pull_hdr(pd->m, pd2.off, sh, sizeof(*sh), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(sctp)\n")); + "pf: ICMP error message too short " + "(sctp)"); return (PF_DROP); } pd2.pcksum = &pd2.sctp_dummy_sum; @@ -8407,8 +8408,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (src->scrub->pfss_v_tag != sh->v_tag) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message has incorrect " - "SCTP v_tag\n")); + "pf: ICMP error message has incorrect " + "SCTP v_tag"); return (PF_DROP); } @@ -8531,8 +8532,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, iih, ICMP_MINLEN, NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short i" - "(icmp)\n")); + "pf: ICMP error message too short i" + "(icmp)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.icmp.icmp_cksum; @@ -8651,8 +8652,8 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, if (!pf_pull_hdr(pd->m, pd2.off, iih, sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: ICMP error message too short " - "(icmp6)\n")); + "pf: ICMP error message too short " + "(icmp6)"); return (PF_DROP); } pd2.pcksum = &pd2.hdr.icmp6.icmp6_cksum; @@ -9082,7 +9083,7 @@ pf_route(struct pf_krule *r, struct ifnet *oifp, } if (m0->m_len < sizeof(struct ip)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m0->m_len < sizeof(struct ip)\n", __func__)); + "%s: m0->m_len < sizeof(struct ip)", __func__); SDT_PROBE1(pf, ip, route_to, drop, __LINE__); goto bad; } @@ -9387,8 +9388,8 @@ pf_route6(struct pf_krule *r, struct ifnet *oifp, } if (m0->m_len < sizeof(struct ip6_hdr)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m0->m_len < sizeof(struct ip6_hdr)\n", - __func__)); + "%s: m0->m_len < sizeof(struct ip6_hdr)", + __func__); SDT_PROBE1(pf, ip6, route_to, drop, __LINE__); goto bad; } @@ -9683,7 +9684,7 @@ pf_test_eth(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, if (kif == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, if_xname %s\n", __func__, ifp->if_xname)); + "%s: kif == NULL, if_xname %s", __func__, ifp->if_xname); return (PF_DROP); } if (kif->pfik_flags & PFI_IFLAG_SKIP) @@ -9798,6 +9799,62 @@ pf_dummynet_route(struct pf_pdesc *pd, struct pf_kstate *s, } static int +pf_walk_option(struct pf_pdesc *pd, struct ip *h, int off, int end, + u_short *reason) +{ + uint8_t type, length, opts[15 * 4 - sizeof(struct ip)]; + + /* IP header in payload of ICMP packet may be too short */ + if (pd->m->m_pkthdr.len < end) { + DPFPRINTF(PF_DEBUG_MISC, "IP option too short"); + REASON_SET(reason, PFRES_SHORT); + return (PF_DROP); + } + + MPASS(end - off <= sizeof(opts)); + m_copydata(pd->m, off, end - off, opts); + end -= off; + off = 0; + + while (off < end) { + type = opts[off]; + if (type == IPOPT_EOL) + break; + if (type == IPOPT_NOP) { + off++; + continue; + } + if (off + 2 > end) { + DPFPRINTF(PF_DEBUG_MISC, "IP length opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + length = opts[off + 1]; + if (length < 2) { + DPFPRINTF(PF_DEBUG_MISC, "IP short opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + if (off + length > end) { + DPFPRINTF(PF_DEBUG_MISC, "IP long opt"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + switch (type) { + case IPOPT_RA: + pd->badopts |= PF_OPT_ROUTER_ALERT; + break; + default: + pd->badopts |= PF_OPT_OTHER; + break; + } + off += length; + } + + return (PF_PASS); +} + +static int pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) { struct ah ext; @@ -9809,11 +9866,28 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) REASON_SET(reason, PFRES_SHORT); return (PF_DROP); } - if (hlen != sizeof(struct ip)) - pd->badopts++; + if (hlen != sizeof(struct ip)) { + if (pf_walk_option(pd, h, pd->off + sizeof(struct ip), + pd->off + hlen, reason) != PF_PASS) + return (PF_DROP); + /* header options which contain only padding is fishy */ + if (pd->badopts == 0) + pd->badopts |= PF_OPT_OTHER; + } end = pd->off + ntohs(h->ip_len); pd->off += hlen; pd->proto = h->ip_p; + /* IGMP packets have router alert options, allow them */ + if (pd->proto == IPPROTO_IGMP) { + /* According to RFC 1112 ttl must be set to 1. */ + if ((h->ip_ttl != 1) || + !IN_MULTICAST(ntohl(h->ip_dst.s_addr))) { + DPFPRINTF(PF_DEBUG_MISC, "Invalid IGMP"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + pd->badopts &= ~PF_OPT_ROUTER_ALERT; + } /* stop walking over non initial fragments */ if ((h->ip_off & htons(IP_OFFMASK)) != 0) return (PF_PASS); @@ -9826,7 +9900,7 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) return (PF_PASS); if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), NULL, reason, AF_INET)) { - DPFPRINTF(PF_DEBUG_MISC, ("IP short exthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IP short exthdr"); return (PF_DROP); } pd->off += (ext.ah_len + 2) * 4; @@ -9836,7 +9910,7 @@ pf_walk_header(struct pf_pdesc *pd, struct ip *h, u_short *reason) return (PF_PASS); } } - DPFPRINTF(PF_DEBUG_MISC, ("IPv4 nested authentication header limit")); + DPFPRINTF(PF_DEBUG_MISC, "IPv4 nested authentication header limit"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9852,7 +9926,7 @@ pf_walk_option6(struct pf_pdesc *pd, struct ip6_hdr *h, int off, int end, while (off < end) { if (!pf_pull_hdr(pd->m, off, &opt.ip6o_type, sizeof(opt.ip6o_type), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short opt type")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short opt type"); return (PF_DROP); } if (opt.ip6o_type == IP6OPT_PAD1) { @@ -9861,41 +9935,48 @@ pf_walk_option6(struct pf_pdesc *pd, struct ip6_hdr *h, int off, int end, } if (!pf_pull_hdr(pd->m, off, &opt, sizeof(opt), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short opt")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short opt"); return (PF_DROP); } if (off + sizeof(opt) + opt.ip6o_len > end) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 long opt")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 long opt"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } switch (opt.ip6o_type) { + case IP6OPT_PADN: + break; case IP6OPT_JUMBO: + pd->badopts |= PF_OPT_JUMBO; if (pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple jumbo"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } if (ntohs(h->ip6_plen) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 bad jumbo plen")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 bad jumbo plen"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } if (!pf_pull_hdr(pd->m, off, &jumbo, sizeof(jumbo), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short jumbo"); return (PF_DROP); } memcpy(&pd->jumbolen, jumbo.ip6oj_jumbo_len, sizeof(pd->jumbolen)); pd->jumbolen = ntohl(pd->jumbolen); if (pd->jumbolen < IPV6_MAXPACKET) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short jumbolen")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short jumbolen"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } break; + case IP6OPT_ROUTER_ALERT: + pd->badopts |= PF_OPT_ROUTER_ALERT; + break; default: + pd->badopts |= PF_OPT_OTHER; break; } off += sizeof(opt) + opt.ip6o_len; @@ -9909,6 +9990,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) { struct ip6_frag frag; struct ip6_ext ext; + struct icmp6_hdr icmp6; struct ip6_rthdr rthdr; uint32_t end; int hdr_cnt, fraghdr_cnt = 0, rthdr_cnt = 0; @@ -9920,27 +10002,40 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) for (hdr_cnt = 0; hdr_cnt < PF_HDR_LIMIT; hdr_cnt++) { switch (pd->proto) { case IPPROTO_ROUTING: - case IPPROTO_HOPOPTS: case IPPROTO_DSTOPTS: - pd->badopts++; + pd->badopts |= PF_OPT_OTHER; + break; + case IPPROTO_HOPOPTS: + if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), + NULL, reason, AF_INET6)) { + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short exthdr"); + return (PF_DROP); + } + if (pf_walk_option6(pd, h, pd->off + sizeof(ext), + pd->off + (ext.ip6e_len + 1) * 8, + reason) != PF_PASS) + return (PF_DROP); + /* option header which contains only padding is fishy */ + if (pd->badopts == 0) + pd->badopts |= PF_OPT_OTHER; break; } switch (pd->proto) { case IPPROTO_FRAGMENT: if (fraghdr_cnt++) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple fragment")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple fragment"); REASON_SET(reason, PFRES_FRAG); return (PF_DROP); } /* jumbo payload packets cannot be fragmented */ if (pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 fragmented jumbo")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 fragmented jumbo"); REASON_SET(reason, PFRES_FRAG); return (PF_DROP); } if (!pf_pull_hdr(pd->m, pd->off, &frag, sizeof(frag), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short fragment")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short fragment"); return (PF_DROP); } /* stop walking over non initial fragments */ @@ -9956,7 +10051,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) break; case IPPROTO_ROUTING: if (rthdr_cnt++) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 multiple rthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 multiple rthdr"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9968,11 +10063,11 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) } if (!pf_pull_hdr(pd->m, pd->off, &rthdr, sizeof(rthdr), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short rthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short rthdr"); return (PF_DROP); } if (rthdr.ip6r_type == IPV6_RTHDR_TYPE_0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 rthdr0")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 rthdr0"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9980,7 +10075,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) case IPPROTO_HOPOPTS: /* RFC2460 4.1: Hop-by-Hop only after IPv6 header */ if (pd->proto == IPPROTO_HOPOPTS && hdr_cnt > 0) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 hopopts not first")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 hopopts not first"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -9989,7 +10084,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) case IPPROTO_DSTOPTS: if (!pf_pull_hdr(pd->m, pd->off, &ext, sizeof(ext), NULL, reason, AF_INET6)) { - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 short exthdr")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 short exthdr"); return (PF_DROP); } /* fragments may be short */ @@ -10001,18 +10096,11 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) /* reassembly needs the ext header before the frag */ if (pd->fragoff == 0) pd->extoff = pd->off; - if (pd->proto == IPPROTO_HOPOPTS && pd->fragoff == 0) { - if (pf_walk_option6(pd, h, - pd->off + sizeof(ext), - pd->off + (ext.ip6e_len + 1) * 8, reason) - != PF_PASS) - return (PF_DROP); - if (ntohs(h->ip6_plen) == 0 && pd->jumbolen != 0) { - DPFPRINTF(PF_DEBUG_MISC, - ("IPv6 missing jumbo")); - REASON_SET(reason, PFRES_IPOPTIONS); - return (PF_DROP); - } + if (pd->proto == IPPROTO_HOPOPTS && pd->fragoff == 0 && + ntohs(h->ip6_plen) == 0 && pd->jumbolen != 0) { + DPFPRINTF(PF_DEBUG_MISC, "IPv6 missing jumbo"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); } if (pd->proto == IPPROTO_AH) pd->off += (ext.ip6e_len + 2) * 4; @@ -10020,10 +10108,45 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) pd->off += (ext.ip6e_len + 1) * 8; pd->proto = ext.ip6e_nxt; break; + case IPPROTO_ICMPV6: + /* fragments may be short, ignore inner header then */ + if (pd->fragoff != 0 && end < pd->off + sizeof(icmp6)) { + pd->off = pd->fragoff; + pd->proto = IPPROTO_FRAGMENT; + return (PF_PASS); + } + if (!pf_pull_hdr(pd->m, pd->off, &icmp6, sizeof(icmp6), + NULL, reason, AF_INET6)) { + DPFPRINTF(PF_DEBUG_MISC, + "IPv6 short icmp6hdr"); + return (PF_DROP); + } + /* ICMP multicast packets have router alert options */ + switch (icmp6.icmp6_type) { + case MLD_LISTENER_QUERY: + case MLD_LISTENER_REPORT: + case MLD_LISTENER_DONE: + case MLDV2_LISTENER_REPORT: + /* + * According to RFC 2710 all MLD messages are + * sent with hop-limit (ttl) set to 1, and link + * local source address. If either one is + * missing then MLD message is invalid and + * should be discarded. + */ + if ((h->ip6_hlim != 1) || + !IN6_IS_ADDR_LINKLOCAL(&h->ip6_src)) { + DPFPRINTF(PF_DEBUG_MISC, "Invalid MLD"); + REASON_SET(reason, PFRES_IPOPTIONS); + return (PF_DROP); + } + pd->badopts &= ~PF_OPT_ROUTER_ALERT; + break; + } + return (PF_PASS); case IPPROTO_TCP: case IPPROTO_UDP: case IPPROTO_SCTP: - case IPPROTO_ICMPV6: /* fragments may be short, ignore inner header then */ if (pd->fragoff != 0 && end < pd->off + (pd->proto == IPPROTO_TCP ? sizeof(struct tcphdr) : @@ -10038,7 +10161,7 @@ pf_walk_header6(struct pf_pdesc *pd, struct ip6_hdr *h, u_short *reason) return (PF_PASS); } } - DPFPRINTF(PF_DEBUG_MISC, ("IPv6 nested extension header limit")); + DPFPRINTF(PF_DEBUG_MISC, "IPv6 nested extension header limit"); REASON_SET(reason, PFRES_IPOPTIONS); return (PF_DROP); } @@ -10083,8 +10206,15 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, if (__predict_false((*m0)->m_len < sizeof(struct ip)) && (pd->m = *m0 = m_pullup(*m0, sizeof(struct ip))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ip), pullup failed\n", - __func__)); + "%s: m_len < sizeof(struct ip), pullup failed", + __func__); + *action = PF_DROP; + REASON_SET(reason, PFRES_SHORT); + return (-1); + } + + h = mtod(pd->m, struct ip *); + if (pd->m->m_pkthdr.len < ntohs(h->ip_len)) { *action = PF_DROP; REASON_SET(reason, PFRES_SHORT); return (-1); @@ -10097,13 +10227,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, return (-1); } *m0 = pd->m; - h = mtod(pd->m, struct ip *); - if (pd->m->m_pkthdr.len < ntohs(h->ip_len)) { - *action = PF_DROP; - REASON_SET(reason, PFRES_SHORT); - return (-1); - } if (pf_walk_header(pd, h, reason) != PF_PASS) { *action = PF_DROP; @@ -10133,8 +10257,8 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, if (__predict_false((*m0)->m_len < sizeof(struct ip6_hdr)) && (pd->m = *m0 = m_pullup(*m0, sizeof(struct ip6_hdr))) == NULL) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: m_len < sizeof(struct ip6_hdr)" - ", pullup failed\n", __func__)); + "%s: m_len < sizeof(struct ip6_hdr)" + ", pullup failed", __func__); *action = PF_DROP; REASON_SET(reason, PFRES_SHORT); return (-1); @@ -10148,6 +10272,15 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, return (-1); } + /* + * we do not support jumbogram. if we keep going, zero ip6_plen + * will do something bad, so drop the packet for now. + */ + if (htons(h->ip6_plen) == 0) { + *action = PF_DROP; + return (-1); + } + if (pf_walk_header6(pd, h, reason) != PF_PASS) { *action = PF_DROP; return (-1); @@ -10167,15 +10300,6 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0, pd->virtual_proto = (pd->fragoff != 0) ? PF_VPROTO_FRAGMENT : pd->proto; - /* - * we do not support jumbogram. if we keep going, zero ip6_plen - * will do something bad, so drop the packet for now. - */ - if (htons(h->ip6_plen) == 0) { - *action = PF_DROP; - return (-1); - } - /* We do IP header normalization and packet reassembly here */ if (pf_normalize_ip6(pd->fragoff, reason, pd) != PF_PASS) { @@ -10494,8 +10618,8 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 if (__predict_false(kif == NULL)) { DPFPRINTF(PF_DEBUG_URGENT, - ("%s: kif == NULL, if_xname %s\n", - __func__, ifp->if_xname)); + "%s: kif == NULL, if_xname %s", + __func__, ifp->if_xname); return (PF_DROP); } if (kif->pfik_flags & PFI_IFLAG_SKIP) { @@ -10699,14 +10823,14 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet *ifp, struct mbuf **m0 action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, - ("dropping IPv6 packet with ICMPv4 payload")); + "dropping IPv6 packet with ICMPv4 payload"); break; } if (pd.virtual_proto == IPPROTO_ICMPV6 && af != AF_INET6) { action = PF_DROP; REASON_SET(&reason, PFRES_NORM); DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping IPv4 packet with ICMPv6 payload\n")); + "pf: dropping IPv4 packet with ICMPv6 payload"); break; } action = pf_test_state_icmp(&s, &pd, &reason); @@ -10732,12 +10856,12 @@ done: if (s) memcpy(&pd.act, &s->act, sizeof(s->act)); - if (action == PF_PASS && pd.badopts && !pd.act.allow_opts) { + if (action == PF_PASS && pd.badopts != 0 && !pd.act.allow_opts) { action = PF_DROP; REASON_SET(&reason, PFRES_IPOPTIONS); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping packet with dangerous headers\n")); + "pf: dropping packet with dangerous headers"); } if (pd.act.max_pkt_size && pd.act.max_pkt_size && @@ -10746,7 +10870,7 @@ done: REASON_SET(&reason, PFRES_NORM); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: dropping overly long packet\n")); + "pf: dropping overly long packet"); } if (s) { @@ -10778,7 +10902,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate 802.1q mtag\n")); + "pf: failed to allocate 802.1q mtag"); } } @@ -10835,7 +10959,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate tag\n")); + "pf: failed to allocate tag"); } else { pd.pf_mtag->flags |= PF_MTAG_FLAG_FASTFWD_OURS_PRESENT; @@ -10852,7 +10976,7 @@ done: REASON_SET(&reason, PFRES_MEMORY); pd.act.log = PF_LOG_FORCE; DPFPRINTF(PF_DEBUG_MISC, - ("pf: failed to allocate divert tag\n")); + "pf: failed to allocate divert tag"); } } /* XXX: Anybody working on it?! */ diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 5c69c395c5fc..ea9f7fe441c6 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -217,8 +217,6 @@ static u_int16_t tagname2tag(struct pf_tagset *, const char *); static u_int16_t pf_tagname2tag(const char *); static void tag_unref(struct pf_tagset *, u_int16_t); -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - struct cdev *pf_dev; /* @@ -2143,14 +2141,14 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket, ERROUT(EINVAL); if (ticket != ruleset->rules[rs_num].inactive.ticket) { DPFPRINTF(PF_DEBUG_MISC, - ("ticket: %d != [%d]%d\n", ticket, rs_num, - ruleset->rules[rs_num].inactive.ticket)); + "ticket: %d != [%d]%d", ticket, rs_num, + ruleset->rules[rs_num].inactive.ticket); ERROUT(EBUSY); } if (pool_ticket != V_ticket_pabuf) { DPFPRINTF(PF_DEBUG_MISC, - ("pool_ticket: %d != %d\n", pool_ticket, - V_ticket_pabuf)); + "pool_ticket: %d != %d", pool_ticket, + V_ticket_pabuf); ERROUT(EBUSY); } /* @@ -2469,7 +2467,7 @@ pf_start(void) V_pf_status.since = time_uptime; new_unrhdr64(&V_pf_stateid, time_second); - DPFPRINTF(PF_DEBUG_MISC, ("pf: started\n")); + DPFPRINTF(PF_DEBUG_MISC, "pf: started"); } sx_xunlock(&V_pf_ioctl_lock); @@ -2489,7 +2487,7 @@ pf_stop(void) dehook_pf(); dehook_pf_eth(); V_pf_status.since = time_uptime; - DPFPRINTF(PF_DEBUG_MISC, ("pf: stopped\n")); + DPFPRINTF(PF_DEBUG_MISC, "pf: stopped"); } sx_xunlock(&V_pf_ioctl_lock); @@ -3264,9 +3262,9 @@ DIOCGETETHRULE_error: if (nvlist_get_number(nvl, "ticket") != ruleset->inactive.ticket) { DPFPRINTF(PF_DEBUG_MISC, - ("ticket: %d != %d\n", + "ticket: %d != %d", (u_int32_t)nvlist_get_number(nvl, "ticket"), - ruleset->inactive.ticket)); + ruleset->inactive.ticket); ERROUT(EBUSY); } @@ -4340,7 +4338,7 @@ DIOCGETSTATESV2_full: if (error == 0) V_pf_altq_running = 1; PF_RULES_WUNLOCK(); - DPFPRINTF(PF_DEBUG_MISC, ("altq: started\n")); + DPFPRINTF(PF_DEBUG_MISC, "altq: started"); break; } @@ -4359,7 +4357,7 @@ DIOCGETSTATESV2_full: if (error == 0) V_pf_altq_running = 0; PF_RULES_WUNLOCK(); - DPFPRINTF(PF_DEBUG_MISC, ("altq: stopped\n")); + DPFPRINTF(PF_DEBUG_MISC, "altq: stopped"); break; } @@ -6457,9 +6455,9 @@ shutdown_pf(void) for (rs_num = 0; rs_num < PF_RULESET_MAX; ++rs_num) { if ((error = pf_begin_rules(&t[rs_num], rs_num, anchor->path)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: " - "anchor.path=%s rs_num=%d\n", - __func__, anchor->path, rs_num)); + DPFPRINTF(PF_DEBUG_MISC, "%s: " + "anchor.path=%s rs_num=%d", + __func__, anchor->path, rs_num); goto error; /* XXX: rollback? */ } } @@ -6481,9 +6479,9 @@ shutdown_pf(void) eth_anchor->refcnt = 1; if ((error = pf_begin_eth(&t[0], eth_anchor->path)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: eth " - "anchor.path=%s\n", __func__, - eth_anchor->path)); + DPFPRINTF(PF_DEBUG_MISC, "%s: eth " + "anchor.path=%s", __func__, + eth_anchor->path); goto error; } error = pf_commit_eth(t[0], eth_anchor->path); @@ -6492,27 +6490,27 @@ shutdown_pf(void) if ((error = pf_begin_rules(&t[0], PF_RULESET_SCRUB, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: SCRUB\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: SCRUB", __func__); break; } if ((error = pf_begin_rules(&t[1], PF_RULESET_FILTER, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: FILTER\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: FILTER", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[2], PF_RULESET_NAT, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: NAT\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: NAT", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[3], PF_RULESET_BINAT, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: BINAT\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: BINAT", __func__); break; /* XXX: rollback? */ } if ((error = pf_begin_rules(&t[4], PF_RULESET_RDR, &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: RDR\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: RDR", __func__); break; /* XXX: rollback? */ } @@ -6531,7 +6529,7 @@ shutdown_pf(void) break; if ((error = pf_begin_eth(&t[0], &nn)) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: eth\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: eth", __func__); break; } error = pf_commit_eth(t[0], &nn); @@ -6539,7 +6537,7 @@ shutdown_pf(void) #ifdef ALTQ if ((error = pf_begin_altq(&t[0])) != 0) { - DPFPRINTF(PF_DEBUG_MISC, ("%s: ALTQ\n", __func__)); + DPFPRINTF(PF_DEBUG_MISC, "%s: ALTQ", __func__); break; } pf_commit_altq(t[0]); diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c index 9c7863bb301e..ea0d6facf695 100644 --- a/sys/netpfil/pf/pf_lb.c +++ b/sys/netpfil/pf/pf_lb.c @@ -71,8 +71,6 @@ #define V_pf_rdr_srcport_rewrite_tries VNET(pf_rdr_srcport_rewrite_tries) VNET_DEFINE_STATIC(int, pf_rdr_srcport_rewrite_tries) = 16; -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - static uint64_t pf_hash(struct pf_addr *, struct pf_addr *, struct pf_poolhashkey *, sa_family_t); struct pf_krule *pf_match_translation(int, struct pf_test_ctx *); @@ -904,19 +902,19 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r, if (pf_get_mape_sport(pd, r, naddr, nportp, &ctx->udp_mapping, rpool)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: MAP-E port allocation (%u/%u/%u)" - " failed\n", + "pf: MAP-E port allocation (%u/%u/%u)" + " failed", rpool->mape.offset, rpool->mape.psidlen, - rpool->mape.psid)); + rpool->mape.psid); reason = PFRES_MAPFAILED; goto notrans; } } else if (pf_get_sport(pd, r, naddr, nportp, low, high, rpool, &ctx->udp_mapping, PF_SN_NAT)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: NAT proxy port allocation (%u-%u) failed\n", - rpool->proxy_port[0], rpool->proxy_port[1])); + "pf: NAT proxy port allocation (%u-%u) failed", + rpool->proxy_port[0], rpool->proxy_port[1]); reason = PFRES_MAPFAILED; goto notrans; } @@ -1085,13 +1083,13 @@ pf_get_transaddr(struct pf_test_ctx *ctx, struct pf_krule *r, * the state may be reused if the TCP state is terminal. */ DPFPRINTF(PF_DEBUG_MISC, - ("pf: RDR source port allocation failed\n")); + "pf: RDR source port allocation failed"); break; out: DPFPRINTF(PF_DEBUG_MISC, - ("pf: RDR source port allocation %u->%u\n", - ntohs(pd->nsport), ntohs(ctx->nk->port[0]))); + "pf: RDR source port allocation %u->%u", + ntohs(pd->nsport), ntohs(ctx->nk->port[0])); break; } default: @@ -1140,8 +1138,8 @@ pf_get_transaddr_af(struct pf_krule *r, struct pf_pdesc *pd) if (pf_get_sport(pd, r, &nsaddr, &nport, r->nat.proxy_port[0], r->nat.proxy_port[1], &r->nat, NULL, PF_SN_NAT)) { DPFPRINTF(PF_DEBUG_MISC, - ("pf: af-to NAT proxy port allocation (%u-%u) failed", - r->nat.proxy_port[0], r->nat.proxy_port[1])); + "pf: af-to NAT proxy port allocation (%u-%u) failed", + r->nat.proxy_port[0], r->nat.proxy_port[1]); return (-1); } diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 369292ca365e..8cea9557633c 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -160,13 +160,6 @@ static int pf_reassemble6(struct mbuf **, struct ip6_frag *, uint16_t, uint16_t, u_short *); #endif /* INET6 */ -#define DPFPRINTF(x) do { \ - if (V_pf_status.debug >= PF_DEBUG_MISC) { \ - printf("%s: ", __func__); \ - printf x ; \ - } \ -} while(0) - #ifdef INET static void pf_ip2key(struct ip *ip, struct pf_frnode *key) @@ -262,7 +255,8 @@ pf_purge_fragments(uint32_t expire) if (frag->fr_timeout > expire) break; - DPFPRINTF(("expiring %d(%p)\n", frag->fr_id, frag)); + DPFPRINTF(PF_DEBUG_MISC, "expiring %d(%p)", + frag->fr_id, frag); pf_free_fragment(frag); } @@ -281,7 +275,7 @@ pf_flush_fragments(void) PF_FRAG_ASSERT(); goal = uma_zone_get_cur(V_pf_frent_z) * 9 / 10; - DPFPRINTF(("trying to free %d frag entriess\n", goal)); + DPFPRINTF(PF_DEBUG_MISC, "trying to free %d frag entriess", goal); while (goal < uma_zone_get_cur(V_pf_frent_z)) { frag = TAILQ_LAST(&V_pf_fragqueue, pf_fragqueue); if (frag) @@ -573,26 +567,30 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, /* No empty fragments. */ if (frent->fe_len == 0) { - DPFPRINTF(("bad fragment: len 0\n")); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: len 0"); goto bad_fragment; } /* All fragments are 8 byte aligned. */ if (frent->fe_mff && (frent->fe_len & 0x7)) { - DPFPRINTF(("bad fragment: mff and len %d\n", frent->fe_len)); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: mff and len %d", + frent->fe_len); goto bad_fragment; } /* Respect maximum length, IP_MAXPACKET == IPV6_MAXPACKET. */ if (frent->fe_off + frent->fe_len > IP_MAXPACKET) { - DPFPRINTF(("bad fragment: max packet %d\n", - frent->fe_off + frent->fe_len)); + DPFPRINTF(PF_DEBUG_MISC, "bad fragment: max packet %d", + frent->fe_off + frent->fe_len); goto bad_fragment; } - DPFPRINTF((key->fn_af == AF_INET ? - "reass frag %d @ %d-%d\n" : "reass frag %#08x @ %d-%d\n", - id, frent->fe_off, frent->fe_off + frent->fe_len)); + if (key->fn_af == AF_INET) + DPFPRINTF(PF_DEBUG_MISC, "reass frag %d @ %d-%d\n", + id, frent->fe_off, frent->fe_off + frent->fe_len); + else + DPFPRINTF(PF_DEBUG_MISC, "reass frag %#08x @ %d-%d", + id, frent->fe_off, frent->fe_off + frent->fe_len); /* Fully buffer all of the fragments in this fragment queue. */ frag = pf_find_fragment(key, id); @@ -690,10 +688,10 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, precut = prev->fe_off + prev->fe_len - frent->fe_off; if (precut >= frent->fe_len) { - DPFPRINTF(("new frag overlapped\n")); + DPFPRINTF(PF_DEBUG_MISC, "new frag overlapped"); goto drop_fragment; } - DPFPRINTF(("frag head overlap %d\n", precut)); + DPFPRINTF(PF_DEBUG_MISC, "frag head overlap %d", precut); m_adj(frent->fe_m, precut); frent->fe_off += precut; frent->fe_len -= precut; @@ -705,7 +703,8 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, aftercut = frent->fe_off + frent->fe_len - after->fe_off; if (aftercut < after->fe_len) { - DPFPRINTF(("frag tail overlap %d", aftercut)); + DPFPRINTF(PF_DEBUG_MISC, "frag tail overlap %d", + aftercut); m_adj(after->fe_m, aftercut); /* Fragment may switch queue as fe_off changes */ pf_frent_remove(frag, after); @@ -713,7 +712,8 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, after->fe_len -= aftercut; /* Insert into correct queue */ if (pf_frent_insert(frag, after, prev)) { - DPFPRINTF(("fragment requeue limit exceeded")); + DPFPRINTF(PF_DEBUG_MISC, + "fragment requeue limit exceeded"); m_freem(after->fe_m); uma_zfree(V_pf_frent_z, after); /* There is not way to recover */ @@ -723,7 +723,7 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, } /* This fragment is completely overlapped, lose it. */ - DPFPRINTF(("old frag overlapped\n")); + DPFPRINTF(PF_DEBUG_MISC, "old frag overlapped"); next = TAILQ_NEXT(after, fr_next); pf_frent_remove(frag, after); m_freem(after->fe_m); @@ -732,7 +732,7 @@ pf_fillup_fragment(struct pf_frnode *key, uint32_t id, /* If part of the queue gets too long, there is not way to recover. */ if (pf_frent_insert(frag, frent, prev)) { - DPFPRINTF(("fragment queue limit exceeded\n")); + DPFPRINTF(PF_DEBUG_MISC, "fragment queue limit exceeded"); goto bad_fragment; } @@ -748,7 +748,7 @@ free_fragment: * fragment, the entire datagram (and any constituent fragments) MUST * be silently discarded. */ - DPFPRINTF(("flush overlapping fragments\n")); + DPFPRINTF(PF_DEBUG_MISC, "flush overlapping fragments"); pf_free_fragment(frag); bad_fragment: @@ -826,7 +826,8 @@ pf_reassemble(struct mbuf **m0, u_short *reason) m = *m0 = NULL; if (frag->fr_holes) { - DPFPRINTF(("frag %d, holes %d\n", frag->fr_id, frag->fr_holes)); + DPFPRINTF(PF_DEBUG_MISC, "frag %d, holes %d", + frag->fr_id, frag->fr_holes); return (PF_PASS); /* drop because *m0 is NULL, no error */ } @@ -872,14 +873,14 @@ pf_reassemble(struct mbuf **m0, u_short *reason) ip->ip_off &= ~(IP_MF|IP_OFFMASK); if (hdrlen + total > IP_MAXPACKET) { - DPFPRINTF(("drop: too big: %d\n", total)); + DPFPRINTF(PF_DEBUG_MISC, "drop: too big: %d", total); ip->ip_len = 0; REASON_SET(reason, PFRES_SHORT); /* PF_DROP requires a valid mbuf *m0 in pf_test() */ return (PF_DROP); } - DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip->ip_len))); + DPFPRINTF(PF_DEBUG_MISC, "complete: %p(%d)", m, ntohs(ip->ip_len)); return (PF_PASS); } #endif /* INET */ @@ -931,8 +932,8 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr, m = *m0 = NULL; if (frag->fr_holes) { - DPFPRINTF(("frag %d, holes %d\n", frag->fr_id, - frag->fr_holes)); + DPFPRINTF(PF_DEBUG_MISC, "frag %d, holes %d", frag->fr_id, + frag->fr_holes); PF_FRAG_UNLOCK(); return (PF_PASS); /* Drop because *m0 is NULL, no error. */ } @@ -993,14 +994,15 @@ pf_reassemble6(struct mbuf **m0, struct ip6_frag *fraghdr, ip6->ip6_nxt = proto; if (hdrlen - sizeof(struct ip6_hdr) + total > IPV6_MAXPACKET) { - DPFPRINTF(("drop: too big: %d\n", total)); + DPFPRINTF(PF_DEBUG_MISC, "drop: too big: %d", total); ip6->ip6_plen = 0; REASON_SET(reason, PFRES_SHORT); /* PF_DROP requires a valid mbuf *m0 in pf_test6(). */ return (PF_DROP); } - DPFPRINTF(("complete: %p(%d)\n", m, ntohs(ip6->ip6_plen))); + DPFPRINTF(PF_DEBUG_MISC, "complete: %p(%d)", m, + ntohs(ip6->ip6_plen)); return (PF_PASS); fail: @@ -1090,7 +1092,7 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag, action = PF_PASS; } else { /* Drop expects an mbuf to free. */ - DPFPRINTF(("refragment error %d\n", error)); + DPFPRINTF(PF_DEBUG_MISC, "refragment error %d", error); action = PF_DROP; } for (; m; m = t) { @@ -1230,7 +1232,7 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) * no-df above, fine. Otherwise drop it. */ if (h->ip_off & htons(IP_DF)) { - DPFPRINTF(("IP_DF\n")); + DPFPRINTF(PF_DEBUG_MISC, "IP_DF"); goto bad; } @@ -1238,13 +1240,13 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) /* All fragments are 8 byte aligned */ if (mff && (ip_len & 0x7)) { - DPFPRINTF(("mff and %d\n", ip_len)); + DPFPRINTF(PF_DEBUG_MISC, "mff and %d", ip_len); goto bad; } /* Respect maximum length */ if (fragoff + ip_len > IP_MAXPACKET) { - DPFPRINTF(("max packet %d\n", fragoff + ip_len)); + DPFPRINTF(PF_DEBUG_MISC, "max packet %d", fragoff + ip_len); goto bad; } @@ -1256,7 +1258,8 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) /* Fully buffer all of the fragments * Might return a completely reassembled mbuf, or NULL */ PF_FRAG_LOCK(); - DPFPRINTF(("reass frag %d @ %d-%d\n", h->ip_id, fragoff, max)); + DPFPRINTF(PF_DEBUG_MISC, "reass frag %d @ %d-%d", + h->ip_id, fragoff, max); verdict = pf_reassemble(&pd->m, reason); PF_FRAG_UNLOCK(); @@ -1282,7 +1285,7 @@ pf_normalize_ip(u_short *reason, struct pf_pdesc *pd) return (PF_PASS); bad: - DPFPRINTF(("dropping bad fragment\n")); + DPFPRINTF(PF_DEBUG_MISC, "dropping bad fragment"); REASON_SET(reason, PFRES_FRAG); drop: if (r != NULL && r->log) @@ -1711,7 +1714,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, (uptime.tv_sec - src->scrub->pfss_last.tv_sec > TS_MAX_IDLE || time_uptime - (state->creation / 1000) > TS_MAX_CONN)) { if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("src idled out of PAWS\n")); + DPFPRINTF(PF_DEBUG_MISC, "src idled out of PAWS"); pf_print_state(state); printf("\n"); } @@ -1721,7 +1724,7 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, if (dst->scrub && (dst->scrub->pfss_flags & PFSS_PAWS) && uptime.tv_sec - dst->scrub->pfss_last.tv_sec > TS_MAX_IDLE) { if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("dst idled out of PAWS\n")); + DPFPRINTF(PF_DEBUG_MISC, "dst idled out of PAWS"); pf_print_state(state); printf("\n"); } @@ -1826,22 +1829,22 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, * an old timestamp. */ - DPFPRINTF(("Timestamp failed %c%c%c%c\n", + DPFPRINTF(PF_DEBUG_MISC, "Timestamp failed %c%c%c%c", SEQ_LT(tsval, dst->scrub->pfss_tsecr) ? '0' : ' ', SEQ_GT(tsval, src->scrub->pfss_tsval + tsval_from_last) ? '1' : ' ', SEQ_GT(tsecr, dst->scrub->pfss_tsval) ? '2' : ' ', - SEQ_LT(tsecr, dst->scrub->pfss_tsval0)? '3' : ' ')); - DPFPRINTF((" tsval: %u tsecr: %u +ticks: %u " - "idle: %jus %lums\n", + SEQ_LT(tsecr, dst->scrub->pfss_tsval0)? '3' : ' '); + DPFPRINTF(PF_DEBUG_MISC, " tsval: %u tsecr: %u +ticks: " + "%u idle: %jus %lums", tsval, tsecr, tsval_from_last, (uintmax_t)delta_ts.tv_sec, - delta_ts.tv_usec / 1000)); - DPFPRINTF((" src->tsval: %u tsecr: %u\n", - src->scrub->pfss_tsval, src->scrub->pfss_tsecr)); - DPFPRINTF((" dst->tsval: %u tsecr: %u tsval0: %u" - "\n", dst->scrub->pfss_tsval, - dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0)); + delta_ts.tv_usec / 1000); + DPFPRINTF(PF_DEBUG_MISC, " src->tsval: %u tsecr: %u", + src->scrub->pfss_tsval, src->scrub->pfss_tsecr); + DPFPRINTF(PF_DEBUG_MISC, " dst->tsval: %u tsecr: %u " + "tsval0: %u", dst->scrub->pfss_tsval, + dst->scrub->pfss_tsecr, dst->scrub->pfss_tsval0); if (V_pf_status.debug >= PF_DEBUG_MISC) { pf_print_state(state); pf_print_flags(tcp_get_flags(th)); @@ -1891,8 +1894,8 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, * stack changed its RFC1323 behavior?!?! */ if (V_pf_status.debug >= PF_DEBUG_MISC) { - DPFPRINTF(("Did not receive expected RFC1323 " - "timestamp\n")); + DPFPRINTF(PF_DEBUG_MISC, "Did not receive expected " + "RFC1323 timestamp"); pf_print_state(state); pf_print_flags(tcp_get_flags(th)); printf("\n"); @@ -1919,9 +1922,9 @@ pf_normalize_tcp_stateful(struct pf_pdesc *pd, if (V_pf_status.debug >= PF_DEBUG_MISC && dst->scrub && (dst->scrub->pfss_flags & PFSS_TIMESTAMP)) { /* Don't warn if other host rejected RFC1323 */ - DPFPRINTF(("Broken RFC1323 stack did not " - "timestamp data packet. Disabled PAWS " - "security.\n")); + DPFPRINTF(PF_DEBUG_MISC, "Broken RFC1323 stack did " + "not timestamp data packet. Disabled PAWS " + "security."); pf_print_state(state); pf_print_flags(tcp_get_flags(th)); printf("\n"); diff --git a/sys/netpfil/pf/pf_osfp.c b/sys/netpfil/pf/pf_osfp.c index 3e00cc7c80a2..150626c5f3fb 100644 --- a/sys/netpfil/pf/pf_osfp.c +++ b/sys/netpfil/pf/pf_osfp.c @@ -40,9 +40,6 @@ #endif static MALLOC_DEFINE(M_PFOSFP, "pf_osfp", "pf(4) operating system fingerprints"); -#define DPFPRINTF(format, x...) \ - if (V_pf_status.debug >= PF_DEBUG_NOISY) \ - printf(format , ##x) SLIST_HEAD(pf_osfp_list, pf_os_fingerprint); VNET_DEFINE_STATIC(struct pf_osfp_list, pf_osfp_list) = @@ -189,8 +186,8 @@ pf_osfp_fingerprint_hdr(const struct ip *ip, const struct ip6_hdr *ip6, const st optlen = MAX(optlen, 1); /* paranoia */ } - DPFPRINTF("fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " - "(TS=%s,M=%s%d,W=%s%d)\n", + DPFPRINTF(PF_DEBUG_NOISY, "fingerprinted %s:%d %d:%d:%d:%d:%llx (%d) " + "(TS=%s,M=%s%d,W=%s%d)", srcname, ntohs(tcp->th_sport), fp.fp_wsize, fp.fp_ttl, (fp.fp_flags & PF_OSFP_DF) != 0, fp.fp_psize, (long long int)fp.fp_tcpopts, fp.fp_optcnt, @@ -219,7 +216,7 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if (os == PF_OSFP_ANY) return (1); if (list == NULL) { - DPFPRINTF("osfp no match against %x\n", os); + DPFPRINTF(PF_DEBUG_NOISY, "osfp no match against %x", os); return (os == PF_OSFP_UNKNOWN); } PF_OSFP_UNPACK(os, os_class, os_version, os_subtype); @@ -228,13 +225,13 @@ pf_osfp_match(struct pf_osfp_enlist *list, pf_osfp_t os) if ((os_class == PF_OSFP_ANY || en_class == os_class) && (os_version == PF_OSFP_ANY || en_version == os_version) && (os_subtype == PF_OSFP_ANY || en_subtype == os_subtype)) { - DPFPRINTF("osfp matched %s %s %s %x==%x\n", + DPFPRINTF(PF_DEBUG_NOISY, "osfp matched %s %s %s %x==%x", entry->fp_class_nm, entry->fp_version_nm, entry->fp_subtype_nm, os, entry->fp_os); return (1); } } - DPFPRINTF("fingerprint 0x%x didn't match\n", os); + DPFPRINTF(PF_DEBUG_NOISY, "fingerprint 0x%x didn't match", os); return (0); } @@ -275,8 +272,8 @@ pf_osfp_add(struct pf_osfp_ioctl *fpioc) fpadd.fp_ttl = fpioc->fp_ttl; #if 0 /* XXX RYAN wants to fix logging */ - DPFPRINTF("adding osfp %s %s %s = %s%d:%d:%d:%s%d:0x%llx %d " - "(TS=%s,M=%s%d,W=%s%d) %x\n", + DPFPRINTF(PF_DEBUG_NOISY, "adding osfp %s %s %s =" + " %s%d:%d:%d:%s%d:0x%llx %d (TS=%s,M=%s%d,W=%s%d) %x", fpioc->fp_os.fp_class_nm, fpioc->fp_os.fp_version_nm, fpioc->fp_os.fp_subtype_nm, (fpadd.fp_flags & PF_OSFP_WSIZE_MOD) ? "%" : diff --git a/sys/netpfil/pf/pf_ruleset.c b/sys/netpfil/pf/pf_ruleset.c index 2e5165a9900c..43b51f2933f4 100644 --- a/sys/netpfil/pf/pf_ruleset.c +++ b/sys/netpfil/pf/pf_ruleset.c @@ -59,9 +59,6 @@ #error "Kernel only file. Please use sbin/pfctl/pf_ruleset.c instead." #endif -#define DPFPRINTF(format, x...) \ - if (V_pf_status.debug >= PF_DEBUG_NOISY) \ - printf(format , ##x) #define rs_malloc(x) malloc(x, M_TEMP, M_NOWAIT|M_ZERO) #define rs_free(x) free(x, M_TEMP) @@ -386,7 +383,8 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s, strlcpy(path, s->anchor->path, MAXPATHLEN); while (name[0] == '.' && name[1] == '.' && name[2] == '/') { if (!path[0]) { - DPFPRINTF("%s: .. beyond root\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: .. beyond root", + __func__); rs_free(path); return (1); } @@ -408,7 +406,7 @@ pf_kanchor_setup(struct pf_krule *r, const struct pf_kruleset *s, ruleset = pf_find_or_create_kruleset(path); rs_free(path); if (ruleset == NULL || ruleset == &pf_main_ruleset) { - DPFPRINTF("%s: ruleset\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: ruleset", __func__); return (1); } r->anchor = ruleset->anchor; @@ -690,7 +688,8 @@ pf_keth_anchor_setup(struct pf_keth_rule *r, const struct pf_keth_ruleset *s, strlcpy(path, s->anchor->path, MAXPATHLEN); while (name[0] == '.' && name[1] == '.' && name[2] == '/') { if (!path[0]) { - DPFPRINTF("%s: .. beyond root\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: .. beyond root", + __func__); rs_free(path); return (1); } @@ -712,7 +711,7 @@ pf_keth_anchor_setup(struct pf_keth_rule *r, const struct pf_keth_ruleset *s, ruleset = pf_find_or_create_keth_ruleset(path); rs_free(path); if (ruleset == NULL || ruleset->anchor == NULL) { - DPFPRINTF("%s: ruleset\n", __func__); + DPFPRINTF(PF_DEBUG_NOISY, "%s: ruleset", __func__); return (1); } r->anchor = ruleset->anchor; diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c index 66757fa4b756..4a935bc65767 100644 --- a/sys/netpfil/pf/pf_syncookies.c +++ b/sys/netpfil/pf/pf_syncookies.c @@ -88,8 +88,6 @@ #include <net/pfvar.h> #include <netpfil/pf/pf_nv.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - union pf_syncookie { uint8_t cookie; struct { @@ -281,7 +279,7 @@ pf_synflood_check(struct pf_pdesc *pd) pf_syncookie_rotate, curvnet); V_pf_status.syncookies_active = true; DPFPRINTF(LOG_WARNING, - ("synflood detected, enabling syncookies\n")); + "synflood detected, enabling syncookies"); // XXXTODO V_pf_status.lcounters[LCNT_SYNFLOODS]++; } @@ -367,7 +365,7 @@ pf_syncookie_rotate(void *arg) V_pf_status.syncookies_mode == PF_SYNCOOKIES_NEVER) ) { V_pf_status.syncookies_active = false; - DPFPRINTF(PF_DEBUG_MISC, ("syncookies disabled\n")); + DPFPRINTF(PF_DEBUG_MISC, "syncookies disabled"); } /* nothing in flight any more? delete keys and return */ diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index 9c0151b7da2b..ecc185f89ad7 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -49,8 +49,6 @@ #include <net/vnet.h> #include <net/pfvar.h> -#define DPFPRINTF(n, x) if (V_pf_status.debug >= (n)) printf x - #define ACCEPT_FLAGS(flags, oklist) \ do { \ if ((flags & ~(oklist)) & \ @@ -2189,7 +2187,7 @@ pfr_update_stats(struct pfr_ktable *kt, struct pf_addr *a, sa_family_t af, if ((ke == NULL || ke->pfrke_not) != notrule) { if (op_pass != PFR_OP_PASS) DPFPRINTF(PF_DEBUG_URGENT, - ("pfr_update_stats: assertion failed.\n")); + "pfr_update_stats: assertion failed."); op_pass = PFR_OP_XPASS; } pfr_kstate_counter_add(&kt->pfrkt_packets[dir_out][op_pass], 1); diff --git a/sys/netsmb/smb_conn.c b/sys/netsmb/smb_conn.c index 259635e2d8d5..ab6cd130a057 100644 --- a/sys/netsmb/smb_conn.c +++ b/sys/netsmb/smb_conn.c @@ -422,7 +422,7 @@ smb_vc_create(struct smb_vcspec *vcspec, if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) - gid = cred->cr_groups[0]; + gid = cred->cr_gid; vcp->vc_uid = uid; vcp->vc_grp = gid; @@ -765,7 +765,7 @@ smb_share_create(struct smb_vc *vcp, struct smb_sharespec *shspec, if (uid == SMBM_ANY_OWNER) uid = realuid; if (gid == SMBM_ANY_GROUP) - gid = cred->cr_groups[0]; + gid = cred->cr_gid; ssp = smb_zmalloc(sizeof(*ssp), M_SMBCONN, M_WAITOK); smb_co_init(SSTOCP(ssp), SMBL_SHARE, "smbss ilock", "smbss"); ssp->obj.co_free = smb_share_free; diff --git a/sys/riscv/allwinner/files.allwinner b/sys/riscv/allwinner/files.allwinner index 73fa9660e2d2..7a4ff6b9c62e 100644 --- a/sys/riscv/allwinner/files.allwinner +++ b/sys/riscv/allwinner/files.allwinner @@ -1,5 +1,6 @@ arm/allwinner/aw_gpio.c optional gpio aw_gpio fdt +arm/allwinner/aw_mmc.c optional mmc aw_mmc fdt | mmccam aw_mmc fdt arm/allwinner/aw_rtc.c optional aw_rtc fdt arm/allwinner/aw_syscon.c optional syscon arm/allwinner/aw_sid.c optional aw_sid nvmem diff --git a/sys/riscv/conf/std.allwinner b/sys/riscv/conf/std.allwinner index 2b1e0d4e09dc..34fe195b01ba 100644 --- a/sys/riscv/conf/std.allwinner +++ b/sys/riscv/conf/std.allwinner @@ -7,6 +7,7 @@ options SOC_ALLWINNER_D1 device aw_ccu # Allwinner clock controller device aw_gpio # Allwinner GPIO controller +device aw_mmc # Allwinner SD/MMC controller device aw_rtc # Allwinner Real-time Clock device aw_sid # Allwinner Secure ID EFUSE device aw_timer # Allwinner Timer diff --git a/sys/rpc/authunix_prot.c b/sys/rpc/authunix_prot.c index 91fb96f44397..7b531946488a 100644 --- a/sys/rpc/authunix_prot.c +++ b/sys/rpc/authunix_prot.c @@ -93,9 +93,10 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) if (!xdr_uint32_t(xdrs, &cred->cr_uid)) return (FALSE); - if (!xdr_uint32_t(xdrs, &cred->cr_groups[0])) + if (!xdr_uint32_t(xdrs, &cred->cr_gid)) return (FALSE); + /* XXXKE Fix this is cr_gid gets separated out. */ if (xdrs->x_op == XDR_ENCODE) { ngroups = cred->cr_ngroups - 1; if (ngroups > NGRPS) @@ -105,7 +106,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) if (!xdr_uint32_t(xdrs, &ngroups)) return (FALSE); for (i = 0; i < ngroups; i++) { - if (i + 1 < ngroups_max + 1) { + if (i < ngroups_max) { if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1])) return (FALSE); } else { @@ -115,7 +116,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) } if (xdrs->x_op == XDR_DECODE) { - if (ngroups + 1 > ngroups_max + 1) + if (ngroups > ngroups_max) cred->cr_ngroups = ngroups_max + 1; else cred->cr_ngroups = ngroups + 1; diff --git a/sys/rpc/svc_auth_unix.c b/sys/rpc/svc_auth_unix.c index 5d6402a05006..b10ef33be704 100644 --- a/sys/rpc/svc_auth_unix.c +++ b/sys/rpc/svc_auth_unix.c @@ -83,12 +83,13 @@ _svcauth_unix(struct svc_req *rqst, struct rpc_msg *msg) str_len = RNDUP(str_len); buf += str_len / sizeof (int32_t); xcr->cr_uid = IXDR_GET_UINT32(buf); - xcr->cr_groups[0] = IXDR_GET_UINT32(buf); + xcr->cr_gid = IXDR_GET_UINT32(buf); gid_len = (size_t)IXDR_GET_UINT32(buf); if (gid_len > NGRPS) { stat = AUTH_BADCRED; goto done; } + /* XXXKE Fix this if cr_gid gets separated out. */ for (i = 0; i < gid_len; i++) { if (i + 1 < XU_NGROUPS) xcr->cr_groups[i + 1] = IXDR_GET_INT32(buf); diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index 05928f1c33e8..7ec50d990d4e 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -279,7 +279,7 @@ audit_record_ctor(void *mem, int size, void *arg, int flags) cru2x(cred, &ar->k_ar.ar_subj_cred); ar->k_ar.ar_subj_ruid = cred->cr_ruid; ar->k_ar.ar_subj_rgid = cred->cr_rgid; - ar->k_ar.ar_subj_egid = cred->cr_groups[0]; + ar->k_ar.ar_subj_egid = cred->cr_gid; ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid; ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid; ar->k_ar.ar_subj_pid = td->td_proc->p_pid; diff --git a/sys/security/audit/audit_arg.c b/sys/security/audit/audit_arg.c index c667d3968817..3ea645373dbe 100644 --- a/sys/security/audit/audit_arg.c +++ b/sys/security/audit/audit_arg.c @@ -408,7 +408,7 @@ audit_arg_process(struct proc *p) cred = p->p_ucred; ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid; ar->k_ar.ar_arg_euid = cred->cr_uid; - ar->k_ar.ar_arg_egid = cred->cr_groups[0]; + ar->k_ar.ar_arg_egid = cred->cr_gid; ar->k_ar.ar_arg_ruid = cred->cr_ruid; ar->k_ar.ar_arg_rgid = cred->cr_rgid; ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid; diff --git a/sys/sys/efi.h b/sys/sys/efi.h index 95a433a950db..89c8b15519de 100644 --- a/sys/sys/efi.h +++ b/sys/sys/efi.h @@ -42,6 +42,8 @@ {0xb122a263,0x3661,0x4f68,{0x99,0x29,0x78,0xf8,0xb0,0xd6,0x21,0x80}} #define EFI_PROPERTIES_TABLE \ {0x880aaca3,0x4adc,0x4a04,{0x90,0x79,0xb7,0x47,0x34,0x08,0x25,0xe5}} +#define EFI_MEMORY_ATTRIBUTES_TABLE \ + {0xdcfa911d,0x26eb,0x469f,{0xa2,0x20,0x38,0xb7,0xdc,0x46,0x12,0x20}} #define LINUX_EFI_MEMRESERVE_TABLE \ {0x888eb0c6,0x8ede,0x4ff5,{0xa8,0xf0,0x9a,0xee,0x5c,0xb9,0x77,0xc2}} @@ -166,6 +168,22 @@ struct efi_prop_table { uint64_t memory_protection_attribute; }; +struct efi_memory_descriptor { + uint32_t type; + caddr_t phy_addr; + caddr_t virt_addr; + uint64_t pages; + uint64_t attrs; +}; + +struct efi_memory_attribute_table { + uint32_t version; + uint32_t num_ents; + uint32_t descriptor_size; + uint32_t flags; + struct efi_memory_descriptor tables[]; +}; + #ifdef _KERNEL #ifdef EFIABI_ATTR diff --git a/sys/sys/vnode.h b/sys/sys/vnode.h index 2c6947103c94..a416fddcddc3 100644 --- a/sys/sys/vnode.h +++ b/sys/sys/vnode.h @@ -939,7 +939,6 @@ void vop_mknod_post(void *a, int rc); void vop_open_post(void *a, int rc); void vop_read_post(void *a, int rc); void vop_read_pgcache_post(void *ap, int rc); -void vop_readdir_post(void *a, int rc); void vop_reclaim_post(void *a, int rc); void vop_remove_pre(void *a); void vop_remove_post(void *a, int rc); @@ -1015,7 +1014,36 @@ void vop_rename_fail(struct vop_rename_args *ap); _error; \ }) -#define VOP_WRITE_PRE(ap) \ +#ifdef INVARIANTS +#define vop_readdir_pre_assert(ap) \ + ssize_t nresid, oresid; \ + \ + oresid = (ap)->a_uio->uio_resid; + +#define vop_readdir_post_assert(ap, ret) \ + nresid = (ap)->a_uio->uio_resid; \ + if ((ret) == 0 && (ap)->a_eofflag != NULL) { \ + VNASSERT(oresid == 0 || nresid != oresid || \ + *(ap)->a_eofflag == 1, \ + (ap)->a_vp, ("VOP_READDIR: eofflag not set")); \ + } +#else +#define vop_readdir_pre_assert(ap) +#define vop_readdir_post_assert(ap, ret) +#endif + +#define vop_readdir_pre(ap) do { \ + vop_readdir_pre_assert(ap) + +#define vop_readdir_post(ap, ret) \ + vop_readdir_post_assert(ap, ret); \ + if ((ret) == 0) { \ + VFS_KNOTE_LOCKED((ap)->a_vp, NOTE_READ); \ + INOTIFY((ap)->a_vp, IN_ACCESS); \ + } \ +} while (0) + +#define vop_write_pre(ap) \ struct vattr va; \ int error; \ off_t osize, ooffset, noffset; \ @@ -1029,7 +1057,7 @@ void vop_rename_fail(struct vop_rename_args *ap); osize = (off_t)va.va_size; \ } -#define VOP_WRITE_POST(ap, ret) \ +#define vop_write_post(ap, ret) \ noffset = (ap)->a_uio->uio_offset; \ if (noffset > ooffset) { \ if (!VN_KNLIST_EMPTY((ap)->a_vp)) { \ diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 53fac4b0665e..17308706c3f4 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -2064,9 +2064,13 @@ ufs_mkdir( */ ucred.cr_ref = 1; ucred.cr_uid = ip->i_uid; + + /* + * XXXKE Fix this is cr_gid gets separated out + */ ucred.cr_ngroups = 1; ucred.cr_groups = &ucred_group; - ucred.cr_groups[0] = dp->i_gid; + ucred.cr_gid = ucred_group = dp->i_gid; ucp = &ucred; } #endif @@ -2823,9 +2827,13 @@ ufs_makeinode(int mode, struct vnode *dvp, struct vnode **vpp, */ ucred.cr_ref = 1; ucred.cr_uid = ip->i_uid; + + /* + * XXXKE Fix this is cr_gid gets separated out + */ ucred.cr_ngroups = 1; ucred.cr_groups = &ucred_group; - ucred.cr_groups[0] = pdir->i_gid; + ucred.cr_gid = ucred_group = pdir->i_gid; ucp = &ucred; #endif } else { diff --git a/tests/ci/Makefile b/tests/ci/Makefile index 44b19663fc49..964664cbfbb9 100644 --- a/tests/ci/Makefile +++ b/tests/ci/Makefile @@ -33,11 +33,11 @@ EXTRA_MAKE_FLAGS?= TARGET= ${MACHINE} .endif .if !defined(TARGET_ARCH) || empty(TARGET_ARCH) -.if ${TARGET} == ${MACHINE} +. if ${TARGET} == ${MACHINE} TARGET_ARCH= ${MACHINE_ARCH} -.else +. else TARGET_ARCH= ${TARGET} -.endif +. endif .endif IMAKE= ${MAKE} TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH} @@ -47,20 +47,20 @@ CROSS_TOOLCHAIN_PARAM= "CROSS_TOOLCHAIN=${CROSS_TOOLCHAIN}" # Define OSRELEASE by using newvers.sh .if !defined(OSRELEASE) || empty(OSRELEASE) -.for _V in TYPE BRANCH REVISION -. if !defined(${_V}) || empty(${_V}) +. for _V in TYPE BRANCH REVISION +. if !defined(${_V}) || empty(${_V}) ${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR}/../../sys/conf/newvers.sh); echo $$${_V} -. endif -.endfor -.for _V in ${TARGET_ARCH} -.if !empty(TARGET:M${_V}) +. endif +. endfor +. for _V in ${TARGET_ARCH} +. if !empty(TARGET:M${_V}) OSRELEASE= ${TYPE}-${REVISION}-${BRANCH}-${TARGET} VOLUME_LABEL= ${REVISION:C/[.-]/_/g}_${BRANCH:C/[.-]/_/g}_${TARGET} -.else +. else OSRELEASE= ${TYPE}-${REVISION}-${BRANCH}-${TARGET}-${TARGET_ARCH} VOLUME_LABEL= ${REVISION:C/[.-]/_/g}_${BRANCH:C/[.-]/_/g}_${TARGET_ARCH} -.endif -.endfor +. endif +. endfor .endif .if exists(${.CURDIR}/tools/ci.conf) && !defined(CICONF) @@ -104,13 +104,13 @@ TIMEOUT_VM=$$((${TIMEOUT_EXPECT} - 120)) . include "${.CURDIR}/Makefile.${TARGET_ARCH}" .endif .if ${TARGET_ARCH} != ${MACHINE_ARCH} -.if ( ${TARGET_ARCH} != "i386" ) || ( ${MACHINE_ARCH} != "amd64" ) +. if ( ${TARGET_ARCH} != "i386" ) || ( ${MACHINE_ARCH} != "amd64" ) QEMUSTATIC=/usr/local/bin/qemu-${QEMU_ARCH}-static QEMUTGT=portinstall-qemu -.endif +. endif .endif QEMUTGT?= -QEMU_DEVICES?=-device virtio-blk,drive=hd0 +QEMU_DEVICES?=-device virtio-blk,drive=hd0 -device virtio-blk,drive=hd1 QEMU_EXTRA_PARAM?= QEMU_MACHINE?=virt QEMUBIN=/usr/local/bin/qemu-system-${QEMU_ARCH} @@ -134,7 +134,8 @@ METAMODE?=-DWITH_META_MODE .endif CLEANFILES+= ${.OBJDIR}/${CIIMAGE} ${.OBJDIR}/ci.img ${META_TAR} -CLEANDIRS+= ${.OBJDIR}/ci-buildimage +IMAGEDIR= ${.OBJDIR}/ci-buildimage +CLEANDIRS+= ${IMAGEDIR} portinstall: portinstall-pkg portinstall-qemu portinstall-expect portinstall-${TARGET_ARCH:tl} .PHONY @@ -157,7 +158,7 @@ portinstall-expect: portinstall-pkg .PHONY .endif beforeclean: .PHONY - chflags -R noschg ${.OBJDIR}/${.TARGET} + chflags -R noschg ${IMAGEDIR} .include <bsd.obj.mk> clean: beforeclean .PHONY @@ -205,6 +206,7 @@ ci-create-meta: .PHONY ci-extract-meta: .PHONY tar xfv ${META_TAR} -C ${META_DIROUT} + rm -rf ${META_TAR} ${META_DIR} @echo "Extracted kyua reports to ${META_DIROUT}" ci-runtest: ci-buildimage-${TARGET_ARCH:tl} portinstall .PHONY @@ -254,7 +256,7 @@ ci-checktarget: .PHONY ci-smoke: ci-set-smoke-var ci-create-meta ci-checktarget .WAIT ci-runtest-${TARGET_ARCH:tl} .PHONY -ci-full: ci-set-full-var ci-create-meta ci-checktarget .WAIT ci-runtest-${TARGET_ARCH:tl} ci-extract-meta .PHONY +ci-full: ci-set-full-var ci-create-meta ci-checktarget .WAIT ci-runtest-${TARGET_ARCH:tl} .WAIT ci-extract-meta .PHONY ci: ci-${CITYPE:tl} .PHONY diff --git a/tests/sys/cam/ctl/ctl.subr b/tests/sys/cam/ctl/ctl.subr index 5da441b806f0..6cc02d774bdb 100644 --- a/tests/sys/cam/ctl/ctl.subr +++ b/tests/sys/cam/ctl/ctl.subr @@ -25,15 +25,6 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -load_modules() { - if ! kldstat -q -m ctl; then - kldload ctl || atf_skip "could not load ctl kernel mod" - fi - if ! ctladm port -o on -p 0; then - atf_skip "could not enable the camsim frontend" - fi -} - find_device() { LUN=$1 diff --git a/tests/sys/fs/fusefs/Makefile b/tests/sys/fs/fusefs/Makefile index b11f11bdfa98..a21512798597 100644 --- a/tests/sys/fs/fusefs/Makefile +++ b/tests/sys/fs/fusefs/Makefile @@ -70,7 +70,8 @@ TEST_METADATA.nfs+= required_user="root" TEST_METADATA.ctl+= is_exclusive="true" TEST_METADATA.ctl+= required_user="root" -TEST_METADATA+= timeout=10 +TEST_METADATA+= timeout=10 +TEST_METADATA+= required_kmods="fusefs" FUSEFS= ${SRCTOP}/sys/fs/fuse # Suppress warnings that GCC generates for the libc++ and gtest headers. diff --git a/tests/sys/mac/bsdextended/Makefile b/tests/sys/mac/bsdextended/Makefile index 69cd27c0e321..cc3a3f8ea534 100644 --- a/tests/sys/mac/bsdextended/Makefile +++ b/tests/sys/mac/bsdextended/Makefile @@ -9,5 +9,6 @@ TEST_METADATA.ugidfw_test+= required_user="root" # Each test case of matches_test reuses the same ruleset number, so they cannot # be run simultaneously TEST_METADATA.matches_test+= is_exclusive=true +TEST_METADATA+= required_kmods="mac_bsdextended" .include <bsd.test.mk> diff --git a/tests/sys/mac/bsdextended/matches_test.sh b/tests/sys/mac/bsdextended/matches_test.sh index 2a28be0f231b..41fa04f221e3 100644 --- a/tests/sys/mac/bsdextended/matches_test.sh +++ b/tests/sys/mac/bsdextended/matches_test.sh @@ -12,9 +12,6 @@ gidoutrange="daemon" # We expect $uidinrange in this group check_ko() { - if ! sysctl -N security.mac.bsdextended >/dev/null 2>&1; then - atf_skip "mac_bsdextended(4) support isn't available" - fi if [ $(sysctl -n security.mac.bsdextended.enabled) = "0" ]; then # The kernel module is loaded but disabled. Enable it for the # duration of the test. diff --git a/tests/sys/netpfil/common/dummynet.sh b/tests/sys/netpfil/common/dummynet.sh index b77b2df84010..66736fbecdb7 100644 --- a/tests/sys/netpfil/common/dummynet.sh +++ b/tests/sys/netpfil/common/dummynet.sh @@ -265,10 +265,6 @@ queue_body() { fw=$1 - if [ $fw = "ipfw" ] && [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/264805" - fi - firewall_init $fw dummynet_init $fw diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile index 3adaef09ddbd..404d5adfb07a 100644 --- a/tests/sys/netpfil/pf/Makefile +++ b/tests/sys/netpfil/pf/Makefile @@ -58,6 +58,8 @@ ATF_TESTS_SH+= altq \ ATF_TESTS_PYTEST+= frag6.py ATF_TESTS_PYTEST+= header.py ATF_TESTS_PYTEST+= icmp.py +ATF_TESTS_PYTEST+= igmp.py +ATF_TESTS_PYTEST+= mld.py ATF_TESTS_PYTEST+= nat64.py ATF_TESTS_PYTEST+= nat66.py ATF_TESTS_PYTEST+= return.py diff --git a/tests/sys/netpfil/pf/forward.sh b/tests/sys/netpfil/pf/forward.sh index 5d7d48a5dd9a..e9539bc9d278 100644 --- a/tests/sys/netpfil/pf/forward.sh +++ b/tests/sys/netpfil/pf/forward.sh @@ -101,10 +101,6 @@ v6_body() { pft_init - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/260460" - fi - epair_send=$(vnet_mkepair) epair_recv=$(vnet_mkepair) diff --git a/tests/sys/netpfil/pf/icmp.py b/tests/sys/netpfil/pf/icmp.py index 59f2e8190b30..c5e945d60e99 100644 --- a/tests/sys/netpfil/pf/icmp.py +++ b/tests/sys/netpfil/pf/icmp.py @@ -136,8 +136,7 @@ class TestICMP(VnetTestTemplate): / sp.ICMP(type='echo-request') \ / sp.raw(bytes.fromhex('f0') * payload_size) - p = sp.sr1(packet, iface=self.vnet.iface_alias_map["if1"].name, - timeout=3) + p = sp.sr1(packet, timeout=3) p.show() ip = p.getlayer(sp.IP) @@ -176,6 +175,22 @@ class TestICMP(VnetTestTemplate): self.check_icmp_echo(sp, 1464) self.check_icmp_echo(sp, 1468) + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_truncated_opts(self): + ToolsHelper.print_output("/sbin/route add default 192.0.2.1") + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + + packet = sp.IP(dst="198.51.100.2", flags="DF") \ + / sp.ICMP(type='dest-unreach', length=108) \ + / sp.IP(src="198.51.100.2", dst="192.0.2.2", len=1000, \ + ihl=(120 >> 2), options=[ \ + sp.IPOption_Security(length=100)]) + packet.show() + sp.sr1(packet, timeout=3) + class TestICMP_NAT(VnetTestTemplate): REQUIRED_MODULES = [ "pf" ] TOPOLOGY = { diff --git a/tests/sys/netpfil/pf/igmp.py b/tests/sys/netpfil/pf/igmp.py new file mode 100644 index 000000000000..b339a2825082 --- /dev/null +++ b/tests/sys/netpfil/pf/igmp.py @@ -0,0 +1,95 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import pytest +from utils import DelayedSend +from atf_python.sys.net.tools import ToolsHelper +from atf_python.sys.net.vnet import VnetTestTemplate + +class TestIGMP(VnetTestTemplate): + REQUIRED_MODULES = [ "pf" ] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes4": [("192.0.2.2/24", "192.0.2.1/24")]}, + } + + def vnet2_handler(self, vnet): + ifname = vnet.iface_alias_map["if1"].name + ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.pf_rules([ + "pass", + ]) + ToolsHelper.print_output("/sbin/pfctl -x loud") + ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) + + def find_igmp_reply(self, pkt, ifname): + pkt.show() + s = DelayedSend(pkt) + + found = False + packets = self.sp.sniff(iface=ifname, timeout=5) + for r in packets: + r.show() + igmp = r.getlayer(self.sc.igmp.IGMP) + if not igmp: + continue + igmp.show() + if not igmp.gaddr == "230.0.0.1": + continue + found = True + return found + + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_ip_opts(self): + """Verify that we allow IGMP packets with IP options""" + ifname = self.vnet.iface_alias_map["if1"].name + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + import scapy.contrib as sc + import scapy.contrib.igmp + self.sp = sp + self.sc = sc + + # We allow IGMP packets with the router alert option + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=1, + options=[sp.IPOption_Router_Alert()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert self.find_igmp_reply(pkt, ifname) + + # But not with other options + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=1, + options=[sp.IPOption_NOP()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert not self.find_igmp_reply(pkt, ifname) + + # Or with the wrong TTL + pkt = sp.IP(dst="224.0.0.1%%%s" % ifname, ttl=2, + options=[sp.IPOption_Router_Alert()]) \ + / sc.igmp.IGMP(type=0x11, mrcode=1) + assert not self.find_igmp_reply(pkt, ifname) diff --git a/tests/sys/netpfil/pf/killstate.sh b/tests/sys/netpfil/pf/killstate.sh index 447a4e388f11..0d98db822535 100644 --- a/tests/sys/netpfil/pf/killstate.sh +++ b/tests/sys/netpfil/pf/killstate.sh @@ -117,10 +117,6 @@ v6_body() { pft_init - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/260458" - fi - epair=$(vnet_mkepair) ifconfig ${epair}a inet6 2001:db8::1/64 up no_dad diff --git a/tests/sys/netpfil/pf/mld.py b/tests/sys/netpfil/pf/mld.py new file mode 100644 index 000000000000..d118a34c8a7d --- /dev/null +++ b/tests/sys/netpfil/pf/mld.py @@ -0,0 +1,95 @@ +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Copyright (c) 2025 Rubicon Communications, LLC (Netgate) +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import pytest +from utils import DelayedSend +from atf_python.sys.net.tools import ToolsHelper +from atf_python.sys.net.vnet import VnetTestTemplate + +class TestMLD(VnetTestTemplate): + REQUIRED_MODULES = [ "pf" ] + TOPOLOGY = { + "vnet1": {"ifaces": ["if1"]}, + "vnet2": {"ifaces": ["if1"]}, + "if1": {"prefixes6": [("2001:db8::2/64", "2001:db8::1/64")]}, + } + + def vnet2_handler(self, vnet): + ifname = vnet.iface_alias_map["if1"].name + #ToolsHelper.print_output("/sbin/pfctl -e") + ToolsHelper.pf_rules([ + "pass", + ]) + ToolsHelper.print_output("/sbin/pfctl -x loud") + #ToolsHelper.print_output("echo \"j 230.0.0.1 %s\ns 3600\nq\" | /usr/sbin/mtest" % ifname) + + def find_mld_reply(self, pkt, ifname): + pkt.show() + s = DelayedSend(pkt) + + found = False + packets = self.sp.sniff(iface=ifname, timeout=5) + for r in packets: + r.show() + mld = r.getlayer(self.sp.ICMPv6MLReport2) + if not mld: + continue + mld.show() + found = True + return found + + @pytest.mark.require_user("root") + @pytest.mark.require_progs(["scapy"]) + def test_router_alert(self): + """Verify that we allow MLD packets with router alert extension header""" + ifname = self.vnet.iface_alias_map["if1"].name + #ToolsHelper.print_output("/sbin/ifconfig %s inet6 -ifdisable" % ifname) + ToolsHelper.print_output("/sbin/ifconfig") + + # Import in the correct vnet, so at to not confuse Scapy + import scapy.all as sp + import scapy.contrib as sc + import scapy.contrib.igmp + self.sp = sp + self.sc = sc + + # A correct MLD query gets a reply + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ + / sp.RouterAlert(value=0) \ + / sp.ICMPv6MLQuery2() + assert self.find_mld_reply(pkt, ifname) + + # The wrong extension header does not + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=1) \ + / sp.IPv6ExtHdrRouting() \ + / sp.ICMPv6MLQuery2() + assert not self.find_mld_reply(pkt, ifname) + + # Neither does an incorrect hop limit + pkt = sp.IPv6(src="fe80::1%%%s" % ifname, dst="ff02::1", hlim=2) \ + / sp.RouterAlert(value=0) \ + / sp.ICMPv6MLQuery2() + assert not self.find_mld_reply(pkt, ifname) diff --git a/tests/sys/netpfil/pf/set_tos.sh b/tests/sys/netpfil/pf/set_tos.sh index 75b96edbab6e..842377ee97c6 100644 --- a/tests/sys/netpfil/pf/set_tos.sh +++ b/tests/sys/netpfil/pf/set_tos.sh @@ -129,10 +129,6 @@ v6_body() { pft_init - if [ "$(atf_config_get ci false)" = "true" ]; then - atf_skip "https://bugs.freebsd.org/260459" - fi - epair=$(vnet_mkepair) ifconfig ${epair}a inet6 add 2001:db8:192::1 vnet_mkjail alcatraz ${epair}b diff --git a/tests/sys/netpfil/pf/table.sh b/tests/sys/netpfil/pf/table.sh index 78320375db7c..5e5fccdaca20 100644 --- a/tests/sys/netpfil/pf/table.sh +++ b/tests/sys/netpfil/pf/table.sh @@ -582,6 +582,34 @@ anchor_cleanup() pft_cleanup } +atf_test_case "flush" "cleanup" +flush_head() +{ + atf_set descr 'Test flushing addresses from tables' + atf_set require.user root +} + +flush_body() +{ + pft_init + + vnet_mkjail alcatraz + + atf_check -s exit:0 -e match:"1/1 addresses added." \ + jexec alcatraz pfctl -t foo -T add 1.2.3.4 + atf_check -s exit:0 -o match:" 1.2.3.4" \ + jexec alcatraz pfctl -t foo -T show + atf_check -s exit:0 -e match:"1 addresses deleted." \ + jexec alcatraz pfctl -t foo -T flush + atf_check -s exit:0 -o not-match:"1.2.3.4" \ + jexec alcatraz pfctl -t foo -T show +} + +flush_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4_counters" @@ -596,4 +624,5 @@ atf_init_test_cases() atf_add_test_case "pr259689" atf_add_test_case "precreate" atf_add_test_case "anchor" + atf_add_test_case "flush" } diff --git a/usr.bin/asa/asa.1 b/usr.bin/asa/asa.1 index da1af0e8ce84..68d0735774a6 100644 --- a/usr.bin/asa/asa.1 +++ b/usr.bin/asa/asa.1 @@ -84,8 +84,6 @@ To format the output of a program and redirect it to a line-printer: .Pp .Dl "a.out | asa | lpr" -.Sh SEE ALSO -.Xr f77 1 .Sh STANDARDS The .Nm diff --git a/usr.bin/pom/pom.6 b/usr.bin/pom/pom.6 index a3dc68b0a46b..a4dbdde2d4f5 100644 --- a/usr.bin/pom/pom.6 +++ b/usr.bin/pom/pom.6 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 14, 2010 +.Dd July 24, 2025 .Dt POM 6 .Os .Sh NAME @@ -60,4 +60,10 @@ but not has been specified, it will calculate the phase of the moon on that day at midnight. .Sh SEE ALSO -`Practical Astronomy with Your Calculator' by Duffett-Smith. +.Rs +.%A Peter Duffett-Smith +.%B Practical Astronomy with Your Calculator +.%I Cambridge University Press +.%C Cambridge, UK +.%D 1979 +.Re diff --git a/usr.bin/top/top.1 b/usr.bin/top/top.1 index 53b078839526..9b1860246de9 100644 --- a/usr.bin/top/top.1 +++ b/usr.bin/top/top.1 @@ -189,7 +189,7 @@ This option makes them visible. Set the delay between screen updates to .Ar time seconds, which may be fractional. -The default delay between updates is 1 second. +The default delay between updates is 2 seconds. .It Fl T Toggle displaying thread ID (tid) instead of process id (pid). .It Fl t diff --git a/usr.sbin/bhyve/pci_xhci.c b/usr.sbin/bhyve/pci_xhci.c index 5b21361f2823..0871bbb87fe5 100644 --- a/usr.sbin/bhyve/pci_xhci.c +++ b/usr.sbin/bhyve/pci_xhci.c @@ -2588,7 +2588,7 @@ pci_xhci_reset_port(struct pci_xhci_softc *sc, int portn, int warm) if (dev) { port->portsc &= ~(XHCI_PS_PLS_MASK | XHCI_PS_PR | XHCI_PS_PRC); port->portsc |= XHCI_PS_PED | - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_SPEED_SET(dev->hci.hci_speed); if (warm && dev->dev_ue->ue_usbver == 3) { port->portsc |= XHCI_PS_WRC; @@ -2622,11 +2622,11 @@ pci_xhci_init_port(struct pci_xhci_softc *sc, int portn) if (dev->dev_ue->ue_usbver == 2) { port->portsc |= XHCI_PS_PLS_SET(UPS_PORT_LS_POLL) | - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_SPEED_SET(dev->hci.hci_speed); } else { port->portsc |= XHCI_PS_PLS_SET(UPS_PORT_LS_U0) | - XHCI_PS_PED | /* enabled */ - XHCI_PS_SPEED_SET(dev->dev_ue->ue_usbspeed); + XHCI_PS_PED | /* enabled */ + XHCI_PS_SPEED_SET(dev->hci.hci_speed); } DPRINTF(("Init port %d 0x%x", portn, port->portsc)); @@ -2833,6 +2833,7 @@ pci_xhci_parse_devices(struct pci_xhci_softc *sc, nvlist_t *nvl) dev->hci.hci_sc = dev; dev->hci.hci_intr = pci_xhci_dev_intr; dev->hci.hci_event = pci_xhci_dev_event; + dev->hci.hci_speed = USB_SPEED_MAX; if (ue->ue_usbver == 2) { if (usb2_port == sc->usb2_port_start + @@ -2863,6 +2864,8 @@ pci_xhci_parse_devices(struct pci_xhci_softc *sc, nvlist_t *nvl) dev->dev_ue = ue; dev->dev_sc = devsc; + if (dev->hci.hci_speed == USB_SPEED_MAX) + dev->hci.hci_speed = ue->ue_usbspeed; XHCI_SLOTDEV_PTR(sc, slot) = dev; ndevices++; @@ -3228,6 +3231,7 @@ pci_xhci_snapshot(struct vm_snapshot_meta *meta) /* devices[i]->hci */ SNAPSHOT_VAR_OR_LEAVE(dev->hci.hci_address, meta, ret, done); SNAPSHOT_VAR_OR_LEAVE(dev->hci.hci_port, meta, ret, done); + SNAPSHOT_VAR_OR_LEAVE(dev->hci.hci_speed, meta, ret, done); } SNAPSHOT_VAR_OR_LEAVE(sc->usb2_port_start, meta, ret, done); diff --git a/usr.sbin/bhyve/usb_emul.h b/usr.sbin/bhyve/usb_emul.h index 8e0afcb2878b..85dedfeacd3b 100644 --- a/usr.sbin/bhyve/usb_emul.h +++ b/usr.sbin/bhyve/usb_emul.h @@ -85,6 +85,7 @@ struct usb_hci { /* controller managed fields */ int hci_address; int hci_port; + int hci_speed; }; /* diff --git a/usr.sbin/bluetooth/sdpd/server.c b/usr.sbin/bluetooth/sdpd/server.c index ab398cd9339f..05a4cb5f0236 100644 --- a/usr.sbin/bluetooth/sdpd/server.c +++ b/usr.sbin/bluetooth/sdpd/server.c @@ -345,14 +345,12 @@ server_accept_client(server_p srv, int32_t fd) return; } } else { - struct xucred cr; + uid_t uid; + gid_t gid; struct passwd *pw; /* Get peer's credentials */ - memset(&cr, 0, sizeof(cr)); - size = sizeof(cr); - - if (getsockopt(cfd, 0, LOCAL_PEERCRED, &cr, &size) < 0) { + if (getpeereid(cfd, &uid, &gid) < 0) { log_err("Could not get peer's credentials. %s (%d)", strerror(errno), errno); close(cfd); @@ -360,12 +358,12 @@ server_accept_client(server_p srv, int32_t fd) } /* Check credentials */ - pw = getpwuid(cr.cr_uid); + pw = getpwuid(uid); if (pw != NULL) priv = (strcmp(pw->pw_name, "root") == 0); else log_warning("Could not verify credentials for uid %d", - cr.cr_uid); + uid); memcpy(&srv->req_sa.l2cap_bdaddr, NG_HCI_BDADDR_ANY, sizeof(srv->req_sa.l2cap_bdaddr)); diff --git a/usr.sbin/bsdinstall/scripts/pkgbase.in b/usr.sbin/bsdinstall/scripts/pkgbase.in index 1ff93afe817b..cf8e84de6923 100755 --- a/usr.sbin/bsdinstall/scripts/pkgbase.in +++ b/usr.sbin/bsdinstall/scripts/pkgbase.in @@ -234,12 +234,17 @@ local function pkgbase() local chroot = assert(os.getenv("BSDINSTALL_CHROOT")) assert(os.execute("mkdir -p " .. chroot)) + -- Always install the default FreeBSD-base.conf file to the chroot, even + -- if we don't actually fetch the packages from the repository specified + -- there (e.g. because we are performing an offline installation). + local chroot_repos_dir = chroot .. "/usr/local/etc/pkg/repos/" + assert(os.execute("mkdir -p " .. chroot_repos_dir)) + assert(os.execute("cp /usr/share/bsdinstall/FreeBSD-base.conf " .. + chroot_repos_dir)) + local repos_dir = os.getenv("BSDINSTALL_PKG_REPOS_DIR") if not repos_dir then - repos_dir = chroot .. "/usr/local/etc/pkg/repos/" - assert(os.execute("mkdir -p " .. repos_dir)) - assert(os.execute("cp /usr/share/bsdinstall/FreeBSD-base.conf " .. repos_dir)) - + repos_dir = chroot_repos_dir -- Since pkg always interprets fingerprints paths as relative to -- the --rootdir we must copy the key from the host. assert(os.execute("mkdir -p " .. chroot .. "/usr/share/keys")) diff --git a/usr.sbin/ctladm/tests/port.sh b/usr.sbin/ctladm/tests/port.sh index 5bc5d879c983..d966529a85ae 100644 --- a/usr.sbin/ctladm/tests/port.sh +++ b/usr.sbin/ctladm/tests/port.sh @@ -38,12 +38,6 @@ # PGTAG,TARGET pair must be globally unique. PGTAG=30257 -load_cfiscsi() { - if ! kldstat -q -m cfiscsi; then - kldload cfiscsi || atf_skip "could not load cfscsi kernel mod" - fi -} - skip_if_ctld() { if service ctld onestatus > /dev/null; then # If ctld is running on this server, let's not interfere. @@ -118,11 +112,11 @@ create_iscsi_head() atf_set "descr" "ctladm can create a new iscsi port" atf_set "require.user" "root" atf_set "require.progs" ctladm + atf_set "require.kmods" "cfiscsi" } create_iscsi_body() { skip_if_ctld - load_cfiscsi TARGET=iqn.2018-10.myhost.create_iscsi atf_check -o save:port-create.txt ctladm port -c -d "iscsi" -O cfiscsi_portal_group_tag=$PGTAG -O cfiscsi_target="$TARGET" @@ -146,11 +140,11 @@ create_iscsi_alias_head() atf_set "descr" "ctladm can create a new iscsi port with a target alias" atf_set "require.user" "root" atf_set "require.progs" ctladm + atf_set "require.kmods" "cfiscsi" } create_iscsi_alias_body() { skip_if_ctld - load_cfiscsi TARGET=iqn.2018-10.myhost.create_iscsi_alias ALIAS="foobar" @@ -173,11 +167,11 @@ create_iscsi_without_required_args_head() atf_set "descr" "ctladm will gracefully fail to create an iSCSI target if required arguments are missing" atf_set "require.user" "root" atf_set "require.progs" ctladm + atf_set "require.kmods" "cfiscsi" } create_iscsi_without_required_args_body() { skip_if_ctld - load_cfiscsi TARGET=iqn.2018-10.myhost.create_iscsi atf_check -s exit:1 -e match:"Missing required argument: cfiscsi_target" ctladm port -c -d "iscsi" -O cfiscsi_portal_group_tag=$PGTAG @@ -288,11 +282,11 @@ remove_iscsi_head() atf_set "descr" "ctladm can remove an iscsi port" atf_set "require.user" "root" atf_set "require.progs" ctladm + atf_set "require.kmods" "cfiscsi" } remove_iscsi_body() { skip_if_ctld - load_cfiscsi TARGET=iqn.2018-10.myhost.remove_iscsi atf_check -o save:port-create.txt ctladm port -c -d "iscsi" -O cfiscsi_portal_group_tag=$PGTAG -O cfiscsi_target="$TARGET" @@ -314,11 +308,11 @@ remove_iscsi_without_required_args_head() atf_set "descr" "ctladm will gracefully fail to remove an iSCSI target if required arguments are missing" atf_set "require.user" "root" atf_set "require.progs" ctladm + atf_set "require.kmods" "cfiscsi" } remove_iscsi_without_required_args_body() { skip_if_ctld - load_cfiscsi TARGET=iqn.2018-10.myhost.remove_iscsi_without_required_args atf_check -o save:port-create.txt ctladm port -c -d "iscsi" -O cfiscsi_portal_group_tag=$PGTAG -O cfiscsi_target="$TARGET" diff --git a/usr.sbin/devinfo/devinfo.c b/usr.sbin/devinfo/devinfo.c index 629a04ba6687..4163151ec840 100644 --- a/usr.sbin/devinfo/devinfo.c +++ b/usr.sbin/devinfo/devinfo.c @@ -100,7 +100,7 @@ print_kvlist(char *s) while ((kv = strsep(©, " ")) != NULL) { char* k = strsep(&kv, "="); - xo_emit("{ea:%s/%s} {d:%s}={d:%s}", k, kv, k, kv); + xo_emit("{ea:%s/%s} {d:key/%s}={d:value/%s}", k, kv, k, kv); } free(copy); } @@ -200,7 +200,7 @@ print_device_rman_resources(struct devinfo_rman *rman, void *arg) /* there are, print header */ safe_desc = xml_safe_string(rman->dm_desc); print_indent(indent); - xo_emit("{d:%s}:\n", rman->dm_desc); + xo_emit("<{:description/%s}>\n", rman->dm_desc); xo_open_list(safe_desc); /* print resources */ @@ -220,8 +220,7 @@ print_device_props(struct devinfo_dev *dev) { if (vflag) { if (*dev->dd_desc) { - xo_emit(" <{d:%s}>", dev->dd_desc); - xo_emit("{e:description/%s}", dev->dd_desc); + xo_emit("<{:description/%s}>", dev->dd_desc); } if (*dev->dd_pnpinfo) { xo_open_container("pnpinfo"); @@ -273,7 +272,7 @@ print_device(struct devinfo_dev *dev, void *arg) print_indent(indent); xo_open_container(devname); - xo_emit("{d:%s}", devname); + xo_emit("{d:devicename/%s}", devname); print_device_props(dev); xo_emit("\n"); @@ -367,7 +366,7 @@ print_rman(struct devinfo_rman *rman, void *arg __unused) { char* safe_desc = xml_safe_string(rman->dm_desc); - xo_emit("{d:%s}:\n", rman->dm_desc); + xo_emit("<{:description/%s}\n>", rman->dm_desc); xo_open_container(safe_desc); devinfo_foreach_rman_resource(rman, print_rman_resource, 0); @@ -385,7 +384,7 @@ print_device_path_entry(struct devinfo_dev *dev) xo_open_container(devname); open_tag_count++; - xo_emit("{d:%s }", devname); + xo_emit("{:devicename/%s} ", devname); print_device_props(dev); if (vflag) xo_emit("\n"); diff --git a/usr.sbin/efitable/efitable.8 b/usr.sbin/efitable/efitable.8 index bb8a9cc3d0e1..52949abcb853 100644 --- a/usr.sbin/efitable/efitable.8 +++ b/usr.sbin/efitable/efitable.8 @@ -1,4 +1,6 @@ .\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" .\" Copyright (c) 2021 3mdeb Embedded Systems Consulting <contact@3mdeb.com> .\" .\" Redistribution and use in source and binary forms, with or without @@ -27,7 +29,7 @@ .Os .Sh NAME .Nm efitable -.Nd Dump UEFI tables +.Nd dump UEFI tables .Sh SYNOPSIS .Nm .Op Fl u Ar uuid | Fl t Ar name @@ -39,7 +41,7 @@ This program prints data from tables. .Pp The following options are available: -.Bl -tag -width 20m +.Bl -tag -width "-t name | --table name" .It Fl -libxo Generate output via .Xr libxo 3 @@ -47,20 +49,21 @@ in a selection of different human and machine readable formats. See .Xr xo_options 7 for details on command line arguments. -.It Fl t Ar name Fl -table Ar name +.It Fl t Ar name | Fl -table Ar name Specify the name of the table to print. Currently supported tables: .Pp .Bl -tag -width indent -compact .It Cm esrt EFI System Resource Table +.It Cm memory +EFI Memory Attributes Table .It Cm prop EFI Properties Table .El -.It Fl u Ar uuid Fl -uuid Ar uuid +.It Fl u Ar uuid | Fl -uuid Ar uuid Specify the UUID of the table to print. .El -.Pp .Sh HISTORY The .Nm diff --git a/usr.sbin/efitable/efitable.c b/usr.sbin/efitable/efitable.c index 0eee72801592..a506b4dea311 100644 --- a/usr.sbin/efitable/efitable.c +++ b/usr.sbin/efitable/efitable.c @@ -44,6 +44,7 @@ static void efi_table_print_esrt(const void *data); static void efi_table_print_prop(const void *data); +static void efi_table_print_memory(const void *data); static void usage(void) __dead2; struct efi_table_op { @@ -56,7 +57,9 @@ static const struct efi_table_op efi_table_ops[] = { { .name = "esrt", .parse = efi_table_print_esrt, .guid = EFI_TABLE_ESRT }, { .name = "prop", .parse = efi_table_print_prop, - .guid = EFI_PROPERTIES_TABLE } + .guid = EFI_PROPERTIES_TABLE }, + { .name = "memory", .parse = efi_table_print_memory, + .guid = EFI_MEMORY_ATTRIBUTES_TABLE } }; int @@ -239,6 +242,51 @@ efi_table_print_prop(const void *data) xo_err(EX_IOERR, "stdout"); } +static void +efi_table_print_memory(const void *data) +{ + const struct efi_memory_attribute_table *attr = + (const struct efi_memory_attribute_table *)data; + const struct efi_memory_descriptor *desc; + int i, nentries; + + nentries = attr->num_ents; + desc = attr->tables; + + xo_set_version(EFITABLE_XO_VERSION); + + xo_open_container("memory"); + xo_emit("{Lwc:Version}{:version/%#x}\n", attr->version); + xo_emit("{Lwc:Length}{:length/%u}\n", attr->descriptor_size); + xo_emit("{Lwc:Entries}{:entries/%u}\n", attr->num_ents); + + xo_open_container("attributes"); + + /* + * According to https://forum.osdev.org/viewtopic.php?t=32953, the size + * of records into the attribute table never equals to + * sizeof(efi_memory_descriptor). The correct one for indexing the array + * resides in the attributet table. + */ + for (i = 0; i < nentries; i++) { + xo_emit("{Lwc:ID}{:id/%#x}\n", i); + xo_emit("{Lwc:Attributes}{:attributes/%#x}\n", desc->attrs); + xo_emit("{Lwc:Type}{:type/%#x}\n", desc->type); + xo_emit("{Lwc:Pages}{:pages/%#x}\n", desc->pages); + xo_emit("{Lwc:Phyaddr}{:phyaddr/%#p}\n", desc->phy_addr); + xo_emit("{Lwc:Virtaddr}{:virtaddr/%#p}\n", desc->virt_addr); + desc = (const struct efi_memory_descriptor *)(const void *) + ((const char *)desc + attr->descriptor_size); + } + + xo_close_container("attributes"); + + xo_close_container("memory"); + + if (xo_finish() < 0) + xo_err(EX_IOERR, "stdout"); +} + static void usage(void) { xo_error("usage: efitable [-g guid | -t name] [--libxo]\n"); diff --git a/usr.sbin/getfmac/getfmac.8 b/usr.sbin/getfmac/getfmac.8 index eb930e0044f9..6176bfa09271 100644 --- a/usr.sbin/getfmac/getfmac.8 +++ b/usr.sbin/getfmac/getfmac.8 @@ -51,5 +51,8 @@ specified files. .Xr mac 3 , .Xr mac_get_file 3 , .Xr mac 4 , +.Xr maclabel 7 , +.Xr getpmac 8 , .Xr setfmac 8 , +.Xr setpmac 8 , .Xr mac 9 diff --git a/usr.sbin/rpc.lockd/kern.c b/usr.sbin/rpc.lockd/kern.c index c24b81159ea5..1945bd68328a 100644 --- a/usr.sbin/rpc.lockd/kern.c +++ b/usr.sbin/rpc.lockd/kern.c @@ -39,6 +39,7 @@ #include <netinet/in.h> #include <arpa/inet.h> +#include <assert.h> #include <err.h> #include <errno.h> #include <fcntl.h> @@ -232,17 +233,29 @@ void set_auth(CLIENT *cl, struct xucred *xucred) { int ngroups; + gid_t *groups; - ngroups = xucred->cr_ngroups - 1; + /* + * Exclude the first element if it is actually the egid, but account for + * the possibility that we could eventually exclude the egid from the + * exported group list some day. + */ + ngroups = xucred->cr_ngroups; + groups = &xucred->cr_groups[0]; + if (groups == &xucred->cr_gid) { + assert(ngroups > 0); + ngroups--; + groups++; + } if (ngroups > NGRPS) ngroups = NGRPS; if (cl->cl_auth != NULL) cl->cl_auth->ah_ops->ah_destroy(cl->cl_auth); cl->cl_auth = authunix_create(hostname, xucred->cr_uid, - xucred->cr_groups[0], + xucred->cr_gid, ngroups, - &xucred->cr_groups[1]); + groups); } |