From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:11:20 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F5C8110C216; Sun, 18 Nov 2018 00:11:20 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACC958782E; Sun, 18 Nov 2018 00:11:19 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8DAFD38C1; Sun, 18 Nov 2018 00:11:19 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0BJRD079021; Sun, 18 Nov 2018 00:11:19 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0BJTk079020; Sun, 18 Nov 2018 00:11:19 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201811180011.wAI0BJTk079020@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Sun, 18 Nov 2018 00:11:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340534 - stable/11/lib/libvmmapi X-SVN-Group: stable-11 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: stable/11/lib/libvmmapi X-SVN-Commit-Revision: 340534 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: ACC958782E X-Spamd-Result: default: False [-0.11 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:11:20 -0000 Author: jhb Date: Sun Nov 18 00:11:19 2018 New Revision: 340534 URL: https://svnweb.freebsd.org/changeset/base/340534 Log: MFC 338511: bhyve: Use MAP_GUARD when mapping guest memory ranges. Instead of relying on PROT_NONE mappings with MAP_ANON, use MAP_GUARD to reserve address space around guest memory ranges including the guard ranges of address space around mappings. Modified: stable/11/lib/libvmmapi/vmmapi.c Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libvmmapi/vmmapi.c ============================================================================== --- stable/11/lib/libvmmapi/vmmapi.c Sun Nov 18 00:09:33 2018 (r340533) +++ stable/11/lib/libvmmapi/vmmapi.c Sun Nov 18 00:11:19 2018 (r340534) @@ -360,7 +360,7 @@ vm_setup_memory(struct vmctx *ctx, size_t memsize, enu size_t objsize, len; vm_paddr_t gpa; char *baseaddr, *ptr; - int error, flags; + int error; assert(vms == VM_MMAP_ALL); @@ -387,8 +387,7 @@ vm_setup_memory(struct vmctx *ctx, size_t memsize, enu * and the adjoining guard regions. */ len = VM_MMAP_GUARD_SIZE + objsize + VM_MMAP_GUARD_SIZE; - flags = MAP_PRIVATE | MAP_ANON | MAP_NOCORE | MAP_ALIGNED_SUPER; - ptr = mmap(NULL, len, PROT_NONE, flags, -1, 0); + ptr = mmap(NULL, len, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER, -1, 0); if (ptr == MAP_FAILED) return (-1); @@ -490,8 +489,8 @@ vm_create_devmem(struct vmctx *ctx, int segid, const c * adjoining guard regions. */ len2 = VM_MMAP_GUARD_SIZE + len + VM_MMAP_GUARD_SIZE; - flags = MAP_PRIVATE | MAP_ANON | MAP_NOCORE | MAP_ALIGNED_SUPER; - base = mmap(NULL, len2, PROT_NONE, flags, -1, 0); + base = mmap(NULL, len2, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER, -1, + 0); if (base == MAP_FAILED) goto done; From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:26:10 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A11D110CE23; Sun, 18 Nov 2018 00:26:10 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A61E388C7E; Sun, 18 Nov 2018 00:26:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 855CA3B6A; Sun, 18 Nov 2018 00:26:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0Q9AJ087987; Sun, 18 Nov 2018 00:26:09 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0Q9oq087986; Sun, 18 Nov 2018 00:26:09 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180026.wAI0Q9oq087986@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:26:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340537 - stable/11/sbin/ifconfig X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sbin/ifconfig X-SVN-Commit-Revision: 340537 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A61E388C7E X-Spamd-Result: default: False [-0.11 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:26:10 -0000 Author: ae Date: Sun Nov 18 00:26:09 2018 New Revision: 340537 URL: https://svnweb.freebsd.org/changeset/base/340537 Log: MFC r339535: Do not allow use `create` keyword as hostname when ifconfig(8) is invoked for already existing interface. It appeared, that ifconfig(8) assumes `create` keyword as hostname and tries to resolve it, when `ifconfig ifname create` invoked for already existing interface. This can produce some unexpected results, when hostname resolving has successfully happened. This patch adds check for such case. When an interface is already exists, and create is only one argument, return error message. But when there are some other arguments, just remove create keyword from the arguments list. Obtained from: Yandex LLC Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17171 MFC r339536: Fix grammar. Modified: stable/11/sbin/ifconfig/ifconfig.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/ifconfig/ifconfig.c ============================================================================== --- stable/11/sbin/ifconfig/ifconfig.c Sun Nov 18 00:22:01 2018 (r340536) +++ stable/11/sbin/ifconfig/ifconfig.c Sun Nov 18 00:26:09 2018 (r340537) @@ -501,6 +501,18 @@ main(int argc, char *argv[]) } #endif errx(1, "interface %s does not exist", ifname); + } else { + /* + * Do not allow use `create` command as hostname if + * address family is not specified. + */ + if (argc > 0 && (strcmp(argv[0], "create") == 0 || + strcmp(argv[0], "plumb") == 0)) { + if (argc == 1) + errx(1, "interface %s already exists", + ifname); + argc--, argv++; + } } } From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:27:48 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D111110CEFA; Sun, 18 Nov 2018 00:27:48 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B7E8088DCE; Sun, 18 Nov 2018 00:27:47 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 98D673B6C; Sun, 18 Nov 2018 00:27:47 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0RlKc088105; Sun, 18 Nov 2018 00:27:47 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0RlEh088104; Sun, 18 Nov 2018 00:27:47 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180027.wAI0RlEh088104@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:27:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340538 - stable/11/sys/netpfil/ipfw X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sys/netpfil/ipfw X-SVN-Commit-Revision: 340538 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B7E8088DCE X-Spamd-Result: default: False [-0.11 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:27:48 -0000 Author: ae Date: Sun Nov 18 00:27:47 2018 New Revision: 340538 URL: https://svnweb.freebsd.org/changeset/base/340538 Log: MFC r339545: Do not decrement RST life time if keep_alive is not turned on. This allows use differen values configured by user for sysctl variable net.inet.ip.fw.dyn_rst_lifetime. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Sun Nov 18 00:26:09 2018 (r340537) +++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Sun Nov 18 00:27:47 2018 (r340538) @@ -978,7 +978,8 @@ dyn_update_tcp_state(struct dyn_data *data, const stru break; default: - if (V_dyn_rst_lifetime >= V_dyn_keepalive_period) + if (V_dyn_keepalive != 0 && + V_dyn_rst_lifetime >= V_dyn_keepalive_period) V_dyn_rst_lifetime = V_dyn_keepalive_period - 1; expire = time_uptime + V_dyn_rst_lifetime; } From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:28:58 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1495110CF8A; Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A3A788F16; Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 508D83B6D; Sun, 18 Nov 2018 00:28:57 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0Sv0m088207; Sun, 18 Nov 2018 00:28:57 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0SvFf088206; Sun, 18 Nov 2018 00:28:57 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180028.wAI0SvFf088206@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:28:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340539 - in stable/11: sbin/ipfw sys/netinet X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: in stable/11: sbin/ipfw sys/netinet X-SVN-Commit-Revision: 340539 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 8A3A788F16 X-Spamd-Result: default: False [-0.11 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:28:58 -0000 Author: ae Date: Sun Nov 18 00:28:56 2018 New Revision: 340539 URL: https://svnweb.freebsd.org/changeset/base/340539 Log: MFC r339539: Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule, that was added using "new rule format". And then, when the kernel returns rule with this flag, ipfw(8) can correctly show it. Reported by: lev Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17373 Modified: stable/11/sbin/ipfw/ipfw2.c stable/11/sys/netinet/ip_fw.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/ipfw/ipfw2.c ============================================================================== --- stable/11/sbin/ipfw/ipfw2.c Sun Nov 18 00:27:47 2018 (r340538) +++ stable/11/sbin/ipfw/ipfw2.c Sun Nov 18 00:28:56 2018 (r340539) @@ -2207,6 +2207,12 @@ show_static_rule(struct cmdline_opts *co, struct forma */ if (co->comment_only != 0) goto end; + + if (rule->flags & IPFW_RULE_JUSTOPTS) { + state.flags |= HAVE_PROTO | HAVE_SRCIP | HAVE_DSTIP; + goto justopts; + } + print_proto(bp, fo, &state); /* Print source */ @@ -2219,6 +2225,7 @@ show_static_rule(struct cmdline_opts *co, struct forma print_address(bp, fo, &state, dst_opcodes, nitems(dst_opcodes), O_IP_DSTPORT, HAVE_DSTIP); +justopts: /* Print the rest of options */ while (print_opcode(bp, fo, &state, -1)) ; @@ -4340,8 +4347,10 @@ chkarg: } } else if (first_cmd != cmd) { errx(EX_DATAERR, "invalid protocol ``%s''", *av); - } else + } else { + rule->flags |= IPFW_RULE_JUSTOPTS; goto read_options; + } OR_BLOCK(get_proto); /* Modified: stable/11/sys/netinet/ip_fw.h ============================================================================== --- stable/11/sys/netinet/ip_fw.h Sun Nov 18 00:27:47 2018 (r340538) +++ stable/11/sys/netinet/ip_fw.h Sun Nov 18 00:28:56 2018 (r340539) @@ -613,6 +613,7 @@ struct ip_fw_rule { ipfw_insn cmd[1]; /* storage for commands */ }; #define IPFW_RULE_NOOPT 0x01 /* Has no options in body */ +#define IPFW_RULE_JUSTOPTS 0x02 /* new format of rule body */ /* Unaligned version */ From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:31:10 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 511F1110D0DC; Sun, 18 Nov 2018 00:31:10 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EDB6089125; Sun, 18 Nov 2018 00:31:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CEBFE3BA6; Sun, 18 Nov 2018 00:31:09 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0V9Kc088393; Sun, 18 Nov 2018 00:31:09 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0V96j088392; Sun, 18 Nov 2018 00:31:09 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180031.wAI0V96j088392@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:31:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340540 - stable/11/sys/netipsec X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sys/netipsec X-SVN-Commit-Revision: 340540 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: EDB6089125 X-Spamd-Result: default: False [-0.11 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:31:10 -0000 Author: ae Date: Sun Nov 18 00:31:09 2018 New Revision: 340540 URL: https://svnweb.freebsd.org/changeset/base/340540 Log: MFC r339533: Add sadb_x_sa2 extension to SADB_ACQUIRE requests. SADB_ACQUIRE requests are send by kernel, when security policy doesn't have corresponding security association for outbound packet. IKE daemon usually registers its handler for such messages and when the kernel asks for SA it can handle this request. Now such requests will contain additional fields that can help IKE daemon to create SA. And IKE now can create SAs using only information from SADB_ACQUIRE request, this is useful when many if_ipsec(4) interfaces are in use and IKE doesn track security policies that was installed by kernel. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netipsec/key.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netipsec/key.c ============================================================================== --- stable/11/sys/netipsec/key.c Sun Nov 18 00:28:56 2018 (r340539) +++ stable/11/sys/netipsec/key.c Sun Nov 18 00:31:09 2018 (r340540) @@ -6552,7 +6552,9 @@ key_acquire(const struct secasindex *saidx, struct sec /* XXX proxy address (optional) */ - /* set sadb_x_policy */ + /* + * Set sadb_x_policy. This is KAME extension to RFC2367. + */ if (sp != NULL) { m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, sp->priority); @@ -6563,6 +6565,18 @@ key_acquire(const struct secasindex *saidx, struct sec m_cat(result, m); } + /* + * Set sadb_x_sa2 extension if saidx->reqid is not zero. + * This is FreeBSD extension to RFC2367. + */ + if (saidx->reqid != 0) { + m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); + if (m == NULL) { + error = ENOBUFS; + goto fail; + } + m_cat(result, m); + } /* XXX identity (optional) */ #if 0 if (idexttype && fqdn) { From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:34:26 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B2A4110D49F; Sun, 18 Nov 2018 00:34:26 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E87EB894FA; Sun, 18 Nov 2018 00:34:25 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA3173D0D; Sun, 18 Nov 2018 00:34:25 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0YPqO093782; Sun, 18 Nov 2018 00:34:25 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0YOS7093777; Sun, 18 Nov 2018 00:34:24 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180034.wAI0YOS7093777@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:34:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340541 - in stable/11: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netpfil/ipfw/nat64 X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: in stable/11: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netpfil/ipfw/nat64 X-SVN-Commit-Revision: 340541 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E87EB894FA X-Spamd-Result: default: False [-0.12 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.12)[-0.119,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:34:26 -0000 Author: ae Date: Sun Nov 18 00:34:24 2018 New Revision: 340541 URL: https://svnweb.freebsd.org/changeset/base/340541 Log: MFC r339542: Retire IPFIREWALL_NAT64_DIRECT_OUTPUT kernel option. And add ability to switch the output method in run-time. Also document some sysctl variables that can by changed for NAT64 module. NAT64 had compile time option IPFIREWALL_NAT64_DIRECT_OUTPUT to use if_output directly from nat64 module. By default is used netisr based output method. Now both methods can be used, but they require different handling by rules. Obtained from: Yandex LLC Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D16647 Modified: stable/11/sbin/ipfw/ipfw.8 stable/11/sys/conf/options stable/11/sys/modules/ipfw_nat64/Makefile stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/ipfw/ipfw.8 ============================================================================== --- stable/11/sbin/ipfw/ipfw.8 Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sbin/ipfw/ipfw.8 Sun Nov 18 00:34:24 2018 (r340541) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 27, 2018 +.Dd October 21, 2018 .Dt IPFW 8 .Os .Sh NAME @@ -3284,9 +3284,14 @@ Make sure that ND6 neighbor solicitation (ICMPv6 type advertisement (ICMPv6 type 136) messages will not be handled by translation rules. .Pp -After translation NAT64 translator sends packets through corresponding netisr -queue. +After translation NAT64 translator by default sends packets through +corresponding netisr queue. Thus translator host should be configured as IPv4 and IPv6 router. +Also this means, that a packet is handled by firewall twice. +First time an original packet is handled and consumed by translator, +and then it is handled again as translated packet. +This behavior can be changed by sysctl variable +.Va net.inet.ip.fw.nat64_direct_output . .Pp The stateful NAT64 configuration command is the following: .Bd -ragged -offset indent @@ -3909,6 +3914,41 @@ Default is no. Controls whether bridged packets are passed to .Nm . Default is no. +.It Va net.inet.ip.fw.nat64_allow_private : No 0 +Defines how +.Nm nat64 +handles private IPv4 addresses: +.Bl -tag -width indent +.It Cm 0 +Packets with private IPv4 will not be handled by translator +.It Cm 1 +Translator will accept and process packets with private IPv4 addresses. +.El +.It Va net.inet.ip.fw.nat64_debug : No 0 +Controls debugging messages produced by +.Nm ipfw_nat64 +module. +.It Va net.inet.ip.fw.nat64_direct_output : No 0 +Controls the output method used by +.Nm ipfw_nat64 +module: +.Bl -tag -width indent +.It Cm 0 +A packet is handled by +.Nm ipfw +twice. +First time an original packet is handled by +.Nm ipfw +and consumed by +.Nm ipfw_nat64 +translator. +Then translated packet is queued via netisr to input processing again. +.It Cm 1 +A packet is handled by +.Nm ipfw +only once, and after translation it will be pushed directly to outgoing +interface. +.El .El .Sh INTERNAL DIAGNOSTICS There are some commands that may be useful to understand current state Modified: stable/11/sys/conf/options ============================================================================== --- stable/11/sys/conf/options Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sys/conf/options Sun Nov 18 00:34:24 2018 (r340541) @@ -422,7 +422,6 @@ IPFIREWALL opt_ipfw.h IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h IPFIREWALL_NAT opt_ipfw.h IPFIREWALL_NAT64 opt_ipfw.h -IPFIREWALL_NAT64_DIRECT_OUTPUT opt_ipfw.h IPFIREWALL_NPTV6 opt_ipfw.h IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h Modified: stable/11/sys/modules/ipfw_nat64/Makefile ============================================================================== --- stable/11/sys/modules/ipfw_nat64/Makefile Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sys/modules/ipfw_nat64/Makefile Sun Nov 18 00:34:24 2018 (r340541) @@ -6,8 +6,5 @@ KMOD= ipfw_nat64 SRCS= ip_fw_nat64.c nat64_translate.c SRCS+= nat64lsn.c nat64lsn_control.c SRCS+= nat64stl.c nat64stl_control.c -SRCS+= opt_ipfw.h - -#CFLAGS+= -DIPFIREWALL_NAT64_DIRECT_OUTPUT .include Modified: stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Sun Nov 18 00:34:24 2018 (r340541) @@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$"); #include #include "ip_fw_nat64.h" +#include "nat64_translate.h" VNET_DEFINE(int, nat64_debug) = 0; VNET_DEFINE(int, nat64_allow_private) = 0; @@ -56,8 +57,26 @@ SYSCTL_DECL(_net_inet_ip_fw); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, nat64_debug, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nat64_debug), 0, "Debug level for NAT64 module"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, nat64_allow_private, - CTLFLAG_VNET |CTLFLAG_RW, &VNET_NAME(nat64_allow_private), 0, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nat64_allow_private), 0, "Allow use of non-global IPv4 addresses with NAT64"); + +static int +sysctl_direct_output(SYSCTL_HANDLER_ARGS) +{ + uint32_t value; + int error; + + value = nat64_get_output_method(); + error = sysctl_handle_32(oidp, &value, 0, req); + /* Read operation or some error */ + if ((error != 0) || (req->newptr == NULL)) + return (error); + nat64_set_output_method(value); + return (0); +} +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, nat64_direct_output, + CTLFLAG_VNET | CTLTYPE_U32 | CTLFLAG_RW, 0, 0, sysctl_direct_output, "IU", + "Use if_output directly instead of deffered netisr-based processing"); static int vnet_ipfw_nat64_init(const void *arg __unused) Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Sun Nov 18 00:34:24 2018 (r340541) @@ -25,8 +25,6 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "opt_ipfw.h" - #include __FBSDID("$FreeBSD$"); @@ -71,6 +69,53 @@ __FBSDID("$FreeBSD$"); #include "ip_fw_nat64.h" #include "nat64_translate.h" + +typedef int (*nat64_output_t)(struct ifnet *, struct mbuf *, + struct sockaddr *, struct nat64_counters *, void *); +typedef int (*nat64_output_one_t)(struct mbuf *, struct nat64_counters *, + void *); + +static int nat64_find_route4(struct nhop4_basic *, struct sockaddr_in *, + struct mbuf *); +static int nat64_find_route6(struct nhop6_basic *, struct sockaddr_in6 *, + struct mbuf *); +static int nat64_output_one(struct mbuf *, struct nat64_counters *, void *); +static int nat64_output(struct ifnet *, struct mbuf *, struct sockaddr *, + struct nat64_counters *, void *); +static int nat64_direct_output_one(struct mbuf *, struct nat64_counters *, + void *); +static int nat64_direct_output(struct ifnet *, struct mbuf *, + struct sockaddr *, struct nat64_counters *, void *); + +struct nat64_methods { + nat64_output_t output; + nat64_output_one_t output_one; +}; +static const struct nat64_methods nat64_netisr = { + .output = nat64_output, + .output_one = nat64_output_one +}; +static const struct nat64_methods nat64_direct = { + .output = nat64_direct_output, + .output_one = nat64_direct_output_one +}; +VNET_DEFINE_STATIC(const struct nat64_methods *, nat64out) = &nat64_netisr; +#define V_nat64out VNET(nat64out) + +void +nat64_set_output_method(int direct) +{ + + V_nat64out = direct != 0 ? &nat64_direct: &nat64_netisr; +} + +int +nat64_get_output_method(void) +{ + + return (V_nat64out == &nat64_direct ? 1: 0); +} + static void nat64_log(struct pfloghdr *logdata, struct mbuf *m, sa_family_t family) { @@ -80,14 +125,8 @@ nat64_log(struct pfloghdr *logdata, struct mbuf *m, sa ipfw_bpf_mtap2(logdata, PFLOG_HDRLEN, m); } -#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT -static NAT64NOINLINE int nat64_find_route4(struct nhop4_basic *, - struct sockaddr_in *, struct mbuf *); -static NAT64NOINLINE int nat64_find_route6(struct nhop6_basic *, - struct sockaddr_in6 *, struct mbuf *); - -static NAT64NOINLINE int -nat64_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, +static int +nat64_direct_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct nat64_counters *stats, void *logdata) { int error; @@ -100,8 +139,9 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct return (error); } -static NAT64NOINLINE int -nat64_output_one(struct mbuf *m, struct nat64_counters *stats, void *logdata) +static int +nat64_direct_output_one(struct mbuf *m, struct nat64_counters *stats, + void *logdata) { struct nhop6_basic nh6; struct nhop4_basic nh4; @@ -153,8 +193,8 @@ nat64_output_one(struct mbuf *m, struct nat64_counters NAT64STAT_INC(stats, oerrors); return (error); } -#else /* !IPFIREWALL_NAT64_DIRECT_OUTPUT */ -static NAT64NOINLINE int + +static int nat64_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct nat64_counters *stats, void *logdata) { @@ -185,13 +225,12 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct return (ret); } -static NAT64NOINLINE int +static int nat64_output_one(struct mbuf *m, struct nat64_counters *stats, void *logdata) { return (nat64_output(NULL, m, NULL, stats, logdata)); } -#endif /* !IPFIREWALL_NAT64_DIRECT_OUTPUT */ /* * Check the given IPv6 prefix and length according to RFC6052: @@ -424,12 +463,10 @@ nat64_init_ip4hdr(const struct ip6_hdr *ip6, const str ip->ip_hl = sizeof(*ip) >> 2; ip->ip_tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; ip->ip_len = htons(sizeof(*ip) + plen); -#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT - ip->ip_ttl = ip6->ip6_hlim - IPV6_HLIMDEC; -#else - /* Forwarding code will decrement TTL. */ ip->ip_ttl = ip6->ip6_hlim; -#endif + /* Forwarding code will decrement TTL for netisr based output. */ + if (V_nat64out == &nat64_direct) + ip->ip_ttl -= IPV6_HLIMDEC; ip->ip_sum = 0; ip->ip_p = (proto == IPPROTO_ICMPV6) ? IPPROTO_ICMP: proto; ip_fillid(ip); @@ -647,7 +684,7 @@ nat64_icmp6_reflect(struct mbuf *m, uint8_t type, uint icmp6->icmp6_cksum = in6_cksum(n, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), plen); m_freem(m); - nat64_output_one(n, stats, logdata); + V_nat64out->output_one(n, stats, logdata); return; freeit: NAT64STAT_INC(stats, dropped); @@ -750,7 +787,7 @@ nat64_icmp_reflect(struct mbuf *m, uint8_t type, icmp->icmp_cksum = in_cksum_skip(n, sizeof(struct ip) + plen, sizeof(struct ip)); m_freem(m); - nat64_output_one(n, stats, logdata); + V_nat64out->output_one(n, stats, logdata); return; freeit: NAT64STAT_INC(stats, dropped); @@ -1167,12 +1204,10 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *s ip6.ip6_flow = htonl(ip->ip_tos << 20); ip6.ip6_vfc |= IPV6_VERSION; -#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT - ip6.ip6_hlim = ip->ip_ttl - IPTTLDEC; -#else - /* Forwarding code will decrement HLIM. */ ip6.ip6_hlim = ip->ip_ttl; -#endif + /* Forwarding code will decrement TTL for netisr based output. */ + if (V_nat64out == &nat64_direct) + ip6.ip6_hlim -= IPTTLDEC; ip6.ip6_plen = htons(plen); ip6.ip6_nxt = (proto == IPPROTO_ICMP) ? IPPROTO_ICMPV6: proto; /* Convert checksums. */ @@ -1205,7 +1240,7 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *s mbufq_init(&mq, 255); nat64_fragment6(&cfg->stats, &ip6, &mq, m, nh.nh_mtu, ip_id, ip_off); while ((m = mbufq_dequeue(&mq)) != NULL) { - if (nat64_output(nh.nh_ifp, m, (struct sockaddr *)&dst, + if (V_nat64out->output(nh.nh_ifp, m, (struct sockaddr *)&dst, &cfg->stats, logdata) != 0) break; NAT64STAT_INC(&cfg->stats, opcnt46); @@ -1415,9 +1450,8 @@ nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t ip.ip_dst.s_addr = aaddr; ip.ip_src.s_addr = nat64_extract_ip4(cfg, &ip6i->ip6_src); /* XXX: Make fake ulp header */ -#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT - ip6i->ip6_hlim += IPV6_HLIMDEC; /* init_ip4hdr will decrement it */ -#endif + if (V_nat64out == &nat64_direct) /* init_ip4hdr will decrement it */ + ip6i->ip6_hlim += IPV6_HLIMDEC; nat64_init_ip4hdr(ip6i, ip6f, plen, proto, &ip); m_adj(m, hlen - sizeof(struct ip)); bcopy(&ip, mtod(m, void *), sizeof(ip)); @@ -1587,7 +1621,7 @@ nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, ui m_adj(m, hlen - sizeof(ip)); bcopy(&ip, mtod(m, void *), sizeof(ip)); - if (nat64_output(nh.nh_ifp, m, (struct sockaddr *)&dst, + if (V_nat64out->output(nh.nh_ifp, m, (struct sockaddr *)&dst, &cfg->stats, logdata) == 0) NAT64STAT_INC(&cfg->stats, opcnt64); return (NAT64RETURN); Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Sun Nov 18 00:31:09 2018 (r340540) +++ stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Sun Nov 18 00:34:24 2018 (r340541) @@ -1,6 +1,6 @@ /*- - * Copyright (c) 2015-2016 Yandex LLC - * Copyright (c) 2015-2016 Andrey V. Elsukov + * Copyright (c) 2015-2018 Yandex LLC + * Copyright (c) 2015-2018 Andrey V. Elsukov * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -141,6 +141,9 @@ void nat64_embed_ip4(const struct nat64_config *cfg, i struct in6_addr *ip6); in_addr_t nat64_extract_ip4(const struct nat64_config *cfg, const struct in6_addr *ip6); + +void nat64_set_output_method(int); +int nat64_get_output_method(void); #endif From owner-svn-src-stable-11@freebsd.org Sun Nov 18 00:35:37 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61A65110D568; Sun, 18 Nov 2018 00:35:37 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0A0C189685; Sun, 18 Nov 2018 00:35:37 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E0DF53D10; Sun, 18 Nov 2018 00:35:36 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI0Zar9093898; Sun, 18 Nov 2018 00:35:36 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI0ZabJ093897; Sun, 18 Nov 2018 00:35:36 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180035.wAI0ZabJ093897@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 00:35:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340542 - stable/11/sys/netpfil/ipfw/nat64 X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: stable/11/sys/netpfil/ipfw/nat64 X-SVN-Commit-Revision: 340542 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0A0C189685 X-Spamd-Result: default: False [-0.11 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.107,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 00:35:37 -0000 Author: ae Date: Sun Nov 18 00:35:36 2018 New Revision: 340542 URL: https://svnweb.freebsd.org/changeset/base/340542 Log: MFC r339544: Call inet_ntop() only when its result is needed. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/nat64/nat64lsn.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/nat64/nat64lsn.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64lsn.c Sun Nov 18 00:34:24 2018 (r340541) +++ stable/11/sys/netpfil/ipfw/nat64/nat64lsn.c Sun Nov 18 00:35:36 2018 (r340542) @@ -643,7 +643,6 @@ static NAT64NOINLINE int nat64lsn_periodic_chkhost(struct nat64lsn_host *nh, struct nat64lsn_periodic_data *d) { - char a[INET6_ADDRSTRLEN]; struct nat64lsn_portgroup *pg; struct nat64lsn_job_item *ji; uint64_t delmask[NAT64LSN_PGPTRNMASK]; @@ -652,9 +651,13 @@ nat64lsn_periodic_chkhost(struct nat64lsn_host *nh, delcount = 0; memset(delmask, 0, sizeof(delmask)); - inet_ntop(AF_INET6, &nh->addr, a, sizeof(a)); - DPRINTF(DP_JQUEUE, "Checking %s host %s on cpu %d", - stale_nh(d->cfg, nh) ? "stale" : "non-stale", a, curcpu); + if (V_nat64_debug & DP_JQUEUE) { + char a[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, &nh->addr, a, sizeof(a)); + DPRINTF(DP_JQUEUE, "Checking %s host %s on cpu %d", + stale_nh(d->cfg, nh) ? "stale" : "non-stale", a, curcpu); + } if (!stale_nh(d->cfg, nh)) { /* Non-stale host. Inspect internals */ NAT64_LOCK(nh); @@ -1527,9 +1530,9 @@ nat64lsn_translate6(struct nat64lsn_cfg *cfg, struct i if (k++ > 1000) { DPRINTF(DP_ALL, "XXX: too long %d/%d %d/%d\n", sidx.idx, sidx.off, st->next.idx, st->next.off); - inet_ntop(AF_INET6, &nh->addr, a, sizeof(a)); DPRINTF(DP_GENERIC, "TR host %s %p on cpu %d", - a, nh, curcpu); + inet_ntop(AF_INET6, &nh->addr, a, sizeof(a)), + nh, curcpu); k = 0; } sidx = st->next; @@ -1542,10 +1545,10 @@ nat64lsn_translate6(struct nat64lsn_cfg *cfg, struct i /* No free states. Request more if we can */ if (nh->pg_used >= cfg->max_chunks) { /* Limit reached */ - inet_ntop(AF_INET6, &nh->addr, a, sizeof(a)); DPRINTF(DP_DROPS, "PG limit reached " " for host %s (used %u, allocated %u, " - "limit %u)", a, + "limit %u)", inet_ntop(AF_INET6, + &nh->addr, a, sizeof(a)), nh->pg_used * NAT64_CHUNK_SIZE, nh->pg_allocated * NAT64_CHUNK_SIZE, cfg->max_chunks * NAT64_CHUNK_SIZE); From owner-svn-src-stable-11@freebsd.org Sun Nov 18 01:04:55 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77442110E57A; Sun, 18 Nov 2018 01:04:55 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1A01F8A5FF; Sun, 18 Nov 2018 01:04:55 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF3654257; Sun, 18 Nov 2018 01:04:54 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI14sOo009079; Sun, 18 Nov 2018 01:04:54 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI14rWw009071; Sun, 18 Nov 2018 01:04:53 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201811180104.wAI14rWw009071@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Sun, 18 Nov 2018 01:04:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340544 - in stable/11: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netpfil/ipfw/nat64 X-SVN-Group: stable-11 X-SVN-Commit-Author: ae X-SVN-Commit-Paths: in stable/11: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netpfil/ipfw/nat64 X-SVN-Commit-Revision: 340544 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 1A01F8A5FF X-Spamd-Result: default: False [-0.12 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.12)[-0.119,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 01:04:55 -0000 Author: ae Date: Sun Nov 18 01:04:53 2018 New Revision: 340544 URL: https://svnweb.freebsd.org/changeset/base/340544 Log: Revert r340541. It requires VNET_DEFINE_STATIC() macro that is not yet merged into stable/11. Modified: stable/11/sbin/ipfw/ipfw.8 stable/11/sys/conf/options stable/11/sys/modules/ipfw_nat64/Makefile stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/ipfw/ipfw.8 ============================================================================== --- stable/11/sbin/ipfw/ipfw.8 Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sbin/ipfw/ipfw.8 Sun Nov 18 01:04:53 2018 (r340544) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 21, 2018 +.Dd September 27, 2018 .Dt IPFW 8 .Os .Sh NAME @@ -3284,14 +3284,9 @@ Make sure that ND6 neighbor solicitation (ICMPv6 type advertisement (ICMPv6 type 136) messages will not be handled by translation rules. .Pp -After translation NAT64 translator by default sends packets through -corresponding netisr queue. +After translation NAT64 translator sends packets through corresponding netisr +queue. Thus translator host should be configured as IPv4 and IPv6 router. -Also this means, that a packet is handled by firewall twice. -First time an original packet is handled and consumed by translator, -and then it is handled again as translated packet. -This behavior can be changed by sysctl variable -.Va net.inet.ip.fw.nat64_direct_output . .Pp The stateful NAT64 configuration command is the following: .Bd -ragged -offset indent @@ -3914,41 +3909,6 @@ Default is no. Controls whether bridged packets are passed to .Nm . Default is no. -.It Va net.inet.ip.fw.nat64_allow_private : No 0 -Defines how -.Nm nat64 -handles private IPv4 addresses: -.Bl -tag -width indent -.It Cm 0 -Packets with private IPv4 will not be handled by translator -.It Cm 1 -Translator will accept and process packets with private IPv4 addresses. -.El -.It Va net.inet.ip.fw.nat64_debug : No 0 -Controls debugging messages produced by -.Nm ipfw_nat64 -module. -.It Va net.inet.ip.fw.nat64_direct_output : No 0 -Controls the output method used by -.Nm ipfw_nat64 -module: -.Bl -tag -width indent -.It Cm 0 -A packet is handled by -.Nm ipfw -twice. -First time an original packet is handled by -.Nm ipfw -and consumed by -.Nm ipfw_nat64 -translator. -Then translated packet is queued via netisr to input processing again. -.It Cm 1 -A packet is handled by -.Nm ipfw -only once, and after translation it will be pushed directly to outgoing -interface. -.El .El .Sh INTERNAL DIAGNOSTICS There are some commands that may be useful to understand current state Modified: stable/11/sys/conf/options ============================================================================== --- stable/11/sys/conf/options Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sys/conf/options Sun Nov 18 01:04:53 2018 (r340544) @@ -422,6 +422,7 @@ IPFIREWALL opt_ipfw.h IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h IPFIREWALL_NAT opt_ipfw.h IPFIREWALL_NAT64 opt_ipfw.h +IPFIREWALL_NAT64_DIRECT_OUTPUT opt_ipfw.h IPFIREWALL_NPTV6 opt_ipfw.h IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h Modified: stable/11/sys/modules/ipfw_nat64/Makefile ============================================================================== --- stable/11/sys/modules/ipfw_nat64/Makefile Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sys/modules/ipfw_nat64/Makefile Sun Nov 18 01:04:53 2018 (r340544) @@ -6,5 +6,8 @@ KMOD= ipfw_nat64 SRCS= ip_fw_nat64.c nat64_translate.c SRCS+= nat64lsn.c nat64lsn_control.c SRCS+= nat64stl.c nat64stl_control.c +SRCS+= opt_ipfw.h + +#CFLAGS+= -DIPFIREWALL_NAT64_DIRECT_OUTPUT .include Modified: stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Sun Nov 18 01:04:53 2018 (r340544) @@ -48,7 +48,6 @@ __FBSDID("$FreeBSD$"); #include #include "ip_fw_nat64.h" -#include "nat64_translate.h" VNET_DEFINE(int, nat64_debug) = 0; VNET_DEFINE(int, nat64_allow_private) = 0; @@ -57,26 +56,8 @@ SYSCTL_DECL(_net_inet_ip_fw); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, nat64_debug, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nat64_debug), 0, "Debug level for NAT64 module"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, nat64_allow_private, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nat64_allow_private), 0, + CTLFLAG_VNET |CTLFLAG_RW, &VNET_NAME(nat64_allow_private), 0, "Allow use of non-global IPv4 addresses with NAT64"); - -static int -sysctl_direct_output(SYSCTL_HANDLER_ARGS) -{ - uint32_t value; - int error; - - value = nat64_get_output_method(); - error = sysctl_handle_32(oidp, &value, 0, req); - /* Read operation or some error */ - if ((error != 0) || (req->newptr == NULL)) - return (error); - nat64_set_output_method(value); - return (0); -} -SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, nat64_direct_output, - CTLFLAG_VNET | CTLTYPE_U32 | CTLFLAG_RW, 0, 0, sysctl_direct_output, "IU", - "Use if_output directly instead of deffered netisr-based processing"); static int vnet_ipfw_nat64_init(const void *arg __unused) Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Sun Nov 18 01:04:53 2018 (r340544) @@ -25,6 +25,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "opt_ipfw.h" + #include __FBSDID("$FreeBSD$"); @@ -69,53 +71,6 @@ __FBSDID("$FreeBSD$"); #include "ip_fw_nat64.h" #include "nat64_translate.h" - -typedef int (*nat64_output_t)(struct ifnet *, struct mbuf *, - struct sockaddr *, struct nat64_counters *, void *); -typedef int (*nat64_output_one_t)(struct mbuf *, struct nat64_counters *, - void *); - -static int nat64_find_route4(struct nhop4_basic *, struct sockaddr_in *, - struct mbuf *); -static int nat64_find_route6(struct nhop6_basic *, struct sockaddr_in6 *, - struct mbuf *); -static int nat64_output_one(struct mbuf *, struct nat64_counters *, void *); -static int nat64_output(struct ifnet *, struct mbuf *, struct sockaddr *, - struct nat64_counters *, void *); -static int nat64_direct_output_one(struct mbuf *, struct nat64_counters *, - void *); -static int nat64_direct_output(struct ifnet *, struct mbuf *, - struct sockaddr *, struct nat64_counters *, void *); - -struct nat64_methods { - nat64_output_t output; - nat64_output_one_t output_one; -}; -static const struct nat64_methods nat64_netisr = { - .output = nat64_output, - .output_one = nat64_output_one -}; -static const struct nat64_methods nat64_direct = { - .output = nat64_direct_output, - .output_one = nat64_direct_output_one -}; -VNET_DEFINE_STATIC(const struct nat64_methods *, nat64out) = &nat64_netisr; -#define V_nat64out VNET(nat64out) - -void -nat64_set_output_method(int direct) -{ - - V_nat64out = direct != 0 ? &nat64_direct: &nat64_netisr; -} - -int -nat64_get_output_method(void) -{ - - return (V_nat64out == &nat64_direct ? 1: 0); -} - static void nat64_log(struct pfloghdr *logdata, struct mbuf *m, sa_family_t family) { @@ -125,8 +80,14 @@ nat64_log(struct pfloghdr *logdata, struct mbuf *m, sa ipfw_bpf_mtap2(logdata, PFLOG_HDRLEN, m); } -static int -nat64_direct_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, +#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT +static NAT64NOINLINE int nat64_find_route4(struct nhop4_basic *, + struct sockaddr_in *, struct mbuf *); +static NAT64NOINLINE int nat64_find_route6(struct nhop6_basic *, + struct sockaddr_in6 *, struct mbuf *); + +static NAT64NOINLINE int +nat64_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct nat64_counters *stats, void *logdata) { int error; @@ -139,9 +100,8 @@ nat64_direct_output(struct ifnet *ifp, struct mbuf *m, return (error); } -static int -nat64_direct_output_one(struct mbuf *m, struct nat64_counters *stats, - void *logdata) +static NAT64NOINLINE int +nat64_output_one(struct mbuf *m, struct nat64_counters *stats, void *logdata) { struct nhop6_basic nh6; struct nhop4_basic nh4; @@ -193,8 +153,8 @@ nat64_direct_output_one(struct mbuf *m, struct nat64_c NAT64STAT_INC(stats, oerrors); return (error); } - -static int +#else /* !IPFIREWALL_NAT64_DIRECT_OUTPUT */ +static NAT64NOINLINE int nat64_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct nat64_counters *stats, void *logdata) { @@ -225,12 +185,13 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct return (ret); } -static int +static NAT64NOINLINE int nat64_output_one(struct mbuf *m, struct nat64_counters *stats, void *logdata) { return (nat64_output(NULL, m, NULL, stats, logdata)); } +#endif /* !IPFIREWALL_NAT64_DIRECT_OUTPUT */ /* * Check the given IPv6 prefix and length according to RFC6052: @@ -463,10 +424,12 @@ nat64_init_ip4hdr(const struct ip6_hdr *ip6, const str ip->ip_hl = sizeof(*ip) >> 2; ip->ip_tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; ip->ip_len = htons(sizeof(*ip) + plen); +#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT + ip->ip_ttl = ip6->ip6_hlim - IPV6_HLIMDEC; +#else + /* Forwarding code will decrement TTL. */ ip->ip_ttl = ip6->ip6_hlim; - /* Forwarding code will decrement TTL for netisr based output. */ - if (V_nat64out == &nat64_direct) - ip->ip_ttl -= IPV6_HLIMDEC; +#endif ip->ip_sum = 0; ip->ip_p = (proto == IPPROTO_ICMPV6) ? IPPROTO_ICMP: proto; ip_fillid(ip); @@ -684,7 +647,7 @@ nat64_icmp6_reflect(struct mbuf *m, uint8_t type, uint icmp6->icmp6_cksum = in6_cksum(n, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), plen); m_freem(m); - V_nat64out->output_one(n, stats, logdata); + nat64_output_one(n, stats, logdata); return; freeit: NAT64STAT_INC(stats, dropped); @@ -787,7 +750,7 @@ nat64_icmp_reflect(struct mbuf *m, uint8_t type, icmp->icmp_cksum = in_cksum_skip(n, sizeof(struct ip) + plen, sizeof(struct ip)); m_freem(m); - V_nat64out->output_one(n, stats, logdata); + nat64_output_one(n, stats, logdata); return; freeit: NAT64STAT_INC(stats, dropped); @@ -1204,10 +1167,12 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *s ip6.ip6_flow = htonl(ip->ip_tos << 20); ip6.ip6_vfc |= IPV6_VERSION; +#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT + ip6.ip6_hlim = ip->ip_ttl - IPTTLDEC; +#else + /* Forwarding code will decrement HLIM. */ ip6.ip6_hlim = ip->ip_ttl; - /* Forwarding code will decrement TTL for netisr based output. */ - if (V_nat64out == &nat64_direct) - ip6.ip6_hlim -= IPTTLDEC; +#endif ip6.ip6_plen = htons(plen); ip6.ip6_nxt = (proto == IPPROTO_ICMP) ? IPPROTO_ICMPV6: proto; /* Convert checksums. */ @@ -1240,7 +1205,7 @@ nat64_do_handle_ip4(struct mbuf *m, struct in6_addr *s mbufq_init(&mq, 255); nat64_fragment6(&cfg->stats, &ip6, &mq, m, nh.nh_mtu, ip_id, ip_off); while ((m = mbufq_dequeue(&mq)) != NULL) { - if (V_nat64out->output(nh.nh_ifp, m, (struct sockaddr *)&dst, + if (nat64_output(nh.nh_ifp, m, (struct sockaddr *)&dst, &cfg->stats, logdata) != 0) break; NAT64STAT_INC(&cfg->stats, opcnt46); @@ -1450,8 +1415,9 @@ nat64_handle_icmp6(struct mbuf *m, int hlen, uint32_t ip.ip_dst.s_addr = aaddr; ip.ip_src.s_addr = nat64_extract_ip4(cfg, &ip6i->ip6_src); /* XXX: Make fake ulp header */ - if (V_nat64out == &nat64_direct) /* init_ip4hdr will decrement it */ - ip6i->ip6_hlim += IPV6_HLIMDEC; +#ifdef IPFIREWALL_NAT64_DIRECT_OUTPUT + ip6i->ip6_hlim += IPV6_HLIMDEC; /* init_ip4hdr will decrement it */ +#endif nat64_init_ip4hdr(ip6i, ip6f, plen, proto, &ip); m_adj(m, hlen - sizeof(struct ip)); bcopy(&ip, mtod(m, void *), sizeof(ip)); @@ -1621,7 +1587,7 @@ nat64_do_handle_ip6(struct mbuf *m, uint32_t aaddr, ui m_adj(m, hlen - sizeof(ip)); bcopy(&ip, mtod(m, void *), sizeof(ip)); - if (V_nat64out->output(nh.nh_ifp, m, (struct sockaddr *)&dst, + if (nat64_output(nh.nh_ifp, m, (struct sockaddr *)&dst, &cfg->stats, logdata) == 0) NAT64STAT_INC(&cfg->stats, opcnt64); return (NAT64RETURN); Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h ============================================================================== --- stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Sun Nov 18 00:52:27 2018 (r340543) +++ stable/11/sys/netpfil/ipfw/nat64/nat64_translate.h Sun Nov 18 01:04:53 2018 (r340544) @@ -1,6 +1,6 @@ /*- - * Copyright (c) 2015-2018 Yandex LLC - * Copyright (c) 2015-2018 Andrey V. Elsukov + * Copyright (c) 2015-2016 Yandex LLC + * Copyright (c) 2015-2016 Andrey V. Elsukov * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -141,9 +141,6 @@ void nat64_embed_ip4(const struct nat64_config *cfg, i struct in6_addr *ip6); in_addr_t nat64_extract_ip4(const struct nat64_config *cfg, const struct in6_addr *ip6); - -void nat64_set_output_method(int); -int nat64_get_output_method(void); #endif From owner-svn-src-stable-11@freebsd.org Sun Nov 18 01:07:37 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91925110E678; Sun, 18 Nov 2018 01:07:37 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3113D8A772; Sun, 18 Nov 2018 01:07:37 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0DAC2425C; Sun, 18 Nov 2018 01:07:37 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI17a6X009249; Sun, 18 Nov 2018 01:07:36 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI17a0C009245; Sun, 18 Nov 2018 01:07:36 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201811180107.wAI17a0C009245@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Sun, 18 Nov 2018 01:07:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340545 - in stable/11/sys/amd64: include vmm/amd vmm/intel X-SVN-Group: stable-11 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in stable/11/sys/amd64: include vmm/amd vmm/intel X-SVN-Commit-Revision: 340545 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 3113D8A772 X-Spamd-Result: default: False [-0.11 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.11)[-0.113,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 01:07:37 -0000 Author: jhb Date: Sun Nov 18 01:07:36 2018 New Revision: 340545 URL: https://svnweb.freebsd.org/changeset/base/340545 Log: MFC 339312,339364: Restore more descriptors during VM exits. 339312: Fully restore the GDTR, IDTR, and LDTR after VT-x VM exits. The VT-x VMCS only stores the base address of the GDTR and IDTR. As a result, VM exits use a fixed limit of 0xffff for the host GDTR and IDTR losing the smaller limits set in when the initial GDT is loaded on each CPU during boot. Explicitly save and restore the full GDTR and IDTR contents around VM entries and exits to restore the correct limit. Similarly, explicitly save and restore the LDT selector. VM exits always clear the host LDTR as if the LDT was loaded with a NULL selector and a userspace hypervisor is probably using a NULL selector anyway, but save and restore the LDT explicitly just to be safe. 339364: Reload the LDT selector after an AMD-v #VMEXIT. cpu_switch() always reloads the LDT, so this can only affect the hypervisor process itself. Fix this by explicitly reloading the host LDT selector after each #VMEXIT. The stock bhyve process on FreeBSD never uses a custom LDT, so this change is cosmetic. PR: 230773 Modified: stable/11/sys/amd64/include/cpufunc.h stable/11/sys/amd64/vmm/amd/svm.c stable/11/sys/amd64/vmm/intel/vmx.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/amd64/include/cpufunc.h ============================================================================== --- stable/11/sys/amd64/include/cpufunc.h Sun Nov 18 01:04:53 2018 (r340544) +++ stable/11/sys/amd64/include/cpufunc.h Sun Nov 18 01:07:36 2018 (r340545) @@ -726,6 +726,15 @@ lldt(u_short sel) __asm __volatile("lldt %0" : : "r" (sel)); } +static __inline u_short +sldt(void) +{ + u_short sel; + + __asm __volatile("sldt %0" : "=r" (sel)); + return (sel); +} + static __inline void ltr(u_short sel) { Modified: stable/11/sys/amd64/vmm/amd/svm.c ============================================================================== --- stable/11/sys/amd64/vmm/amd/svm.c Sun Nov 18 01:04:53 2018 (r340544) +++ stable/11/sys/amd64/vmm/amd/svm.c Sun Nov 18 01:07:36 2018 (r340545) @@ -1940,6 +1940,7 @@ svm_vmrun(void *arg, int vcpu, register_t rip, pmap_t struct vm *vm; uint64_t vmcb_pa; int handled; + uint16_t ldt_sel; svm_sc = arg; vm = svm_sc->vm; @@ -2018,6 +2019,15 @@ svm_vmrun(void *arg, int vcpu, register_t rip, pmap_t break; } + /* + * #VMEXIT resumes the host with the guest LDTR, so + * save the current LDT selector so it can be restored + * after an exit. The userspace hypervisor probably + * doesn't use a LDT, but save and restore it to be + * safe. + */ + ldt_sel = sldt(); + svm_inj_interrupts(svm_sc, vcpu, vlapic); /* Activate the nested pmap on 'curcpu' */ @@ -2047,6 +2057,9 @@ svm_vmrun(void *arg, int vcpu, register_t rip, pmap_t * to be restored explicitly. */ restore_host_tss(); + + /* Restore host LDTR. */ + lldt(ldt_sel); /* #VMEXIT disables interrupts so re-enable them here. */ enable_gintr(); Modified: stable/11/sys/amd64/vmm/intel/vmx.c ============================================================================== --- stable/11/sys/amd64/vmm/intel/vmx.c Sun Nov 18 01:04:53 2018 (r340544) +++ stable/11/sys/amd64/vmm/intel/vmx.c Sun Nov 18 01:07:36 2018 (r340545) @@ -2701,6 +2701,8 @@ vmx_run(void *arg, int vcpu, register_t rip, pmap_t pm struct vm_exit *vmexit; struct vlapic *vlapic; uint32_t exit_reason; + struct region_descriptor gdtr, idtr; + uint16_t ldt_sel; vmx = arg; vm = vmx->vm; @@ -2786,10 +2788,30 @@ vmx_run(void *arg, int vcpu, register_t rip, pmap_t pm break; } + /* + * VM exits restore the base address but not the + * limits of GDTR and IDTR. The VMCS only stores the + * base address, so VM exits set the limits to 0xffff. + * Save and restore the full GDTR and IDTR to restore + * the limits. + * + * The VMCS does not save the LDTR at all, and VM + * exits clear LDTR as if a NULL selector were loaded. + * The userspace hypervisor probably doesn't use a + * LDT, but save and restore it to be safe. + */ + sgdt(&gdtr); + sidt(&idtr); + ldt_sel = sldt(); + vmx_run_trace(vmx, vcpu); vmx_dr_enter_guest(vmxctx); rc = vmx_enter_guest(vmxctx, vmx, launched); vmx_dr_leave_guest(vmxctx); + + bare_lgdt(&gdtr); + lidt(&idtr); + lldt(ldt_sel); /* Collect some information for VM exit processing */ vmexit->rip = rip = vmcs_guest_rip(); From owner-svn-src-stable-11@freebsd.org Sun Nov 18 10:47:51 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD4A21134D28; Sun, 18 Nov 2018 10:47:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5C9B576B35; Sun, 18 Nov 2018 10:47:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3E7C11244B; Sun, 18 Nov 2018 10:47:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIAlpjG006728; Sun, 18 Nov 2018 10:47:51 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIAlpGn006727; Sun, 18 Nov 2018 10:47:51 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181047.wAIAlpGn006727@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 10:47:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340559 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340559 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5C9B576B35 X-Spamd-Result: default: False [-0.05 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 10:47:52 -0000 Author: kp Date: Sun Nov 18 10:47:50 2018 New Revision: 340559 URL: https://svnweb.freebsd.org/changeset/base/340559 Log: MFC r339470: pf synproxy will do the 3WHS on behalf of the target machine, and once the 3WHS is completed, establish the backend connection. The trigger for "3WHS completed" is the reception of the first ACK. However, we should not proceed if that ACK also has RST or FIN set. PR: 197484 Obtained from: OpenBSD Modified: stable/11/sys/netpfil/pf/pf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf.c ============================================================================== --- stable/11/sys/netpfil/pf/pf.c Sun Nov 18 10:47:36 2018 (r340558) +++ stable/11/sys/netpfil/pf/pf.c Sun Nov 18 10:47:50 2018 (r340559) @@ -4389,7 +4389,7 @@ pf_test_state_tcp(struct pf_state **state, int directi TH_SYN|TH_ACK, 0, (*state)->src.mss, 0, 1, 0, NULL); REASON_SET(reason, PFRES_SYNPROXY); return (PF_SYNPROXY_DROP); - } else if (!(th->th_flags & TH_ACK) || + } else if ((th->th_flags & (TH_ACK|TH_RST|TH_FIN)) != TH_ACK || (ntohl(th->th_ack) != (*state)->src.seqhi + 1) || (ntohl(th->th_seq) != (*state)->src.seqlo + 1)) { REASON_SET(reason, PFRES_SYNPROXY); From owner-svn-src-stable-11@freebsd.org Sun Nov 18 09:47:44 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E4681132752; Sun, 18 Nov 2018 09:47:44 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D639074318; Sun, 18 Nov 2018 09:47:43 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 74B3511A79; Sun, 18 Nov 2018 09:47:40 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI9lelR075873; Sun, 18 Nov 2018 09:47:40 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI9leM5075872; Sun, 18 Nov 2018 09:47:40 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811180947.wAI9leM5075872@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 09:47:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340550 - stable/11/sbin/pfctl X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sbin/pfctl X-SVN-Commit-Revision: 340550 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: D639074318 X-Spamd-Result: default: False [-0.05 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 09:47:44 -0000 Author: kp Date: Sun Nov 18 09:47:39 2018 New Revision: 340550 URL: https://svnweb.freebsd.org/changeset/base/340550 Log: MFC r339464: pfctl: Dup strings When we set the ifname we have to copy the string, rather than just keep the pointer. PR: 231323 Modified: stable/11/sbin/pfctl/parse.y Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/pfctl/parse.y ============================================================================== --- stable/11/sbin/pfctl/parse.y Sun Nov 18 09:47:30 2018 (r340549) +++ stable/11/sbin/pfctl/parse.y Sun Nov 18 09:47:39 2018 (r340550) @@ -4402,7 +4402,7 @@ route_host : STRING { $$ = calloc(1, sizeof(struct node_host)); if ($$ == NULL) err(1, "route_host: calloc"); - $$->ifname = $1; + $$->ifname = strdup($1); set_ipmask($$, 128); $$->next = NULL; $$->tail = $$; @@ -4412,7 +4412,7 @@ route_host : STRING { $$ = $3; for (n = $3; n != NULL; n = n->next) - n->ifname = $2; + n->ifname = strdup($2); } ; From owner-svn-src-stable-11@freebsd.org Sun Nov 18 09:58:37 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B41B1132DCD; Sun, 18 Nov 2018 09:58:37 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B087D74EC0; Sun, 18 Nov 2018 09:58:36 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8F0B611C1D; Sun, 18 Nov 2018 09:58:36 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAI9wa0V081267; Sun, 18 Nov 2018 09:58:36 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAI9waoR081266; Sun, 18 Nov 2018 09:58:36 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201811180958.wAI9waoR081266@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Sun, 18 Nov 2018 09:58:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340556 - stable/11/sys/arm/include X-SVN-Group: stable-11 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: stable/11/sys/arm/include X-SVN-Commit-Revision: 340556 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B087D74EC0 X-Spamd-Result: default: False [-0.05 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 09:58:37 -0000 Author: kib Date: Sun Nov 18 09:58:36 2018 New Revision: 340556 URL: https://svnweb.freebsd.org/changeset/base/340556 Log: MFC r340136: Move the fixed base for PIE loading on arm. Modified: stable/11/sys/arm/include/elf.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/arm/include/elf.h ============================================================================== --- stable/11/sys/arm/include/elf.h Sun Nov 18 09:57:12 2018 (r340555) +++ stable/11/sys/arm/include/elf.h Sun Nov 18 09:58:36 2018 (r340556) @@ -114,7 +114,7 @@ __ElfType(Auxinfo); */ #define MAGIC_TRAMP_NUMBER 0x5c000003 -#define ET_DYN_LOAD_ADDR 0x12000 +#define ET_DYN_LOAD_ADDR 0x500000 /* Flags passed in AT_HWCAP. */ #define HWCAP_SWP 0x00000001 /* Unsupported, never set. */ From owner-svn-src-stable-11@freebsd.org Sun Nov 18 10:57:43 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6597411350BF; Sun, 18 Nov 2018 10:57:43 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08B13771F7; Sun, 18 Nov 2018 10:57:43 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 133CC125E7; Sun, 18 Nov 2018 10:57:40 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIAvdSk012069; Sun, 18 Nov 2018 10:57:39 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIAvd77012068; Sun, 18 Nov 2018 10:57:39 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181057.wAIAvd77012068@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 10:57:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340563 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340563 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 08B13771F7 X-Spamd-Result: default: False [-0.05 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 10:57:43 -0000 Author: kp Date: Sun Nov 18 10:57:39 2018 New Revision: 340563 URL: https://svnweb.freebsd.org/changeset/base/340563 Log: MFC r339676: pf: Fix copy/paste error in IPv6 address rewriting We checked the destination address, but replaced the source address. This was fixed in OpenBSD as part of their NAT rework, which we don't want to import right now. CID: 1009561 Modified: stable/11/sys/netpfil/pf/pf.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf.c ============================================================================== --- stable/11/sys/netpfil/pf/pf.c Sun Nov 18 10:57:31 2018 (r340562) +++ stable/11/sys/netpfil/pf/pf.c Sun Nov 18 10:57:39 2018 (r340563) @@ -3417,7 +3417,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm if (PF_ANEQ(daddr, &nk->addr[pd->didx], AF_INET6)) - PF_ACPY(saddr, &nk->addr[pd->didx], af); + PF_ACPY(daddr, &nk->addr[pd->didx], af); break; #endif /* INET */ } From owner-svn-src-stable-11@freebsd.org Sun Nov 18 10:22:43 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FC291133A1B; Sun, 18 Nov 2018 10:22:43 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2476275BE0; Sun, 18 Nov 2018 10:22:43 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 05766120FC; Sun, 18 Nov 2018 10:22:43 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIAMgJE096313; Sun, 18 Nov 2018 10:22:42 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIAMgT4096312; Sun, 18 Nov 2018 10:22:42 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201811181022.wAIAMgT4096312@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Sun, 18 Nov 2018 10:22:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340557 - stable/11/libexec/rtld-elf/amd64 X-SVN-Group: stable-11 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: stable/11/libexec/rtld-elf/amd64 X-SVN-Commit-Revision: 340557 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2476275BE0 X-Spamd-Result: default: False [-0.05 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 10:22:43 -0000 Author: kib Date: Sun Nov 18 10:22:42 2018 New Revision: 340557 URL: https://svnweb.freebsd.org/changeset/base/340557 Log: MFC r339897: Remove rtld use of libc amd64_set_fsbase(). Modified: stable/11/libexec/rtld-elf/amd64/reloc.c Directory Properties: stable/11/ (props changed) Modified: stable/11/libexec/rtld-elf/amd64/reloc.c ============================================================================== --- stable/11/libexec/rtld-elf/amd64/reloc.c Sun Nov 18 09:58:36 2018 (r340556) +++ stable/11/libexec/rtld-elf/amd64/reloc.c Sun Nov 18 10:22:42 2018 (r340557) @@ -33,8 +33,9 @@ #include #include -#include #include +#include +#include #include #include @@ -490,17 +491,26 @@ pre_init(void) } +int __getosreldate(void); + void allocate_initial_tls(Obj_Entry *objs) { - /* - * Fix the size of the static TLS block by using the maximum - * offset allocated so far and adding a bit for dynamic modules to - * use. - */ - tls_static_space = tls_last_offset + RTLD_STATIC_TLS_EXTRA; - amd64_set_fsbase(allocate_tls(objs, 0, - 3*sizeof(Elf_Addr), sizeof(Elf_Addr))); + void *addr; + + /* + * Fix the size of the static TLS block by using the maximum + * offset allocated so far and adding a bit for dynamic + * modules to use. + */ + tls_static_space = tls_last_offset + RTLD_STATIC_TLS_EXTRA; + + addr = allocate_tls(objs, 0, 3 * sizeof(Elf_Addr), sizeof(Elf_Addr)); + if (__getosreldate() >= P_OSREL_WRFSBASE && + (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) + wrfsbase((uintptr_t)addr); + else + sysarch(AMD64_SET_FSBASE, &addr); } void *__tls_get_addr(tls_index *ti) From owner-svn-src-stable-11@freebsd.org Sun Nov 18 12:04:26 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91F9F1137AAC; Sun, 18 Nov 2018 12:04:26 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 33B6679FED; Sun, 18 Nov 2018 12:04:26 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 08184131A5; Sun, 18 Nov 2018 12:04:26 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIC4PNp048150; Sun, 18 Nov 2018 12:04:25 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIC4P05048149; Sun, 18 Nov 2018 12:04:25 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181204.wAIC4P05048149@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:04:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340569 - stable/11/sys/net X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/net X-SVN-Commit-Revision: 340569 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 33B6679FED X-Spamd-Result: default: False [0.05 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.05)[0.051,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:04:26 -0000 Author: kp Date: Sun Nov 18 12:04:25 2018 New Revision: 340569 URL: https://svnweb.freebsd.org/changeset/base/340569 Log: MFC r340066: Notify that the ifnet will go away, even on vnet shutdown pf subscribes to ifnet_departure_event events, so it can clean up the ifg_pf_kif and if_pf_kif pointers in the ifnet. During vnet shutdown interfaces could go away without sending the event, so pf ends up cleaning these up as part of its shutdown sequence, which happens after the ifnet has already been freed. Send the ifnet_departure_event during vnet shutdown, allowing pf to clean up correctly. Sponsored by: Orange Business Services Modified: stable/11/sys/net/if.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/if.c ============================================================================== --- stable/11/sys/net/if.c Sun Nov 18 12:04:24 2018 (r340568) +++ stable/11/sys/net/if.c Sun Nov 18 12:04:25 2018 (r340569) @@ -1085,6 +1085,9 @@ if_detach_internal(struct ifnet *ifp, int vmove, struc * the work top-down for us. */ if (shutdown) { + /* Give interface users the chance to clean up. */ + EVENTHANDLER_INVOKE(ifnet_departure_event, ifp); + /* * In case of a vmove we are done here without error. * If we would signal an error it would lead to the same From owner-svn-src-stable-11@freebsd.org Sun Nov 18 10:54:39 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E08FA1135003; Sun, 18 Nov 2018 10:54:39 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8271276F1D; Sun, 18 Nov 2018 10:54:39 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5FEF0125DC; Sun, 18 Nov 2018 10:54:39 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIAsdCq011730; Sun, 18 Nov 2018 10:54:39 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIAsdle011729; Sun, 18 Nov 2018 10:54:39 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181054.wAIAsdle011729@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 10:54:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340560 - stable/11/sbin/pfctl X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sbin/pfctl X-SVN-Commit-Revision: 340560 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 8271276F1D X-Spamd-Result: default: False [-0.05 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.052,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 10:54:40 -0000 Author: kp Date: Sun Nov 18 10:54:38 2018 New Revision: 340560 URL: https://svnweb.freebsd.org/changeset/base/340560 Log: MFC r339578: pfctl: Fix line numbers when \ is used inside "" PR: 201520 Obtained from: OpenBSD Modified: stable/11/sbin/pfctl/parse.y Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/pfctl/parse.y ============================================================================== --- stable/11/sbin/pfctl/parse.y Sun Nov 18 10:47:50 2018 (r340559) +++ stable/11/sbin/pfctl/parse.y Sun Nov 18 10:54:38 2018 (r340560) @@ -5758,8 +5758,10 @@ top: return (0); if (next == quotec || c == ' ' || c == '\t') c = next; - else if (next == '\n') + else if (next == '\n') { + file->lineno++; continue; + } else lungetc(next); } else if (c == quotec) { From owner-svn-src-stable-11@freebsd.org Sun Nov 18 12:09:28 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8F6D71137D5E; Sun, 18 Nov 2018 12:09:28 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 326097A4B4; Sun, 18 Nov 2018 12:09:28 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 13F48131AC; Sun, 18 Nov 2018 12:09:28 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIC9RKQ048465; Sun, 18 Nov 2018 12:09:27 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIC9Rmc048464; Sun, 18 Nov 2018 12:09:27 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181209.wAIC9Rmc048464@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:09:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340571 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340571 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 326097A4B4 X-Spamd-Result: default: False [0.05 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.05)[0.051,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:09:28 -0000 Author: kp Date: Sun Nov 18 12:09:27 2018 New Revision: 340571 URL: https://svnweb.freebsd.org/changeset/base/340571 Log: MFC r340067: pfsync: Ensure uninit is done before pf pfsync touches pf memory (for pf_state and the pfsync callback pointers), not the other way around. We need to ensure that pfsync is torn down before pf. Sponsored by: Orange Business Services Modified: stable/11/sys/netpfil/pf/if_pfsync.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:09:26 2018 (r340570) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:09:27 2018 (r340571) @@ -2360,11 +2360,8 @@ vnet_pfsync_uninit(const void *unused __unused) if_clone_detach(V_pfsync_cloner); swi_remove(V_pfsync_swi_cookie); } -/* - * Detach after pf is gone; otherwise we might touch pfsync memory - * from within pf after freeing pfsync. - */ -VNET_SYSUNINIT(vnet_pfsync_uninit, SI_SUB_INIT_IF, SI_ORDER_SECOND, + +VNET_SYSUNINIT(vnet_pfsync_uninit, SI_SUB_PROTO_FIREWALL, SI_ORDER_FOURTH, vnet_pfsync_uninit, NULL); static int From owner-svn-src-stable-11@freebsd.org Sun Nov 18 11:55:59 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE24D1137398; Sun, 18 Nov 2018 11:55:59 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 50F4D79855; Sun, 18 Nov 2018 11:55:59 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 31FB81300A; Sun, 18 Nov 2018 11:55:59 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIBtxLq043001; Sun, 18 Nov 2018 11:55:59 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIBtw3q042997; Sun, 18 Nov 2018 11:55:58 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181155.wAIBtw3q042997@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 11:55:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340566 - in stable/11/sys: net netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: in stable/11/sys: net netpfil/pf X-SVN-Commit-Revision: 340566 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 50F4D79855 X-Spamd-Result: default: False [0.06 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.06)[0.064,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 11:55:59 -0000 Author: kp Date: Sun Nov 18 11:55:58 2018 New Revision: 340566 URL: https://svnweb.freebsd.org/changeset/base/340566 Log: MFC r340065: pfsync: Make pfsync callbacks per-vnet The callbacks are installed and removed depending on the state of the pfsync device, which is per-vnet. The callbacks must also be per-vnet. Sponsored by: Orange Business Services Modified: stable/11/sys/net/pfvar.h stable/11/sys/netpfil/pf/if_pfsync.c stable/11/sys/netpfil/pf/pf.c stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/pfvar.h ============================================================================== --- stable/11/sys/net/pfvar.h Sun Nov 18 11:55:56 2018 (r340565) +++ stable/11/sys/net/pfvar.h Sun Nov 18 11:55:58 2018 (r340566) @@ -821,12 +821,18 @@ typedef void pfsync_delete_state_t(struct pf_state *) typedef void pfsync_clear_states_t(u_int32_t, const char *); typedef int pfsync_defer_t(struct pf_state *, struct mbuf *); -extern pfsync_state_import_t *pfsync_state_import_ptr; -extern pfsync_insert_state_t *pfsync_insert_state_ptr; -extern pfsync_update_state_t *pfsync_update_state_ptr; -extern pfsync_delete_state_t *pfsync_delete_state_ptr; -extern pfsync_clear_states_t *pfsync_clear_states_ptr; -extern pfsync_defer_t *pfsync_defer_ptr; +VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); +#define V_pfsync_state_import_ptr VNET(pfsync_state_import_ptr) +VNET_DECLARE(pfsync_insert_state_t *, pfsync_insert_state_ptr); +#define V_pfsync_insert_state_ptr VNET(pfsync_insert_state_ptr) +VNET_DECLARE(pfsync_update_state_t *, pfsync_update_state_ptr); +#define V_pfsync_update_state_ptr VNET(pfsync_update_state_ptr) +VNET_DECLARE(pfsync_delete_state_t *, pfsync_delete_state_ptr); +#define V_pfsync_delete_state_ptr VNET(pfsync_delete_state_ptr) +VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_states_ptr); +#define V_pfsync_clear_states_ptr VNET(pfsync_clear_states_ptr) +VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); +#define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) void pfsync_state_export(struct pfsync_state *, struct pf_state *); Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 11:55:56 2018 (r340565) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 11:55:58 2018 (r340566) @@ -1360,10 +1360,10 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t dat sc->sc_maxupdates = pfsyncr.pfsyncr_maxupdates; if (pfsyncr.pfsyncr_defer) { sc->sc_flags |= PFSYNCF_DEFER; - pfsync_defer_ptr = pfsync_defer; + V_pfsync_defer_ptr = pfsync_defer; } else { sc->sc_flags &= ~PFSYNCF_DEFER; - pfsync_defer_ptr = NULL; + V_pfsync_defer_ptr = NULL; } if (sifp == NULL) { @@ -2309,12 +2309,12 @@ pfsync_pointers_init() { PF_RULES_WLOCK(); - pfsync_state_import_ptr = pfsync_state_import; - pfsync_insert_state_ptr = pfsync_insert_state; - pfsync_update_state_ptr = pfsync_update_state; - pfsync_delete_state_ptr = pfsync_delete_state; - pfsync_clear_states_ptr = pfsync_clear_states; - pfsync_defer_ptr = pfsync_defer; + V_pfsync_state_import_ptr = pfsync_state_import; + V_pfsync_insert_state_ptr = pfsync_insert_state; + V_pfsync_update_state_ptr = pfsync_update_state; + V_pfsync_delete_state_ptr = pfsync_delete_state; + V_pfsync_clear_states_ptr = pfsync_clear_states; + V_pfsync_defer_ptr = pfsync_defer; PF_RULES_WUNLOCK(); } @@ -2323,12 +2323,12 @@ pfsync_pointers_uninit() { PF_RULES_WLOCK(); - pfsync_state_import_ptr = NULL; - pfsync_insert_state_ptr = NULL; - pfsync_update_state_ptr = NULL; - pfsync_delete_state_ptr = NULL; - pfsync_clear_states_ptr = NULL; - pfsync_defer_ptr = NULL; + V_pfsync_state_import_ptr = NULL; + V_pfsync_insert_state_ptr = NULL; + V_pfsync_update_state_ptr = NULL; + V_pfsync_delete_state_ptr = NULL; + V_pfsync_clear_states_ptr = NULL; + V_pfsync_defer_ptr = NULL; PF_RULES_WUNLOCK(); } @@ -2345,6 +2345,8 @@ vnet_pfsync_init(const void *unused __unused) if_clone_detach(V_pfsync_cloner); log(LOG_INFO, "swi_add() failed in %s\n", __func__); } + + pfsync_pointers_init(); } VNET_SYSINIT(vnet_pfsync_init, SI_SUB_PROTO_FIREWALL, SI_ORDER_ANY, vnet_pfsync_init, NULL); @@ -2353,6 +2355,8 @@ static void vnet_pfsync_uninit(const void *unused __unused) { + pfsync_pointers_uninit(); + if_clone_detach(V_pfsync_cloner); swi_remove(V_pfsync_swi_cookie); } @@ -2378,7 +2382,6 @@ pfsync_init() return (error); } #endif - pfsync_pointers_init(); return (0); } @@ -2386,8 +2389,6 @@ pfsync_init() static void pfsync_uninit() { - - pfsync_pointers_uninit(); #ifdef INET ipproto_unregister(IPPROTO_PFSYNC); Modified: stable/11/sys/netpfil/pf/pf.c ============================================================================== --- stable/11/sys/netpfil/pf/pf.c Sun Nov 18 11:55:56 2018 (r340565) +++ stable/11/sys/netpfil/pf/pf.c Sun Nov 18 11:55:58 2018 (r340566) @@ -1259,8 +1259,8 @@ pf_state_insert(struct pfi_kif *kif, struct pf_state_k refcount_init(&s->refs, 2); counter_u64_add(V_pf_status.fcounters[FCNT_STATE_INSERT], 1); - if (pfsync_insert_state_ptr != NULL) - pfsync_insert_state_ptr(s); + if (V_pfsync_insert_state_ptr != NULL) + V_pfsync_insert_state_ptr(s); /* Returns locked. */ return (0); @@ -1662,8 +1662,8 @@ pf_unlink_state(struct pf_state *s, u_int flags) LIST_REMOVE(s, entry); pf_src_tree_remove_state(s); - if (pfsync_delete_state_ptr != NULL) - pfsync_delete_state_ptr(s); + if (V_pfsync_delete_state_ptr != NULL) + V_pfsync_delete_state_ptr(s); STATE_DEC_COUNTERS(s); @@ -3570,7 +3570,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm if (*sm != NULL && !((*sm)->state_flags & PFSTATE_NOSYNC) && direction == PF_OUT && - pfsync_defer_ptr != NULL && pfsync_defer_ptr(*sm, m)) + V_pfsync_defer_ptr != NULL && V_pfsync_defer_ptr(*sm, m)) /* * We want the state created, but we dont * want to send this in case a partner @@ -6012,8 +6012,8 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct action = pf_test_state_tcp(&s, dir, kif, m, off, h, &pd, &reason); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6041,8 +6041,8 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6064,8 +6064,8 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct action = pf_test_state_icmp(&s, dir, kif, m, off, h, &pd, &reason); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6087,8 +6087,8 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct default: action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6451,8 +6451,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc action = pf_test_state_tcp(&s, dir, kif, m, off, h, &pd, &reason); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6480,8 +6480,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6510,8 +6510,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc action = pf_test_state_icmp(&s, dir, kif, m, off, h, &pd, &reason); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; @@ -6524,8 +6524,8 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struc default: action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { - if (pfsync_update_state_ptr != NULL) - pfsync_update_state_ptr(s); + if (V_pfsync_update_state_ptr != NULL) + V_pfsync_update_state_ptr(s); r = s->rule.ptr; a = s->anchor.ptr; log = s->log; Modified: stable/11/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 11:55:56 2018 (r340565) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 11:55:58 2018 (r340566) @@ -204,12 +204,13 @@ struct rmlock pf_rules_lock; struct sx pf_ioctl_lock; /* pfsync */ -pfsync_state_import_t *pfsync_state_import_ptr = NULL; -pfsync_insert_state_t *pfsync_insert_state_ptr = NULL; -pfsync_update_state_t *pfsync_update_state_ptr = NULL; -pfsync_delete_state_t *pfsync_delete_state_ptr = NULL; -pfsync_clear_states_t *pfsync_clear_states_ptr = NULL; -pfsync_defer_t *pfsync_defer_ptr = NULL; +VNET_DEFINE(pfsync_state_import_t *, pfsync_state_import_ptr); +VNET_DEFINE(pfsync_insert_state_t *, pfsync_insert_state_ptr); +VNET_DEFINE(pfsync_update_state_t *, pfsync_update_state_ptr); +VNET_DEFINE(pfsync_delete_state_t *, pfsync_delete_state_ptr); +VNET_DEFINE(pfsync_clear_states_t *, pfsync_clear_states_ptr); +VNET_DEFINE(pfsync_defer_t *, pfsync_defer_ptr); + /* pflog */ pflog_packet_t *pflog_packet_ptr = NULL; @@ -1639,8 +1640,8 @@ relock_DIOCCLRSTATES: PF_HASHROW_UNLOCK(ih); } psk->psk_killed = killed; - if (pfsync_clear_states_ptr != NULL) - pfsync_clear_states_ptr(V_pf_status.hostid, psk->psk_ifname); + if (V_pfsync_clear_states_ptr != NULL) + V_pfsync_clear_states_ptr(V_pf_status.hostid, psk->psk_ifname); break; } @@ -1727,9 +1728,9 @@ relock_DIOCKILLSTATES: error = EINVAL; break; } - if (pfsync_state_import_ptr != NULL) { + if (V_pfsync_state_import_ptr != NULL) { PF_RULES_RLOCK(); - error = pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL); + error = V_pfsync_state_import_ptr(sp, PFSYNC_SI_IOCTL); PF_RULES_RUNLOCK(); } else error = EOPNOTSUPP; From owner-svn-src-stable-11@freebsd.org Sun Nov 18 12:30:20 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 659D411388AF; Sun, 18 Nov 2018 12:30:20 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E4CB27B4AF; Sun, 18 Nov 2018 12:30:19 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C5A9D1351A; Sun, 18 Nov 2018 12:30:19 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAICUJAO058930; Sun, 18 Nov 2018 12:30:19 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAICUICa058926; Sun, 18 Nov 2018 12:30:18 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181230.wAICUICa058926@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:30:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340574 - in stable/11/sys: net netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: in stable/11/sys: net netpfil/pf X-SVN-Commit-Revision: 340574 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E4CB27B4AF X-Spamd-Result: default: False [0.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.06)[0.058,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:30:20 -0000 Author: kp Date: Sun Nov 18 12:30:18 2018 New Revision: 340574 URL: https://svnweb.freebsd.org/changeset/base/340574 Log: MFC r340068: pfsync: Handle syncdev going away If the syncdev is removed we no longer need to clean up the multicast entry we've got set up for that device. Pass the ifnet detach event through pf to pfsync, and remove our multicast handle, and mark us as no longer having a syncdev. Note that this callback is always installed, even if the pfsync interface is disabled (and thus it's not a per-vnet callback pointer). Sponsored by: Orange Business Services Modified: stable/11/sys/net/pfvar.h stable/11/sys/netpfil/pf/if_pfsync.c stable/11/sys/netpfil/pf/pf_if.c stable/11/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/net/pfvar.h ============================================================================== --- stable/11/sys/net/pfvar.h Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/net/pfvar.h Sun Nov 18 12:30:18 2018 (r340574) @@ -820,6 +820,7 @@ typedef void pfsync_update_state_t(struct pf_state *) typedef void pfsync_delete_state_t(struct pf_state *); typedef void pfsync_clear_states_t(u_int32_t, const char *); typedef int pfsync_defer_t(struct pf_state *, struct mbuf *); +typedef void pfsync_detach_ifnet_t(struct ifnet *); VNET_DECLARE(pfsync_state_import_t *, pfsync_state_import_ptr); #define V_pfsync_state_import_ptr VNET(pfsync_state_import_ptr) @@ -833,6 +834,7 @@ VNET_DECLARE(pfsync_clear_states_t *, pfsync_clear_sta #define V_pfsync_clear_states_ptr VNET(pfsync_clear_states_ptr) VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); #define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) +extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; void pfsync_state_export(struct pfsync_state *, struct pf_state *); Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:30:18 2018 (r340574) @@ -279,6 +279,7 @@ static void pfsync_bulk_status(u_int8_t); static void pfsync_bulk_update(void *); static void pfsync_bulk_fail(void *); +static void pfsync_detach_ifnet(struct ifnet *); #ifdef IPSEC static void pfsync_update_net_tdb(struct pfsync_tdb *); #endif @@ -2290,6 +2291,29 @@ pfsync_multicast_cleanup(struct pfsync_softc *sc) imo->imo_multicast_ifp = NULL; } +void +pfsync_detach_ifnet(struct ifnet *ifp) +{ + struct pfsync_softc *sc = V_pfsyncif; + + if (sc == NULL) + return; + + PFSYNC_LOCK(sc); + + if (sc->sc_sync_if == ifp) { + /* We don't need mutlicast cleanup here, because the interface + * is going away. We do need to ensure we don't try to do + * cleanup later. + */ + sc->sc_imo.imo_membership = NULL; + sc->sc_imo.imo_multicast_ifp = NULL; + sc->sc_sync_if = NULL; + } + + PFSYNC_UNLOCK(sc); +} + #ifdef INET extern struct domain inetdomain; static struct protosw in_pfsync_protosw = { @@ -2370,6 +2394,8 @@ pfsync_init() #ifdef INET int error; + pfsync_detach_ifnet_ptr = pfsync_detach_ifnet; + error = pf_proto_register(PF_INET, &in_pfsync_protosw); if (error) return (error); @@ -2386,6 +2412,7 @@ pfsync_init() static void pfsync_uninit() { + pfsync_detach_ifnet_ptr = NULL; #ifdef INET ipproto_unregister(IPPROTO_PFSYNC); Modified: stable/11/sys/netpfil/pf/pf_if.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_if.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/pf_if.c Sun Nov 18 12:30:18 2018 (r340574) @@ -829,6 +829,9 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne { struct pfi_kif *kif = (struct pfi_kif *)ifp->if_pf_kif; + if (pfsync_detach_ifnet_ptr) + pfsync_detach_ifnet_ptr(ifp); + if (kif == NULL) return; @@ -838,6 +841,7 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifne CURVNET_RESTORE(); return; } + PF_RULES_WLOCK(); V_pfi_update++; pfi_kif_update(kif); Modified: stable/11/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 12:30:16 2018 (r340573) +++ stable/11/sys/netpfil/pf/pf_ioctl.c Sun Nov 18 12:30:18 2018 (r340574) @@ -210,6 +210,7 @@ VNET_DEFINE(pfsync_update_state_t *, pfsync_update_sta VNET_DEFINE(pfsync_delete_state_t *, pfsync_delete_state_ptr); VNET_DEFINE(pfsync_clear_states_t *, pfsync_clear_states_ptr); VNET_DEFINE(pfsync_defer_t *, pfsync_defer_ptr); +pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; /* pflog */ pflog_packet_t *pflog_packet_ptr = NULL; From owner-svn-src-stable-11@freebsd.org Sun Nov 18 13:03:49 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF00211012C5; Sun, 18 Nov 2018 13:03:49 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5FBBA7CEC0; Sun, 18 Nov 2018 13:03:49 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2ECDE13B9F; Sun, 18 Nov 2018 13:03:49 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAID3mr1079413; Sun, 18 Nov 2018 13:03:48 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAID3meX079412; Sun, 18 Nov 2018 13:03:48 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181303.wAID3meX079412@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 13:03:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340578 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340578 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5FBBA7CEC0 X-Spamd-Result: default: False [0.26 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.26)[0.263,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 13:03:49 -0000 Author: kp Date: Sun Nov 18 13:03:48 2018 New Revision: 340578 URL: https://svnweb.freebsd.org/changeset/base/340578 Log: MFC r340072: pfsync: Add missing unlock If we fail to set up the multicast entry for pfsync and return an error we must release the pfsync lock first. Sponsored by: Orange Business Services Modified: stable/11/sys/netpfil/pf/if_pfsync.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:59:10 2018 (r340577) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 13:03:48 2018 (r340578) @@ -1392,6 +1392,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t dat if (error) { if_rele(sifp); free(mship, M_PFSYNC); + PFSYNC_UNLOCK(sc); return (error); } } From owner-svn-src-stable-11@freebsd.org Sun Nov 18 12:59:11 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B9381100F59; Sun, 18 Nov 2018 12:59:11 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B30937C9BF; Sun, 18 Nov 2018 12:59:10 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9403F139FB; Sun, 18 Nov 2018 12:59:10 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAICxADH074420; Sun, 18 Nov 2018 12:59:10 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAICxA4v074419; Sun, 18 Nov 2018 12:59:10 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811181259.wAICxA4v074419@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Sun, 18 Nov 2018 12:59:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340577 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340577 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B30937C9BF X-Spamd-Result: default: False [0.26 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.26)[0.263,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 12:59:11 -0000 Author: kp Date: Sun Nov 18 12:59:10 2018 New Revision: 340577 URL: https://svnweb.freebsd.org/changeset/base/340577 Log: MFC r340070: pfsync: Allow module to be unloaded Sponsored by: Orange Business Services Modified: stable/11/sys/netpfil/pf/if_pfsync.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/if_pfsync.c ============================================================================== --- stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:59:09 2018 (r340576) +++ stable/11/sys/netpfil/pf/if_pfsync.c Sun Nov 18 12:59:10 2018 (r340577) @@ -2429,12 +2429,6 @@ pfsync_modevent(module_t mod, int type, void *data) case MOD_LOAD: error = pfsync_init(); break; - case MOD_QUIESCE: - /* - * Module should not be unloaded due to race conditions. - */ - error = EBUSY; - break; case MOD_UNLOAD: pfsync_uninit(); break; From owner-svn-src-stable-11@freebsd.org Sun Nov 18 14:53:30 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4082110433C; Sun, 18 Nov 2018 14:53:30 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3D8D580E2B; Sun, 18 Nov 2018 14:53:30 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1FD3614D6A; Sun, 18 Nov 2018 14:53:30 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIErUv0035813; Sun, 18 Nov 2018 14:53:30 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIErUYU035812; Sun, 18 Nov 2018 14:53:30 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811181453.wAIErUYU035812@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Sun, 18 Nov 2018 14:53:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340581 - stable/11/share/man/man7 X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/share/man/man7 X-SVN-Commit-Revision: 340581 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 3D8D580E2B X-Spamd-Result: default: False [0.20 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.20)[0.195,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 14:53:30 -0000 Author: emaste Date: Sun Nov 18 14:53:29 2018 New Revision: 340581 URL: https://svnweb.freebsd.org/changeset/base/340581 Log: MFC r340329: build(7): clarify buildenv target can be used for non-cross builds make buildenv can be used for building for the same architecture as the host (perhaps this is a degenerate case of cross-building). TARGET and TARGET_ARCH do not need to be set in this case. Sponsored by: The FreeBSD Foundation Modified: stable/11/share/man/man7/build.7 Directory Properties: stable/11/ (props changed) Modified: stable/11/share/man/man7/build.7 ============================================================================== --- stable/11/share/man/man7/build.7 Sun Nov 18 14:52:16 2018 (r340580) +++ stable/11/share/man/man7/build.7 Sun Nov 18 14:53:29 2018 (r340581) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 16, 2018 +.Dd November 10, 2018 .Dt BUILD 7 .Os .Sh NAME @@ -177,16 +177,16 @@ are: .Bl -tag -width ".Cm distributeworld" .It Cm buildenv Spawn an interactive shell with environment variables set up for -cross-building the system. -The target architecture needs to be specified with +building the system or individual components. +For cross-building the target architecture needs to be specified with .Xr make 1 variables .Va TARGET_ARCH and .Va TARGET . .Pp -This target is only useful after a complete cross-toolchain including -the compiler, linker, assembler, headers and libraries has been +This target is only useful after a complete toolchain (including +the compiler, linker, assembler, headers and libraries) has been built; see the .Cm toolchain target below. From owner-svn-src-stable-11@freebsd.org Sun Nov 18 14:55:05 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17C871104487; Sun, 18 Nov 2018 14:55:05 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AB9F9810B8; Sun, 18 Nov 2018 14:55:04 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8C65214D6E; Sun, 18 Nov 2018 14:55:04 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIEt4LT036022; Sun, 18 Nov 2018 14:55:04 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIEt4We036021; Sun, 18 Nov 2018 14:55:04 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811181455.wAIEt4We036021@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Sun, 18 Nov 2018 14:55:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340583 - stable/11/contrib/nvi/vi X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/contrib/nvi/vi X-SVN-Commit-Revision: 340583 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: AB9F9810B8 X-Spamd-Result: default: False [0.20 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.20)[0.195,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 14:55:05 -0000 Author: emaste Date: Sun Nov 18 14:55:04 2018 New Revision: 340583 URL: https://svnweb.freebsd.org/changeset/base/340583 Log: MFC r340288: nvi: remove superfluous space before ^\ This fixes alignment in vi's 'viusage' command and has been fixed upstream and in OpenBSD. Submitted by: Raf Czlonka (github:rjc) Modified: stable/11/contrib/nvi/vi/v_cmd.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/nvi/vi/v_cmd.c ============================================================================== --- stable/11/contrib/nvi/vi/v_cmd.c Sun Nov 18 14:54:45 2018 (r340582) +++ stable/11/contrib/nvi/vi/v_cmd.c Sun Nov 18 14:55:04 2018 (r340583) @@ -130,7 +130,7 @@ VIKEYS const vikeys [MAXVIKEY + 1] = { /* 034 ^\ */ {v_exmode, 0, "^\\", - " ^\\ switch to ex mode"}, + "^\\ switch to ex mode"}, /* 035 ^] */ {v_tagpush, V_ABS|V_KEYW|VM_RCM_SET, "^]", From owner-svn-src-stable-11@freebsd.org Sun Nov 18 14:56:27 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 859C5110463B; Sun, 18 Nov 2018 14:56:27 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A8EE8145B; Sun, 18 Nov 2018 14:56:27 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0728414D71; Sun, 18 Nov 2018 14:56:27 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIEuQge036188; Sun, 18 Nov 2018 14:56:26 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIEuQge036187; Sun, 18 Nov 2018 14:56:26 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811181456.wAIEuQge036187@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Sun, 18 Nov 2018 14:56:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340585 - stable/11/sys/contrib/octeon-sdk X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/sys/contrib/octeon-sdk X-SVN-Commit-Revision: 340585 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2A8EE8145B X-Spamd-Result: default: False [0.20 / 15.00]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.20)[0.195,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 14:56:27 -0000 Author: emaste Date: Sun Nov 18 14:56:26 2018 New Revision: 340585 URL: https://svnweb.freebsd.org/changeset/base/340585 Log: MFC r340299: Octeon SDK: avoid use of uninitialized variable Reported by: Clang Modified: stable/11/sys/contrib/octeon-sdk/cvmx-pip.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/contrib/octeon-sdk/cvmx-pip.h ============================================================================== --- stable/11/sys/contrib/octeon-sdk/cvmx-pip.h Sun Nov 18 14:56:08 2018 (r340584) +++ stable/11/sys/contrib/octeon-sdk/cvmx-pip.h Sun Nov 18 14:56:26 2018 (r340585) @@ -684,6 +684,7 @@ static inline int cvmx_pip_get_bsel_table_index(cvmx_w bsel_cfg.u64 = cvmx_read_csr(CVMX_PIP_BSEL_EXT_CFGX(bit)); bsel_pos.u64 = cvmx_read_csr(CVMX_PIP_BSEL_EXT_POSX(bit)); + index = 0; for (y = 0; y < 8; y++) { char *ptr = (char *)cvmx_phys_to_ptr(work->packet_ptr.s.addr); From owner-svn-src-stable-11@freebsd.org Sun Nov 18 22:59:56 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA6C51127294; Sun, 18 Nov 2018 22:59:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 89B5C74F8C; Sun, 18 Nov 2018 22:59:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6AA2C19BC8; Sun, 18 Nov 2018 22:59:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIMxtHf088638; Sun, 18 Nov 2018 22:59:55 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIMxtFo088637; Sun, 18 Nov 2018 22:59:55 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <201811182259.wAIMxtFo088637@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 18 Nov 2018 22:59:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340588 - stable/11/sys/fs/nfsclient X-SVN-Group: stable-11 X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: stable/11/sys/fs/nfsclient X-SVN-Commit-Revision: 340588 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 89B5C74F8C X-Spamd-Result: default: False [0.07 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.05)[-0.047,0]; NEURAL_SPAM_MEDIUM(0.12)[0.116,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 22:59:56 -0000 Author: rmacklem Date: Sun Nov 18 22:59:54 2018 New Revision: 340588 URL: https://svnweb.freebsd.org/changeset/base/340588 Log: MFC: r339999 Fix NFS client vnode locking to avoid a crash during forced dismount. A crash was reported where the crash occurred in nfs_advlock() when the NFS_ISV4(vp) macro was being executed. This was caused by the vnode being VI_DOOMED due to a forced dismount in progress. This patch fixes the problem by locking the vnode before executing the NFS_ISV4() macro. PR: 232673 Modified: stable/11/sys/fs/nfsclient/nfs_clvnops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsclient/nfs_clvnops.c ============================================================================== --- stable/11/sys/fs/nfsclient/nfs_clvnops.c Sun Nov 18 19:55:03 2018 (r340587) +++ stable/11/sys/fs/nfsclient/nfs_clvnops.c Sun Nov 18 22:59:54 2018 (r340588) @@ -3008,14 +3008,19 @@ nfs_advlock(struct vop_advlock_args *ap) int ret, error = EOPNOTSUPP; u_quad_t size; + ret = NFSVOPLOCK(vp, LK_SHARED); + if (ret != 0) + return (EBADF); if (NFS_ISV4(vp) && (ap->a_flags & (F_POSIX | F_FLOCK)) != 0) { - if (vp->v_type != VREG) + if (vp->v_type != VREG) { + NFSVOPUNLOCK(vp, 0); return (EINVAL); + } if ((ap->a_flags & F_POSIX) != 0) cred = p->p_ucred; else cred = td->td_ucred; - NFSVOPLOCK(vp, LK_EXCLUSIVE | LK_RETRY); + NFSVOPLOCK(vp, LK_UPGRADE | LK_RETRY); if (vp->v_iflag & VI_DOOMED) { NFSVOPUNLOCK(vp, 0); return (EBADF); @@ -3094,9 +3099,6 @@ nfs_advlock(struct vop_advlock_args *ap) NFSVOPUNLOCK(vp, 0); return (0); } else if (!NFS_ISV4(vp)) { - error = NFSVOPLOCK(vp, LK_SHARED); - if (error) - return (error); if ((VFSTONFS(vp->v_mount)->nm_flag & NFSMNT_NOLOCKD) != 0) { size = VTONFS(vp)->n_size; NFSVOPUNLOCK(vp, 0); @@ -3119,7 +3121,8 @@ nfs_advlock(struct vop_advlock_args *ap) NFSVOPUNLOCK(vp, 0); } } - } + } else + NFSVOPUNLOCK(vp, 0); return (error); } From owner-svn-src-stable-11@freebsd.org Mon Nov 19 06:07:19 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4F7F1135A6B; Mon, 19 Nov 2018 06:07:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7171B84482; Mon, 19 Nov 2018 06:07:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 519191E26C; Mon, 19 Nov 2018 06:07:18 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJ67IPp011301; Mon, 19 Nov 2018 06:07:18 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAJ67HQH011297; Mon, 19 Nov 2018 06:07:17 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201811190607.wAJ67HQH011297@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Mon, 19 Nov 2018 06:07:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340609 - in stable/11/sys: amd64/vmm/intel x86/include x86/x86 X-SVN-Group: stable-11 X-SVN-Commit-Author: kib X-SVN-Commit-Paths: in stable/11/sys: amd64/vmm/intel x86/include x86/x86 X-SVN-Commit-Revision: 340609 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 7171B84482 X-Spamd-Result: default: False [0.66 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.53)[0.534,0]; NEURAL_SPAM_MEDIUM(0.12)[0.123,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 06:07:19 -0000 Author: kib Date: Mon Nov 19 06:07:17 2018 New Revision: 340609 URL: https://svnweb.freebsd.org/changeset/base/340609 Log: MFC r340487: Align IA32_ARCH_CAP MSR definitions and use with SDM rev. 068. Modified: stable/11/sys/amd64/vmm/intel/vmx.c stable/11/sys/x86/include/specialreg.h stable/11/sys/x86/x86/cpu_machdep.c stable/11/sys/x86/x86/identcpu.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/amd64/vmm/intel/vmx.c ============================================================================== --- stable/11/sys/amd64/vmm/intel/vmx.c Mon Nov 19 05:56:46 2018 (r340608) +++ stable/11/sys/amd64/vmm/intel/vmx.c Mon Nov 19 06:07:17 2018 (r340609) @@ -733,7 +733,8 @@ vmx_init(int ipinum) return (error); } - guest_l1d_flush = (cpu_ia32_arch_caps & IA32_ARCH_CAP_RDCL_NO) == 0; + guest_l1d_flush = (cpu_ia32_arch_caps & + IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) == 0; TUNABLE_INT_FETCH("hw.vmm.l1d_flush", &guest_l1d_flush); /* Modified: stable/11/sys/x86/include/specialreg.h ============================================================================== --- stable/11/sys/x86/include/specialreg.h Mon Nov 19 05:56:46 2018 (r340608) +++ stable/11/sys/x86/include/specialreg.h Mon Nov 19 06:07:17 2018 (r340609) @@ -394,7 +394,9 @@ /* MSR IA32_ARCH_CAP(ABILITIES) bits */ #define IA32_ARCH_CAP_RDCL_NO 0x00000001 #define IA32_ARCH_CAP_IBRS_ALL 0x00000002 -#define IA32_ARCH_CAP_SSBD_NO 0x00000004 +#define IA32_ARCH_CAP_RSBA 0x00000004 +#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY 0x00000008 +#define IA32_ARCH_CAP_SSB_NO 0x00000010 /* * CPUID manufacturers identifiers Modified: stable/11/sys/x86/x86/cpu_machdep.c ============================================================================== --- stable/11/sys/x86/x86/cpu_machdep.c Mon Nov 19 05:56:46 2018 (r340608) +++ stable/11/sys/x86/x86/cpu_machdep.c Mon Nov 19 06:07:17 2018 (r340609) @@ -921,7 +921,7 @@ hw_ssb_recalculate(bool all_cpus) hw_ssb_set(true, all_cpus); break; case 2: /* auto */ - hw_ssb_set((cpu_ia32_arch_caps & IA32_ARCH_CAP_SSBD_NO) != 0 ? + hw_ssb_set((cpu_ia32_arch_caps & IA32_ARCH_CAP_SSB_NO) != 0 ? false : true, all_cpus); break; } Modified: stable/11/sys/x86/x86/identcpu.c ============================================================================== --- stable/11/sys/x86/x86/identcpu.c Mon Nov 19 05:56:46 2018 (r340608) +++ stable/11/sys/x86/x86/identcpu.c Mon Nov 19 06:07:17 2018 (r340609) @@ -1013,6 +1013,9 @@ printcpuinfo(void) "\020" "\001RDCL_NO" "\002IBRS_ALL" + "\003RSBA" + "\004SKIP_L1DFL_VME" + "\005SSB_NO" ); } From owner-svn-src-stable-11@freebsd.org Mon Nov 19 06:37:39 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0F3011362C0; Mon, 19 Nov 2018 06:37:39 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44A6885344; Mon, 19 Nov 2018 06:37:39 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0B3D51E755; Mon, 19 Nov 2018 06:37:39 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJ6bcIt026414; Mon, 19 Nov 2018 06:37:38 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAJ6bcLL026413; Mon, 19 Nov 2018 06:37:38 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201811190637.wAJ6bcLL026413@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Mon, 19 Nov 2018 06:37:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340611 - stable/11/etc X-SVN-Group: stable-11 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/11/etc X-SVN-Commit-Revision: 340611 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 44A6885344 X-Spamd-Result: default: False [0.66 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_MEDIUM(0.12)[0.123,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.53)[0.534,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 06:37:39 -0000 Author: eugen Date: Mon Nov 19 06:37:38 2018 New Revision: 340611 URL: https://svnweb.freebsd.org/changeset/base/340611 Log: MFC r339465: rc.initdiskless: add support for auxiliary NVRAM. Currently, rc.inidiskless assumes that local system configuration changes are kept in some mountable file system. For example, nanobsd uses dedicated partition mounted as /cfg for this. However, small embedded devices like MIPS routers may have no enough flash space to keep full-blown file system but have only one or couple small flash blocks to keep persistent local configuration overrides. This change extends rc.initdiskless and introduces ability to run auxiliary command /conf/T/M/extract that is supposed to extract configuration overrides from such local storage. For example, the command /conf/default/etc/extract may contain something like: cd "$1" && bsdcpio --quiet -idu < /dev/map/cfg bsdcpio command extracts compressed archive from the storage to /etc assuming the storage is exposed by the kernel as /dev/map/cfg to userland. PR: 204215 Modified: stable/11/etc/rc.initdiskless Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/rc.initdiskless ============================================================================== --- stable/11/etc/rc.initdiskless Mon Nov 19 06:33:38 2018 (r340610) +++ stable/11/etc/rc.initdiskless Mon Nov 19 06:37:38 2018 (r340611) @@ -111,6 +111,15 @@ # created for /SUBDIR if necessary). The presence of this file # prevents the copy from /conf/T/SUBDIR/ # +# /conf/T/M/extract +# This is alternative to SUBDIR.cpio.gz and remount. +# Similar to remount case, a memory filesystem is created +# for /M and initialized from a template but no mounting +# performed. Instead, this file is run passing /M as singe +# argument. It is expected to extract template override to /M +# using auxiliary storage found in some embedded systems +# having NVRAM too small to hold mountable file system. +# # /conf/T/SUBDIR.remove # The list of paths contained in the file are rm -rf'd # relative to /SUBDIR. @@ -343,8 +352,8 @@ done # - Create all required MFS filesystems and populate them from # our templates. Support both a direct template and a dir.cpio.gz -# archive. Support dir.remove files containing a list of relative -# paths to remove. +# archive. Support for auxiliary NVRAM. Support dir.remove files containing +# a list of relative paths to remove. # # The dir.cpio.gz form is there to make the copy process more efficient, # so if the cpio archive is present, it prevents the files from dir/ @@ -365,6 +374,15 @@ for i in ${templates} ; do create_md $subdir echo "Loading /$subdir from cpio archive $j" (cd / ; /rescue/tar -xpf $j) + fi + done + for j in /conf/$i/*/extract ; do + if [ -x $j ]; then + subdir=${j%*/extract} + subdir=${subdir##*/} + create_md $subdir + echo "Loading /$subdir using auxiliary command $j" + $j /$subdir fi done for j in /conf/$i/*.remove ; do From owner-svn-src-stable-11@freebsd.org Mon Nov 19 06:51:25 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A28371136914; Mon, 19 Nov 2018 06:51:25 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4425B85EB9; Mon, 19 Nov 2018 06:51:25 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 251D31EA37; Mon, 19 Nov 2018 06:51:25 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJ6pPGU033891; Mon, 19 Nov 2018 06:51:25 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAJ6pPu3033890; Mon, 19 Nov 2018 06:51:25 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201811190651.wAJ6pPu3033890@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Mon, 19 Nov 2018 06:51:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340615 - stable/11/etc X-SVN-Group: stable-11 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/11/etc X-SVN-Commit-Revision: 340615 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4425B85EB9 X-Spamd-Result: default: False [0.64 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_MEDIUM(0.12)[0.116,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.52)[0.522,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 06:51:25 -0000 Author: eugen Date: Mon Nov 19 06:51:24 2018 New Revision: 340615 URL: https://svnweb.freebsd.org/changeset/base/340615 Log: MFC r339472: rc.initdiskless: fix commentary grammar after r339465 Modified: stable/11/etc/rc.initdiskless Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/rc.initdiskless ============================================================================== --- stable/11/etc/rc.initdiskless Mon Nov 19 06:49:30 2018 (r340614) +++ stable/11/etc/rc.initdiskless Mon Nov 19 06:51:24 2018 (r340615) @@ -115,7 +115,7 @@ # This is alternative to SUBDIR.cpio.gz and remount. # Similar to remount case, a memory filesystem is created # for /M and initialized from a template but no mounting -# performed. Instead, this file is run passing /M as singe +# performed. Instead, this file is run passing /M as single # argument. It is expected to extract template override to /M # using auxiliary storage found in some embedded systems # having NVRAM too small to hold mountable file system. From owner-svn-src-stable-11@freebsd.org Mon Nov 19 09:46:49 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F378C113A768; Mon, 19 Nov 2018 09:46:48 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7C8416DDEB; Mon, 19 Nov 2018 09:46:48 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5776E20616; Mon, 19 Nov 2018 09:46:48 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJ9kmGm023649; Mon, 19 Nov 2018 09:46:48 GMT (envelope-from hselasky@FreeBSD.org) Received: (from hselasky@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAJ9kmGp023648; Mon, 19 Nov 2018 09:46:48 GMT (envelope-from hselasky@FreeBSD.org) Message-Id: <201811190946.wAJ9kmGp023648@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hselasky set sender to hselasky@FreeBSD.org using -f From: Hans Petter Selasky Date: Mon, 19 Nov 2018 09:46:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340624 - stable/11/etc/newsyslog.conf.d X-SVN-Group: stable-11 X-SVN-Commit-Author: hselasky X-SVN-Commit-Paths: stable/11/etc/newsyslog.conf.d X-SVN-Commit-Revision: 340624 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 7C8416DDEB X-Spamd-Result: default: False [0.51 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.39)[0.394,0]; NEURAL_SPAM_MEDIUM(0.12)[0.116,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 09:46:49 -0000 Author: hselasky Date: Mon Nov 19 09:46:47 2018 New Revision: 340624 URL: https://svnweb.freebsd.org/changeset/base/340624 Log: MFC r340254: Put a size limit on the opensm.log and use bzip2(1). Discussed with: markj@ Sponsored by: Mellanox Technologies Modified: stable/11/etc/newsyslog.conf.d/opensm.conf Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/newsyslog.conf.d/opensm.conf ============================================================================== --- stable/11/etc/newsyslog.conf.d/opensm.conf Mon Nov 19 09:40:02 2018 (r340623) +++ stable/11/etc/newsyslog.conf.d/opensm.conf Mon Nov 19 09:46:47 2018 (r340624) @@ -1,3 +1,3 @@ # $FreeBSD$ -/var/log/opensm.log 600 7 * * Z /var/run/opensm.pid 30 +/var/log/opensm.log 600 7 1000 * J /var/run/opensm.pid 30 From owner-svn-src-stable-11@freebsd.org Mon Nov 19 19:05:09 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E717F1123F04; Mon, 19 Nov 2018 19:05:08 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F2BD8810F; Mon, 19 Nov 2018 19:05:08 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6F0D2261D1; Mon, 19 Nov 2018 19:05:08 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJJ586T015292; Mon, 19 Nov 2018 19:05:08 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAJJ58xf015291; Mon, 19 Nov 2018 19:05:08 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201811191905.wAJJ58xf015291@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Mon, 19 Nov 2018 19:05:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340648 - stable/11/sys/kern X-SVN-Group: stable-11 X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: stable/11/sys/kern X-SVN-Commit-Revision: 340648 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 8F2BD8810F X-Spamd-Result: default: False [0.42 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.01)[-0.012,0]; NEURAL_SPAM_SHORT(0.43)[0.428,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 19:05:09 -0000 Author: kevans Date: Mon Nov 19 19:05:07 2018 New Revision: 340648 URL: https://svnweb.freebsd.org/changeset/base/340648 Log: MFC r340392: Add dynamic_kenv assertion to init_static_kenv Both to formally document the requirement that this not be called after the dynamic kenv is setup, and to perhaps help static analyzers figure out what's going on. While calling init_static_kenv this late isn't fatal, there are some caveats that the caller should be aware of: - Late calls are effectively a no-op, as far as default FreeBSD is concerned, as everything will switch to searching the dynamic kenv once it's available. - Each of the kern_getenv calls will leak memory, as it's assumed that these are searching static environment and allocations will not be made. As such, this usage is not sensible and should be detected. Modified: stable/11/sys/kern/kern_environment.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/kern_environment.c ============================================================================== --- stable/11/sys/kern/kern_environment.c Mon Nov 19 19:04:50 2018 (r340647) +++ stable/11/sys/kern/kern_environment.c Mon Nov 19 19:05:07 2018 (r340648) @@ -247,6 +247,7 @@ init_static_kenv(char *buf, size_t len) { char *eval; + KASSERT(!dynamic_kenv, ("kenv: dynamic_kenv already initialized")); /* * Give the static environment a chance to disable the loader(8) * environment first. This is done with loader_env.disabled=1. From owner-svn-src-stable-11@freebsd.org Tue Nov 20 01:12:22 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A7EAA1131CA9; Tue, 20 Nov 2018 01:12:22 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4E20F6E270; Tue, 20 Nov 2018 01:12:22 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 30E2D1DF8; Tue, 20 Nov 2018 01:12:22 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAK1CMVN007354; Tue, 20 Nov 2018 01:12:22 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAK1CL9m007353; Tue, 20 Nov 2018 01:12:21 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201811200112.wAK1CL9m007353@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Tue, 20 Nov 2018 01:12:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340660 - in stable/11/sys: kern vm X-SVN-Group: stable-11 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: in stable/11/sys: kern vm X-SVN-Commit-Revision: 340660 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4E20F6E270 X-Spamd-Result: default: False [0.34 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.01)[-0.012,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.35)[0.351,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 01:12:22 -0000 Author: markj Date: Tue Nov 20 01:12:21 2018 New Revision: 340660 URL: https://svnweb.freebsd.org/changeset/base/340660 Log: MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map. Modified: stable/11/sys/kern/sys_pipe.c stable/11/sys/vm/vm_kern.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/sys_pipe.c ============================================================================== --- stable/11/sys/kern/sys_pipe.c Tue Nov 20 00:56:54 2018 (r340659) +++ stable/11/sys/kern/sys_pipe.c Tue Nov 20 01:12:21 2018 (r340660) @@ -511,9 +511,8 @@ retry: size = round_page(size); buffer = (caddr_t) vm_map_min(pipe_map); - error = vm_map_find(pipe_map, NULL, 0, - (vm_offset_t *) &buffer, size, 0, VMFS_ANY_SPACE, - VM_PROT_ALL, VM_PROT_ALL, 0); + error = vm_map_find(pipe_map, NULL, 0, (vm_offset_t *)&buffer, size, 0, + VMFS_ANY_SPACE, VM_PROT_RW, VM_PROT_RW, 0); if (error != KERN_SUCCESS) { if ((cpipe->pipe_buffer.buffer == NULL) && (size > SMALL_PIPE_SIZE)) { Modified: stable/11/sys/vm/vm_kern.c ============================================================================== --- stable/11/sys/vm/vm_kern.c Tue Nov 20 00:56:54 2018 (r340659) +++ stable/11/sys/vm/vm_kern.c Tue Nov 20 01:12:21 2018 (r340660) @@ -461,8 +461,8 @@ kmap_alloc_wait(vm_map_t map, vm_size_t size) map->needs_wakeup = TRUE; vm_map_unlock_and_wait(map, 0); } - vm_map_insert(map, NULL, 0, addr, addr + size, VM_PROT_ALL, - VM_PROT_ALL, MAP_ACC_CHARGED); + vm_map_insert(map, NULL, 0, addr, addr + size, VM_PROT_RW, VM_PROT_RW, + MAP_ACC_CHARGED); vm_map_unlock(map); return (addr); } From owner-svn-src-stable-11@freebsd.org Tue Nov 20 10:44:50 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96295110D520; Tue, 20 Nov 2018 10:44:50 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3673F85D19; Tue, 20 Nov 2018 10:44:50 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 15B521043C; Tue, 20 Nov 2018 10:44:50 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKAin8d005279; Tue, 20 Nov 2018 10:44:49 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKAindQ005278; Tue, 20 Nov 2018 10:44:49 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201811201044.wAKAindQ005278@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Tue, 20 Nov 2018 10:44:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340670 - stable/11/sys/netinet X-SVN-Group: stable-11 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/11/sys/netinet X-SVN-Commit-Revision: 340670 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 3673F85D19 X-Spamd-Result: default: False [0.61 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.01)[-0.012,0]; NEURAL_SPAM_LONG(0.01)[0.007,0]; NEURAL_SPAM_SHORT(0.62)[0.617,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 10:44:50 -0000 Author: eugen Date: Tue Nov 20 10:44:49 2018 New Revision: 340670 URL: https://svnweb.freebsd.org/changeset/base/340670 Log: MFC r339558: New sysctl: net.inet.icmp.error_keeptags Currently, icmp_error() function copies FIB number from original packet into generated ICMP response but not mbuf_tags(9) chain. This prevents us from easily matching ICMP responses corresponding to tagged original packets by means of packet filter such as ipfw(8). For example, ICMP "time-exceeded in-transit" packets usually generated in response to traceroute probes lose tags attached to original packets. This change adds new sysctl net.inet.icmp.error_keeptags that defaults to 0 to avoid extra overhead when this feature not needed. Set net.inet.icmp.error_keeptags=1 to make icmp_error() copy mbuf_tags from original packet to generated ICMP response. PR: 215874 Modified: stable/11/sys/netinet/ip_icmp.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet/ip_icmp.c ============================================================================== --- stable/11/sys/netinet/ip_icmp.c Tue Nov 20 10:43:18 2018 (r340669) +++ stable/11/sys/netinet/ip_icmp.c Tue Nov 20 10:44:49 2018 (r340670) @@ -155,6 +155,12 @@ SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFL &VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets"); +VNET_DEFINE_STATIC(int, error_keeptags) = 0; +#define V_error_keeptags VNET(error_keeptags) +SYSCTL_INT(_net_inet_icmp, OID_AUTO, error_keeptags, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(error_keeptags), 0, + "ICMP error response keeps copy of mbuf_tags of original packet"); + #ifdef ICMPPRINTFS int icmpprintfs = 0; #endif @@ -367,6 +373,10 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, ntohs nip->ip_p = IPPROTO_ICMP; nip->ip_tos = 0; nip->ip_off = 0; + + if (V_error_keeptags) + m_tag_copy_chain(m, n, M_NOWAIT); + icmp_reflect(m); freeit: From owner-svn-src-stable-11@freebsd.org Tue Nov 20 11:23:34 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F3621121B96; Tue, 20 Nov 2018 11:23:34 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 41E3D875DC; Tue, 20 Nov 2018 11:23:34 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 24A3110AEC; Tue, 20 Nov 2018 11:23:34 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKBNY70025649; Tue, 20 Nov 2018 11:23:34 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKBNYNs025648; Tue, 20 Nov 2018 11:23:34 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201811201123.wAKBNYNs025648@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Tue, 20 Nov 2018 11:23:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340673 - stable/11/sys/netinet X-SVN-Group: stable-11 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/11/sys/netinet X-SVN-Commit-Revision: 340673 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 41E3D875DC X-Spamd-Result: default: False [0.12 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.06)[-0.058,0]; NEURAL_SPAM_LONG(0.01)[0.007,0]; NEURAL_SPAM_MEDIUM(0.17)[0.172,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 11:23:34 -0000 Author: eugen Date: Tue Nov 20 11:23:33 2018 New Revision: 340673 URL: https://svnweb.freebsd.org/changeset/base/340673 Log: Unbreak build after r340670. This is direct commit to stable/11. Modified: stable/11/sys/netinet/ip_icmp.c Modified: stable/11/sys/netinet/ip_icmp.c ============================================================================== --- stable/11/sys/netinet/ip_icmp.c Tue Nov 20 11:19:02 2018 (r340672) +++ stable/11/sys/netinet/ip_icmp.c Tue Nov 20 11:23:33 2018 (r340673) @@ -155,7 +155,7 @@ SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFL &VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets"); -VNET_DEFINE_STATIC(int, error_keeptags) = 0; +static VNET_DEFINE(int, error_keeptags) = 0; #define V_error_keeptags VNET(error_keeptags) SYSCTL_INT(_net_inet_icmp, OID_AUTO, error_keeptags, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(error_keeptags), 0, From owner-svn-src-stable-11@freebsd.org Tue Nov 20 21:26:32 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0BA9113E770; Tue, 20 Nov 2018 21:26:31 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6089C84919; Tue, 20 Nov 2018 21:26:31 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 42B3F16E00; Tue, 20 Nov 2018 21:26:31 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKLQVvR040835; Tue, 20 Nov 2018 21:26:31 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKLQQSC040809; Tue, 20 Nov 2018 21:26:26 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201811202126.wAKLQQSC040809@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 20 Nov 2018 21:26:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340704 - in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm crypto/openssl/crypto/co... X-SVN-Group: stable-11 X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in stable/11: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm crypto/openssl/crypto/conf crypto/openssl/crypto/... X-SVN-Commit-Revision: 340704 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 6089C84919 X-Spamd-Result: default: False [0.86 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.60)[0.595,0]; NEURAL_SPAM_MEDIUM(0.24)[0.240,0]; NEURAL_SPAM_LONG(0.02)[0.022,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 21:26:32 -0000 Author: jkim Date: Tue Nov 20 21:26:25 2018 New Revision: 340704 URL: https://svnweb.freebsd.org/changeset/base/340704 Log: Merge OpenSSL 1.0.2q. Added: stable/11/crypto/openssl/crypto/getenv.c - copied unchanged from r340692, vendor-crypto/openssl/dist-1.0.2/crypto/getenv.c Modified: stable/11/crypto/openssl/CHANGES stable/11/crypto/openssl/Makefile stable/11/crypto/openssl/NEWS stable/11/crypto/openssl/README stable/11/crypto/openssl/apps/req.c stable/11/crypto/openssl/config stable/11/crypto/openssl/crypto/Makefile stable/11/crypto/openssl/crypto/bio/b_sock.c stable/11/crypto/openssl/crypto/bn/asm/x86_64-gcc.c stable/11/crypto/openssl/crypto/bn/bn_blind.c stable/11/crypto/openssl/crypto/bn/bn_lib.c stable/11/crypto/openssl/crypto/bn/bn_mod.c stable/11/crypto/openssl/crypto/bn/bn_mont.c stable/11/crypto/openssl/crypto/bn/bn_mul.c stable/11/crypto/openssl/crypto/bn/bn_sqr.c stable/11/crypto/openssl/crypto/bn/bn_x931p.c stable/11/crypto/openssl/crypto/bn_int.h stable/11/crypto/openssl/crypto/conf/Makefile stable/11/crypto/openssl/crypto/conf/conf_api.c stable/11/crypto/openssl/crypto/conf/conf_mod.c stable/11/crypto/openssl/crypto/cryptlib.h stable/11/crypto/openssl/crypto/dsa/dsa_gen.c stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c stable/11/crypto/openssl/crypto/ec/ec_lcl.h stable/11/crypto/openssl/crypto/ec/ec_lib.c stable/11/crypto/openssl/crypto/ec/ec_mult.c stable/11/crypto/openssl/crypto/engine/eng_list.c stable/11/crypto/openssl/crypto/opensslconf.h stable/11/crypto/openssl/crypto/opensslv.h stable/11/crypto/openssl/crypto/pkcs12/p12_init.c stable/11/crypto/openssl/crypto/pkcs7/pk7_lib.c stable/11/crypto/openssl/crypto/rand/Makefile stable/11/crypto/openssl/crypto/rand/md_rand.c stable/11/crypto/openssl/crypto/rand/rand_lcl.h stable/11/crypto/openssl/crypto/rand/rand_lib.c stable/11/crypto/openssl/crypto/rand/randfile.c stable/11/crypto/openssl/crypto/rsa/rsa_eay.c stable/11/crypto/openssl/crypto/ui/ui_openssl.c stable/11/crypto/openssl/crypto/x509/by_dir.c stable/11/crypto/openssl/crypto/x509/by_file.c stable/11/crypto/openssl/crypto/x509/x509_vfy.c stable/11/crypto/openssl/crypto/x509v3/v3_purp.c stable/11/crypto/openssl/doc/apps/crl.pod stable/11/crypto/openssl/doc/apps/req.pod stable/11/crypto/openssl/doc/apps/s_server.pod stable/11/crypto/openssl/doc/crypto/EVP_DigestSignInit.pod stable/11/crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod stable/11/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod stable/11/crypto/openssl/engines/e_capi.c stable/11/crypto/openssl/ssl/d1_pkt.c stable/11/crypto/openssl/ssl/ssl_ciph.c stable/11/crypto/openssl/ssl/ssl_lib.c stable/11/crypto/openssl/ssl/t1_lib.c stable/11/crypto/openssl/util/domd stable/11/crypto/openssl/util/libeay.num stable/11/secure/lib/libcrypto/Makefile stable/11/secure/lib/libcrypto/Makefile.inc stable/11/secure/lib/libcrypto/Makefile.man stable/11/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/11/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/11/secure/lib/libcrypto/man/ASN1_TIME_set.3 stable/11/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/11/secure/lib/libcrypto/man/BIO_ctrl.3 stable/11/secure/lib/libcrypto/man/BIO_f_base64.3 stable/11/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/11/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/11/secure/lib/libcrypto/man/BIO_f_md.3 stable/11/secure/lib/libcrypto/man/BIO_f_null.3 stable/11/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/11/secure/lib/libcrypto/man/BIO_find_type.3 stable/11/secure/lib/libcrypto/man/BIO_new.3 stable/11/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/11/secure/lib/libcrypto/man/BIO_push.3 stable/11/secure/lib/libcrypto/man/BIO_read.3 stable/11/secure/lib/libcrypto/man/BIO_s_accept.3 stable/11/secure/lib/libcrypto/man/BIO_s_bio.3 stable/11/secure/lib/libcrypto/man/BIO_s_connect.3 stable/11/secure/lib/libcrypto/man/BIO_s_fd.3 stable/11/secure/lib/libcrypto/man/BIO_s_file.3 stable/11/secure/lib/libcrypto/man/BIO_s_mem.3 stable/11/secure/lib/libcrypto/man/BIO_s_null.3 stable/11/secure/lib/libcrypto/man/BIO_s_socket.3 stable/11/secure/lib/libcrypto/man/BIO_set_callback.3 stable/11/secure/lib/libcrypto/man/BIO_should_retry.3 stable/11/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_new.3 stable/11/secure/lib/libcrypto/man/BN_CTX_start.3 stable/11/secure/lib/libcrypto/man/BN_add.3 stable/11/secure/lib/libcrypto/man/BN_add_word.3 stable/11/secure/lib/libcrypto/man/BN_bn2bin.3 stable/11/secure/lib/libcrypto/man/BN_cmp.3 stable/11/secure/lib/libcrypto/man/BN_copy.3 stable/11/secure/lib/libcrypto/man/BN_generate_prime.3 stable/11/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/11/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/11/secure/lib/libcrypto/man/BN_new.3 stable/11/secure/lib/libcrypto/man/BN_num_bytes.3 stable/11/secure/lib/libcrypto/man/BN_rand.3 stable/11/secure/lib/libcrypto/man/BN_set_bit.3 stable/11/secure/lib/libcrypto/man/BN_swap.3 stable/11/secure/lib/libcrypto/man/BN_zero.3 stable/11/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/11/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/11/secure/lib/libcrypto/man/CMS_compress.3 stable/11/secure/lib/libcrypto/man/CMS_decrypt.3 stable/11/secure/lib/libcrypto/man/CMS_encrypt.3 stable/11/secure/lib/libcrypto/man/CMS_final.3 stable/11/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/11/secure/lib/libcrypto/man/CMS_get0_type.3 stable/11/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/11/secure/lib/libcrypto/man/CMS_sign.3 stable/11/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/11/secure/lib/libcrypto/man/CMS_uncompress.3 stable/11/secure/lib/libcrypto/man/CMS_verify.3 stable/11/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/11/secure/lib/libcrypto/man/CONF_modules_free.3 stable/11/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/11/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/11/secure/lib/libcrypto/man/DH_generate_key.3 stable/11/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DH_new.3 stable/11/secure/lib/libcrypto/man/DH_set_method.3 stable/11/secure/lib/libcrypto/man/DH_size.3 stable/11/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/11/secure/lib/libcrypto/man/DSA_do_sign.3 stable/11/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/11/secure/lib/libcrypto/man/DSA_generate_key.3 stable/11/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/11/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/DSA_new.3 stable/11/secure/lib/libcrypto/man/DSA_set_method.3 stable/11/secure/lib/libcrypto/man/DSA_sign.3 stable/11/secure/lib/libcrypto/man/DSA_size.3 stable/11/secure/lib/libcrypto/man/EC_GFp_simple_method.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_copy.3 stable/11/secure/lib/libcrypto/man/EC_GROUP_new.3 stable/11/secure/lib/libcrypto/man/EC_KEY_new.3 stable/11/secure/lib/libcrypto/man/EC_POINT_add.3 stable/11/secure/lib/libcrypto/man/EC_POINT_new.3 stable/11/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/11/secure/lib/libcrypto/man/ERR_clear_error.3 stable/11/secure/lib/libcrypto/man/ERR_error_string.3 stable/11/secure/lib/libcrypto/man/ERR_get_error.3 stable/11/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/11/secure/lib/libcrypto/man/ERR_load_strings.3 stable/11/secure/lib/libcrypto/man/ERR_print_errors.3 stable/11/secure/lib/libcrypto/man/ERR_put_error.3 stable/11/secure/lib/libcrypto/man/ERR_remove_state.3 stable/11/secure/lib/libcrypto/man/ERR_set_mark.3 stable/11/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/11/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/11/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncodeInit.3 stable/11/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/11/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/11/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/11/secure/lib/libcrypto/man/EVP_SealInit.3 stable/11/secure/lib/libcrypto/man/EVP_SignInit.3 stable/11/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/11/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/11/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/11/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/11/secure/lib/libcrypto/man/OPENSSL_config.3 stable/11/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/11/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 stable/11/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/11/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/11/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/11/secure/lib/libcrypto/man/PKCS12_create.3 stable/11/secure/lib/libcrypto/man/PKCS12_parse.3 stable/11/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign.3 stable/11/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/11/secure/lib/libcrypto/man/PKCS7_verify.3 stable/11/secure/lib/libcrypto/man/RAND_add.3 stable/11/secure/lib/libcrypto/man/RAND_bytes.3 stable/11/secure/lib/libcrypto/man/RAND_cleanup.3 stable/11/secure/lib/libcrypto/man/RAND_egd.3 stable/11/secure/lib/libcrypto/man/RAND_load_file.3 stable/11/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/11/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/11/secure/lib/libcrypto/man/RSA_check_key.3 stable/11/secure/lib/libcrypto/man/RSA_generate_key.3 stable/11/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/RSA_new.3 stable/11/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/11/secure/lib/libcrypto/man/RSA_print.3 stable/11/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/11/secure/lib/libcrypto/man/RSA_set_method.3 stable/11/secure/lib/libcrypto/man/RSA_sign.3 stable/11/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/11/secure/lib/libcrypto/man/RSA_size.3 stable/11/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/11/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/11/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/11/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/11/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/11/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/11/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/11/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/11/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/11/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/11/secure/lib/libcrypto/man/X509_check_host.3 stable/11/secure/lib/libcrypto/man/X509_check_private_key.3 stable/11/secure/lib/libcrypto/man/X509_cmp_time.3 stable/11/secure/lib/libcrypto/man/X509_new.3 stable/11/secure/lib/libcrypto/man/X509_verify_cert.3 stable/11/secure/lib/libcrypto/man/bio.3 stable/11/secure/lib/libcrypto/man/blowfish.3 stable/11/secure/lib/libcrypto/man/bn.3 stable/11/secure/lib/libcrypto/man/bn_internal.3 stable/11/secure/lib/libcrypto/man/buffer.3 stable/11/secure/lib/libcrypto/man/crypto.3 stable/11/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/11/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 stable/11/secure/lib/libcrypto/man/d2i_DHparams.3 stable/11/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_ECPKParameters.3 stable/11/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_PrivateKey.3 stable/11/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/11/secure/lib/libcrypto/man/d2i_X509.3 stable/11/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/11/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/11/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/11/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/11/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/11/secure/lib/libcrypto/man/des.3 stable/11/secure/lib/libcrypto/man/dh.3 stable/11/secure/lib/libcrypto/man/dsa.3 stable/11/secure/lib/libcrypto/man/ec.3 stable/11/secure/lib/libcrypto/man/ecdsa.3 stable/11/secure/lib/libcrypto/man/engine.3 stable/11/secure/lib/libcrypto/man/err.3 stable/11/secure/lib/libcrypto/man/evp.3 stable/11/secure/lib/libcrypto/man/hmac.3 stable/11/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/11/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/11/secure/lib/libcrypto/man/lh_stats.3 stable/11/secure/lib/libcrypto/man/lhash.3 stable/11/secure/lib/libcrypto/man/md5.3 stable/11/secure/lib/libcrypto/man/mdc2.3 stable/11/secure/lib/libcrypto/man/pem.3 stable/11/secure/lib/libcrypto/man/rand.3 stable/11/secure/lib/libcrypto/man/rc4.3 stable/11/secure/lib/libcrypto/man/ripemd.3 stable/11/secure/lib/libcrypto/man/rsa.3 stable/11/secure/lib/libcrypto/man/sha.3 stable/11/secure/lib/libcrypto/man/threads.3 stable/11/secure/lib/libcrypto/man/ui.3 stable/11/secure/lib/libcrypto/man/ui_compat.3 stable/11/secure/lib/libcrypto/man/x509.3 stable/11/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/11/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 stable/11/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd.3 stable/11/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 stable/11/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/11/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/11/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/11/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_free.3 stable/11/secure/lib/libssl/man/SSL_CTX_get0_param.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/11/secure/lib/libssl/man/SSL_CTX_new.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/11/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_curves.3 stable/11/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/11/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 stable/11/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 stable/11/secure/lib/libssl/man/SSL_SESSION_free.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/11/secure/lib/libssl/man/SSL_accept.3 stable/11/secure/lib/libssl/man/SSL_alert_type_string.3 stable/11/secure/lib/libssl/man/SSL_check_chain.3 stable/11/secure/lib/libssl/man/SSL_clear.3 stable/11/secure/lib/libssl/man/SSL_connect.3 stable/11/secure/lib/libssl/man/SSL_do_handshake.3 stable/11/secure/lib/libssl/man/SSL_export_keying_material.3 stable/11/secure/lib/libssl/man/SSL_free.3 stable/11/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/11/secure/lib/libssl/man/SSL_get_ciphers.3 stable/11/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/11/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/11/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/11/secure/lib/libssl/man/SSL_get_error.3 stable/11/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/11/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/11/secure/lib/libssl/man/SSL_get_fd.3 stable/11/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/11/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/11/secure/lib/libssl/man/SSL_get_psk_identity.3 stable/11/secure/lib/libssl/man/SSL_get_rbio.3 stable/11/secure/lib/libssl/man/SSL_get_session.3 stable/11/secure/lib/libssl/man/SSL_get_verify_result.3 stable/11/secure/lib/libssl/man/SSL_get_version.3 stable/11/secure/lib/libssl/man/SSL_library_init.3 stable/11/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/11/secure/lib/libssl/man/SSL_new.3 stable/11/secure/lib/libssl/man/SSL_pending.3 stable/11/secure/lib/libssl/man/SSL_read.3 stable/11/secure/lib/libssl/man/SSL_rstate_string.3 stable/11/secure/lib/libssl/man/SSL_session_reused.3 stable/11/secure/lib/libssl/man/SSL_set_bio.3 stable/11/secure/lib/libssl/man/SSL_set_connect_state.3 stable/11/secure/lib/libssl/man/SSL_set_fd.3 stable/11/secure/lib/libssl/man/SSL_set_session.3 stable/11/secure/lib/libssl/man/SSL_set_shutdown.3 stable/11/secure/lib/libssl/man/SSL_set_verify_result.3 stable/11/secure/lib/libssl/man/SSL_shutdown.3 stable/11/secure/lib/libssl/man/SSL_state_string.3 stable/11/secure/lib/libssl/man/SSL_want.3 stable/11/secure/lib/libssl/man/SSL_write.3 stable/11/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/11/secure/lib/libssl/man/ssl.3 stable/11/secure/usr.bin/openssl/man/CA.pl.1 stable/11/secure/usr.bin/openssl/man/asn1parse.1 stable/11/secure/usr.bin/openssl/man/ca.1 stable/11/secure/usr.bin/openssl/man/ciphers.1 stable/11/secure/usr.bin/openssl/man/cms.1 stable/11/secure/usr.bin/openssl/man/crl.1 stable/11/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/11/secure/usr.bin/openssl/man/dgst.1 stable/11/secure/usr.bin/openssl/man/dhparam.1 stable/11/secure/usr.bin/openssl/man/dsa.1 stable/11/secure/usr.bin/openssl/man/dsaparam.1 stable/11/secure/usr.bin/openssl/man/ec.1 stable/11/secure/usr.bin/openssl/man/ecparam.1 stable/11/secure/usr.bin/openssl/man/enc.1 stable/11/secure/usr.bin/openssl/man/errstr.1 stable/11/secure/usr.bin/openssl/man/gendsa.1 stable/11/secure/usr.bin/openssl/man/genpkey.1 stable/11/secure/usr.bin/openssl/man/genrsa.1 stable/11/secure/usr.bin/openssl/man/nseq.1 stable/11/secure/usr.bin/openssl/man/ocsp.1 stable/11/secure/usr.bin/openssl/man/openssl.1 stable/11/secure/usr.bin/openssl/man/passwd.1 stable/11/secure/usr.bin/openssl/man/pkcs12.1 stable/11/secure/usr.bin/openssl/man/pkcs7.1 stable/11/secure/usr.bin/openssl/man/pkcs8.1 stable/11/secure/usr.bin/openssl/man/pkey.1 stable/11/secure/usr.bin/openssl/man/pkeyparam.1 stable/11/secure/usr.bin/openssl/man/pkeyutl.1 stable/11/secure/usr.bin/openssl/man/rand.1 stable/11/secure/usr.bin/openssl/man/req.1 stable/11/secure/usr.bin/openssl/man/rsa.1 stable/11/secure/usr.bin/openssl/man/rsautl.1 stable/11/secure/usr.bin/openssl/man/s_client.1 stable/11/secure/usr.bin/openssl/man/s_server.1 stable/11/secure/usr.bin/openssl/man/s_time.1 stable/11/secure/usr.bin/openssl/man/sess_id.1 stable/11/secure/usr.bin/openssl/man/smime.1 stable/11/secure/usr.bin/openssl/man/speed.1 stable/11/secure/usr.bin/openssl/man/spkac.1 stable/11/secure/usr.bin/openssl/man/ts.1 stable/11/secure/usr.bin/openssl/man/tsget.1 stable/11/secure/usr.bin/openssl/man/verify.1 stable/11/secure/usr.bin/openssl/man/version.1 stable/11/secure/usr.bin/openssl/man/x509.1 stable/11/secure/usr.bin/openssl/man/x509v3_config.1 Modified: stable/11/crypto/openssl/CHANGES ============================================================================== --- stable/11/crypto/openssl/CHANGES Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/CHANGES Tue Nov 20 21:26:25 2018 (r340704) @@ -7,6 +7,36 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2p and 1.0.2q [20 Nov 2018] + + *) Microarchitecture timing vulnerability in ECC scalar multiplication + + OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been + shown to be vulnerable to a microarchitecture timing side channel attack. + An attacker with sufficient access to mount local timing attacks during + ECDSA signature generation could recover the private key. + + This issue was reported to OpenSSL on 26th October 2018 by Alejandro + Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and + Nicola Tuveri. + (CVE-2018-5407) + [Billy Brumley] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object + Module, accidentally introduced while backporting security fixes from the + development branch and hindering the use of ECC in FIPS mode. + [Nicola Tuveri] + Changes between 1.0.2o and 1.0.2p [14 Aug 2018] *) Client DoS due to large DH parameter Modified: stable/11/crypto/openssl/Makefile ============================================================================== --- stable/11/crypto/openssl/Makefile Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/Makefile Tue Nov 20 21:26:25 2018 (r340704) @@ -4,18 +4,18 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2p +VERSION=1.0.2q MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 -SHLIB_EXT= -PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=dist -SHLIB_TARGET= +SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +PLATFORM=linux-x86_64 +OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack +SHLIB_TARGET=linux-shared # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -59,11 +59,11 @@ OPENSSLDIR=/usr/local/ssl # equal 4. # PKCS1_CHECK - pkcs1 tests. -CC= cc -CFLAG= -O +CC= gcc +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= -EX_LIBS= +EX_LIBS= -ldl EXE_EXT= ARFLAGS= AR= ar $(ARFLAGS) r @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG= cc +MAKEDEPPROG= gcc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in @@ -89,23 +89,23 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= mem_clr.o -BN_ASM= bn_asm.o -EC_ASM= +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes_core.o aes_cbc.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o rc4_skey.o +RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o RMD160_ASM_OBJ= -WP_ASM_OBJ= wp_block.o -CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o -MODES_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_ASM_OBJ= -PERLASM_SCHEME= +PERLASM_SCHEME= elf # KRB5 stuff KRB5_INCLUDES= @@ -177,8 +177,8 @@ LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= +SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so +SHARED_LDFLAGS=-m64 GENERAL= Makefile BASENAME= openssl Modified: stable/11/crypto/openssl/NEWS ============================================================================== --- stable/11/crypto/openssl/NEWS Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/NEWS Tue Nov 20 21:26:25 2018 (r340704) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] + + o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] o Client DoS due to large DH parameter (CVE-2018-0732) Modified: stable/11/crypto/openssl/README ============================================================================== --- stable/11/crypto/openssl/README Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/README Tue Nov 20 21:26:25 2018 (r340704) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2p 14 Aug 2018 + OpenSSL 1.0.2q 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/11/crypto/openssl/apps/req.c ============================================================================== --- stable/11/crypto/openssl/apps/req.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/apps/req.c Tue Nov 20 21:26:25 2018 (r340704) @@ -659,8 +659,7 @@ int MAIN(int argc, char **argv) } } - BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - newkey, keyalgstr); + BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); Modified: stable/11/crypto/openssl/config ============================================================================== --- stable/11/crypto/openssl/config Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/config Tue Nov 20 21:26:25 2018 (r340704) @@ -992,5 +992,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) Modified: stable/11/crypto/openssl/crypto/Makefile ============================================================================== --- stable/11/crypto/openssl/crypto/Makefile Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/Makefile Tue Nov 20 21:26:25 2018 (r340704) @@ -37,9 +37,11 @@ TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \ + getenv.c LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \ + $(CPUID_OBJ) SRC= $(LIBSRC) @@ -179,6 +181,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/op ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c +getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h +getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +getenv.o: getenv.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h Modified: stable/11/crypto/openssl/crypto/bio/b_sock.c ============================================================================== --- stable/11/crypto/openssl/crypto/bio/b_sock.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bio/b_sock.c Tue Nov 20 21:26:25 2018 (r340704) @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +#define _DEFAULT_SOURCE +#define _BSD_SOURCE + #include #include #include @@ -83,6 +86,11 @@ NETDB_DEFINE_CONTEXT static int wsa_init_done = 0; # endif +# if defined(__GLIBC__) +# define HAVE_GETHOSTBYNAME_R +# define GETHOSTNAME_R_BUF (2 * 1024) +# endif + /* * WSAAPI specifier is required to make indirect calls to run-time * linked WinSock 2 functions used in this module, to be specific @@ -116,7 +124,12 @@ int BIO_get_host_ip(const char *str, unsigned char *ip int i; int err = 1; int locked = 0; - struct hostent *he; + struct hostent *he = NULL; +# ifdef HAVE_GETHOSTBYNAME_R + char buf[GETHOSTNAME_R_BUF]; + struct hostent hostent; + int h_errnop; +# endif i = get_ip(str, ip); if (i < 0) { @@ -138,10 +151,18 @@ int BIO_get_host_ip(const char *str, unsigned char *ip if (i > 0) return (1); + /* if gethostbyname_r is supported, use it. */ +# ifdef HAVE_GETHOSTBYNAME_R + memset(&hostent, 0x00, sizeof(hostent)); + /* gethostbyname_r() sets |he| to NULL on error, we check it further down */ + gethostbyname_r(str, &hostent, buf, sizeof(buf), &he, &h_errnop); +# else /* do a gethostbyname */ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); locked = 1; he = BIO_gethostbyname(str); +# endif + if (he == NULL) { BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); goto err; Modified: stable/11/crypto/openssl/crypto/bn/asm/x86_64-gcc.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 21:26:25 2018 (r340704) @@ -55,12 +55,6 @@ * machine. */ -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - # undef mul # undef mul_add Modified: stable/11/crypto/openssl/crypto/bn/bn_blind.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_blind.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_blind.c Tue Nov 20 21:26:25 2018 (r340704) @@ -1,6 +1,6 @@ /* crypto/bn/bn_blind.c */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -206,10 +206,15 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { - if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) - goto err; - if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) - goto err; + if (b->m_ctx != NULL) { + if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx) + || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx)) + goto err; + } else { + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx) + || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; + } } ret = 1; @@ -241,13 +246,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BL else if (!BN_BLINDING_update(b, ctx)) return (0); - if (r != NULL) { - if (!BN_copy(r, b->Ai)) - ret = 0; - } + if (r != NULL && (BN_copy(r, b->Ai) == NULL)) + return 0; - if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) - ret = 0; + if (b->m_ctx != NULL) + ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx); + else + ret = BN_mod_mul(n, n, b->A, b->mod, ctx); return ret; } @@ -264,14 +269,29 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, bn_check_top(n); - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else { - if (b->Ai == NULL) { - BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); - return (0); + if (r == NULL && (r = b->Ai) == NULL) { + BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); + return 0; + } + + if (b->m_ctx != NULL) { + /* ensure that BN_mod_mul_montgomery takes pre-defined path */ + if (n->dmax >= r->top) { + size_t i, rtop = r->top, ntop = n->top; + BN_ULONG mask; + + for (i = 0; i < rtop; i++) { + mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1)); + n->d[i] &= mask; + } + mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); + /* always true, if (rtop >= ntop) n->top = r->top; */ + n->top = (int)(rtop & ~mask) | (ntop & mask); + n->flags |= (BN_FLG_FIXED_TOP & ~mask); } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx); + } else { + ret = BN_mod_mul(n, n, r, b->mod, ctx); } bn_check_top(n); @@ -366,11 +386,16 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, } while (1); if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp - (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) + goto err; + } + + if (ret->m_ctx != NULL) { + if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx) + || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx)) goto err; } Modified: stable/11/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_lib.c Tue Nov 20 21:26:25 2018 (r340704) @@ -617,26 +617,40 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIG static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { int n; - size_t i, inc, lasti, j; + size_t i, lasti, j, atop, mask; BN_ULONG l; + /* + * In case |a| is fixed-top, BN_num_bytes can return bogus length, + * but it's assumed that fixed-top inputs ought to be "nominated" + * even for padded output, so it works out... + */ n = BN_num_bytes(a); - if (tolen == -1) + if (tolen == -1) { tolen = n; - else if (tolen < n) - return -1; + } else if (tolen < n) { /* uncommon/unlike case */ + BIGNUM temp = *a; - if (n == 0) { + bn_correct_top(&temp); + n = BN_num_bytes(&temp); + if (tolen < n) + return -1; + } + + /* Swipe through whole available data and don't give away padded zero. */ + atop = a->dmax * BN_BYTES; + if (atop == 0) { OPENSSL_cleanse(to, tolen); return tolen; } - lasti = n - 1; - for (i = 0, inc = 1, j = tolen; j > 0;) { + lasti = atop - 1; + atop = a->top * BN_BYTES; + for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { l = a->d[i / BN_BYTES]; - to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); - inc = (i - lasti) >> (8 * sizeof(i) - 1); - i += inc; /* stay on top limb */ + mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); + *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } return tolen; @@ -888,6 +902,38 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, t = (a->top ^ b->top) & condition; a->top ^= t; b->top ^= t; + + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it + */ + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; + a->flags ^= t; + b->flags ^= t; #define BN_CONSTTIME_SWAP(ind) \ do { \ Modified: stable/11/crypto/openssl/crypto/bn/bn_mod.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_mod.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_mod.c Tue Nov 20 21:26:25 2018 (r340704) @@ -172,7 +172,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, c if (mtop > sizeof(storage) / sizeof(storage[0]) && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) - return 0; + return 0; ap = a->d != NULL ? a->d : tp; bp = b->d != NULL ? b->d : tp; @@ -197,6 +197,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, c ((volatile BN_ULONG *)tp)[i] = 0; } r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; r->neg = 0; if (tp != storage) @@ -222,6 +223,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNU if (!BN_sub(r, a, b)) return 0; return BN_nnmod(r, r, m, ctx); +} + +/* + * BN_mod_sub variant that may be used if both a and b are non-negative, + * a is less than m, while b is of same bit width as m. It's implemented + * as subtraction followed by two conditional additions. + * + * 0 <= a < m + * 0 <= b < 2^w < 2*m + * + * after subtraction + * + * -2*m < r = a - b < m + * + * Thus it takes up to two conditional additions to make |r| positive. + */ +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + size_t i, ai, bi, mtop = m->top; + BN_ULONG borrow, carry, ta, tb, mask, *rp; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, m->top) == NULL) + return 0; + + rp = r->d; + ap = a->d != NULL ? a->d : rp; + bp = b->d != NULL ? b->d : rp; + + for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + ta = ap[ai] & mask; + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tb = bp[bi] & mask; + rp[i] = ta - tb - borrow; + if (ta != tb) + borrow = (ta < tb); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + ap = m->d; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + borrow -= carry; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + return 1; } /* Modified: stable/11/crypto/openssl/crypto/bn/bn_mont.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_mont.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_mont.c Tue Nov 20 21:26:25 2018 (r340704) @@ -164,10 +164,10 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, bn_check_top(tmp); if (a == b) { - if (!BN_sqr(tmp, a, ctx)) + if (!bn_sqr_fixed_top(tmp, a, ctx)) goto err; } else { - if (!BN_mul(tmp, a, b, ctx)) + if (!bn_mul_fixed_top(tmp, a, b, ctx)) goto err; } /* reduce from aRR to aR */ @@ -190,6 +190,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; + unsigned int rtop; n = &(mont->N); nl = n->top; @@ -207,12 +208,10 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM rp = r->d; /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif + for (rtop = r->top, i = 0; i < max; i++) { + v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); + rp[i] &= v; + } r->top = max; r->flags |= BN_FLG_FIXED_TOP; @@ -263,6 +262,18 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { + int retn; + + retn = bn_from_mont_fixed_top(ret, a, mont, ctx); + bn_correct_top(ret); + bn_check_top(ret); + + return retn; +} + +int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ int retn = 0; #ifdef MONT_WORD BIGNUM *t; @@ -270,8 +281,6 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, B BN_CTX_start(ctx); if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { retn = bn_from_montgomery_word(ret, t, mont); - bn_correct_top(ret); - bn_check_top(ret); } BN_CTX_end(ctx); #else /* !MONT_WORD */ Modified: stable/11/crypto/openssl/crypto/bn/bn_mul.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_mul.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_mul.c Tue Nov 20 21:26:25 2018 (r340704) @@ -936,6 +936,16 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { + int ret = bn_mul_fixed_top(r, a, b, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ int ret = 0; int top, al, bl; BIGNUM *rr; @@ -1042,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; Modified: stable/11/crypto/openssl/crypto/bn/bn_sqr.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_sqr.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_sqr.c Tue Nov 20 21:26:25 2018 (r340704) @@ -66,6 +66,16 @@ */ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { + int ret = bn_sqr_fixed_top(r, a, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ int max, al; int ret = 0; BIGNUM *tmp, *rr; @@ -136,7 +146,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) rr->neg = 0; rr->top = max; - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; Modified: stable/11/crypto/openssl/crypto/bn/bn_x931p.c ============================================================================== --- stable/11/crypto/openssl/crypto/bn/bn_x931p.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn/bn_x931p.c Tue Nov 20 21:26:25 2018 (r340704) @@ -4,7 +4,7 @@ * 2005. */ /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -223,8 +223,10 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int n for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } Modified: stable/11/crypto/openssl/crypto/bn_int.h ============================================================================== --- stable/11/crypto/openssl/crypto/bn_int.h Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/bn_int.h Tue Nov 20 21:26:25 2018 (r340704) @@ -7,9 +7,15 @@ */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); Modified: stable/11/crypto/openssl/crypto/conf/Makefile ============================================================================== --- stable/11/crypto/openssl/crypto/conf/Makefile Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/conf/Makefile Tue Nov 20 21:26:25 2018 (r340704) @@ -80,12 +80,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. conf_api.o: ../../e_os.h ../../include/openssl/bio.h -conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +conf_api.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h +conf_api.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -conf_api.o: ../../include/openssl/symhacks.h conf_api.c +conf_api.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h Modified: stable/11/crypto/openssl/crypto/conf/conf_api.c ============================================================================== --- stable/11/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/conf/conf_api.c Tue Nov 20 21:26:25 2018 (r340704) @@ -66,6 +66,7 @@ #include #include #include +#include "cryptlib.h" #include #include #include "e_os.h" @@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *s if (v != NULL) return (v->value); if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return (p); } @@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *s else return (NULL); } else - return (getenv(name)); + return (ossl_safe_getenv(name)); } #if 0 /* There's no way to provide error checking Modified: stable/11/crypto/openssl/crypto/conf/conf_mod.c ============================================================================== --- stable/11/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/conf/conf_mod.c Tue Nov 20 21:26:25 2018 (r340704) @@ -4,7 +4,7 @@ * 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void) char *file; int len; - file = getenv("OPENSSL_CONF"); + file = ossl_safe_getenv("OPENSSL_CONF"); if (file) return BUF_strdup(file); Modified: stable/11/crypto/openssl/crypto/cryptlib.h ============================================================================== --- stable/11/crypto/openssl/crypto/cryptlib.h Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/cryptlib.h Tue Nov 20 21:26:25 2018 (r340704) @@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; +char *ossl_safe_getenv(const char *); + #ifdef __cplusplus } #endif Modified: stable/11/crypto/openssl/crypto/dsa/dsa_gen.c ============================================================================== --- stable/11/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/dsa/dsa_gen.c Tue Nov 20 21:26:25 2018 (r340704) @@ -435,6 +435,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N EVP_MD_CTX_init(&mctx); + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); Modified: stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c ============================================================================== --- stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/dsa/dsa_ossl.c Tue Nov 20 21:26:25 2018 (r340704) @@ -73,6 +73,8 @@ static int dsa_do_verify(const unsigned char *dgst, in DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -279,7 +281,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI goto err; /* Preallocate space */ - q_bits = BN_num_bits(dsa->q); + q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; if (!BN_set_bit(&k, q_bits) || !BN_set_bit(&l, q_bits) || !BN_set_bit(&m, q_bits)) @@ -293,9 +295,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); + BN_set_flags(&l, BN_FLG_CONSTTIME); } - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, CRYPTO_LOCK_DSA, dsa->p, ctx)) @@ -333,8 +335,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(&k, dsa->q, ctx)) == NULL) goto err; if (*kinvp != NULL) @@ -467,4 +469,32 @@ static int dsa_finish(DSA *dsa) if (dsa->method_mont_p) BN_MONT_CTX_free(dsa->method_mont_p); return (1); +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_init(&e); + + if (BN_set_word(r, 2) + && BN_sub(&e, q, r) + && BN_mod_exp_mont(r, k, &e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_free(&e); + return res; } Modified: stable/11/crypto/openssl/crypto/ec/ec_lcl.h ============================================================================== --- stable/11/crypto/openssl/crypto/ec/ec_lcl.h Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/ec/ec_lcl.h Tue Nov 20 21:26:25 2018 (r340704) @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -214,7 +214,7 @@ struct ec_group_st { int asn1_flag; /* flag to control the asn1 encoding */ /* * Kludge: upper bit of ans1_flag is used to denote structure - * version. Is set, then last field is present. This is done + * version. If set, then last field is present. This is done * for interoperation with FIPS code. */ #define EC_GROUP_ASN1_FLAG_MASK 0x7fffffff @@ -549,7 +549,6 @@ void ec_GFp_nistp_points_make_affine_internal(size_t n void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); #endif -int ec_precompute_mont_data(EC_GROUP *); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized Modified: stable/11/crypto/openssl/crypto/ec/ec_lib.c ============================================================================== --- stable/11/crypto/openssl/crypto/ec/ec_lib.c Tue Nov 20 21:10:04 2018 (r340703) +++ stable/11/crypto/openssl/crypto/ec/ec_lib.c Tue Nov 20 21:26:25 2018 (r340704) @@ -70,6 +70,10 @@ const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; +/* local function prototypes */ + +static int ec_precompute_mont_data(EC_GROUP *group); + /* functions for EC_GROUP objects */ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) @@ -318,17 +322,25 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_P } else BN_zero(&group->cofactor); - /* - * Some groups have an order with - * factors of two, which makes the Montgomery setup fail. - * |group->mont_data| will be NULL in this case. + /*- + * Access to the `mont_data` field of an EC_GROUP struct should always be + * guarded by an EC_GROUP_VERSION(group) check to avoid OOB accesses, as the + * group might come from the FIPS module, which does not define the + * `mont_data` field inside the EC_GROUP structure. */ - if (BN_is_odd(&group->order)) { - return ec_precompute_mont_data(group); + if (EC_GROUP_VERSION(group)) { + /*- + * Some groups have an order with + * factors of two, which makes the Montgomery setup fail. + * |group->mont_data| will be NULL in this case. + */ + if (BN_is_odd(&group->order)) + return ec_precompute_mont_data(group); + + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; } - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; return 1; } @@ -1098,17 +1110,22 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *grou * been performed */ } -/* +/*- * ec_precompute_mont_data sets |group->mont_data| from |group->order| and * returns one on success. On error it returns zero. + * + * Note: this function must be called only after verifying that + * EC_GROUP_VERSION(group) returns true. + * The reason for this is that access to the `mont_data` field of an EC_GROUP + * struct should always be guarded by an EC_GROUP_VERSION(group) check to avoid + * OOB accesses, as the group might come from the FIPS module, which does not + * define the `mont_data` field inside the EC_GROUP structure. */ +static int ec_precompute_mont_data(EC_GROUP *group) { BN_CTX *ctx = BN_CTX_new(); int ret = 0; - *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-11@freebsd.org Wed Nov 21 18:53:31 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 411D51141DE5; Wed, 21 Nov 2018 18:53:31 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE10F701F6; Wed, 21 Nov 2018 18:53:30 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C0AE12460D; Wed, 21 Nov 2018 18:53:30 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wALIrUHg006675; Wed, 21 Nov 2018 18:53:30 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wALIrUcB006674; Wed, 21 Nov 2018 18:53:30 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201811211853.wALIrUcB006674@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Wed, 21 Nov 2018 18:53:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340740 - stable/11/sys/dev/mmc X-SVN-Group: stable-11 X-SVN-Commit-Author: marius X-SVN-Commit-Paths: stable/11/sys/dev/mmc X-SVN-Commit-Revision: 340740 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DE10F701F6 X-Spamd-Result: default: False [0.77 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.01)[0.010,0]; NEURAL_SPAM_MEDIUM(0.29)[0.287,0]; NEURAL_SPAM_SHORT(0.47)[0.468,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2018 18:53:31 -0000 Author: marius Date: Wed Nov 21 18:53:30 2018 New Revision: 340740 URL: https://svnweb.freebsd.org/changeset/base/340740 Log: MFC: r340495 - Restore setting the clock for devices which support the default/legacy transfer mode only (lost with r321385). [1] - Similarly, don't try to set the power class on MMC devices that comply to version 4.0 of the system specification but are operated in default/ legacy transfer or 1-bit bus mode as no power class is specified for these cases. Trying to set a power class nevertheless resulted in an - albeit harmless - error message. PR: 231713 [1] Modified: stable/11/sys/dev/mmc/mmc.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/mmc/mmc.c ============================================================================== --- stable/11/sys/dev/mmc/mmc.c Wed Nov 21 18:53:13 2018 (r340739) +++ stable/11/sys/dev/mmc/mmc.c Wed Nov 21 18:53:30 2018 (r340740) @@ -828,9 +828,14 @@ mmc_set_power_class(struct mmc_softc *sc, struct mmc_i const uint8_t *ext_csd; uint32_t clock; uint8_t value; + enum mmc_bus_timing timing; + enum mmc_bus_width bus_width; dev = sc->dev; - if (mmcbr_get_mode(dev) != mode_mmc || ivar->csd.spec_vers < 4) + timing = mmcbr_get_timing(dev); + bus_width = ivar->bus_width; + if (mmcbr_get_mode(dev) != mode_mmc || ivar->csd.spec_vers < 4 || + timing == bus_timing_normal || bus_width == bus_width_1) return (MMC_ERR_NONE); value = 0; @@ -841,8 +846,8 @@ mmc_set_power_class(struct mmc_softc *sc, struct mmc_i if (clock <= MMC_TYPE_HS_26_MAX) value = ext_csd[EXT_CSD_PWR_CL_26_195]; else if (clock <= MMC_TYPE_HS_52_MAX) { - if (mmcbr_get_timing(dev) >= bus_timing_mmc_ddr52 && - ivar->bus_width >= bus_width_4) + if (timing >= bus_timing_mmc_ddr52 && + bus_width >= bus_width_4) value = ext_csd[EXT_CSD_PWR_CL_52_195_DDR]; else value = ext_csd[EXT_CSD_PWR_CL_52_195]; @@ -861,13 +866,13 @@ mmc_set_power_class(struct mmc_softc *sc, struct mmc_i if (clock <= MMC_TYPE_HS_26_MAX) value = ext_csd[EXT_CSD_PWR_CL_26_360]; else if (clock <= MMC_TYPE_HS_52_MAX) { - if (mmcbr_get_timing(dev) == bus_timing_mmc_ddr52 && - ivar->bus_width >= bus_width_4) + if (timing == bus_timing_mmc_ddr52 && + bus_width >= bus_width_4) value = ext_csd[EXT_CSD_PWR_CL_52_360_DDR]; else value = ext_csd[EXT_CSD_PWR_CL_52_360]; } else if (clock <= MMC_TYPE_HS200_HS400ES_MAX) { - if (ivar->bus_width == bus_width_8) + if (bus_width == bus_width_8) value = ext_csd[EXT_CSD_PWR_CL_200_360_DDR]; else value = ext_csd[EXT_CSD_PWR_CL_200_360]; @@ -879,7 +884,7 @@ mmc_set_power_class(struct mmc_softc *sc, struct mmc_i return (MMC_ERR_INVALID); } - if (ivar->bus_width == bus_width_8) + if (bus_width == bus_width_8) value = (value & EXT_CSD_POWER_CLASS_8BIT_MASK) >> EXT_CSD_POWER_CLASS_8BIT_SHIFT; else @@ -2165,7 +2170,7 @@ mmc_calculate_clock(struct mmc_softc *sc) for (i = 0; i < sc->child_count; i++) { ivar = device_get_ivars(sc->child_list[i]); if ((ivar->timings & ~(1 << bus_timing_normal)) == 0) - continue; + goto clock; rca = ivar->rca; if (mmc_select_card(sc, rca) != MMC_ERR_NONE) { @@ -2231,6 +2236,7 @@ mmc_calculate_clock(struct mmc_softc *sc) } } +clock: /* Set clock (must be done before initial tuning). */ mmcbr_set_clock(dev, max_dtr); mmcbr_update_ios(dev); From owner-svn-src-stable-11@freebsd.org Thu Nov 22 09:41:59 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 365AD1142ABD; Thu, 22 Nov 2018 09:41:59 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF55F6E506; Thu, 22 Nov 2018 09:41:58 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BA2B8627E; Thu, 22 Nov 2018 09:41:54 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAM9fsGs065990; Thu, 22 Nov 2018 09:41:54 GMT (envelope-from tijl@FreeBSD.org) Received: (from tijl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAM9fs72065989; Thu, 22 Nov 2018 09:41:54 GMT (envelope-from tijl@FreeBSD.org) Message-Id: <201811220941.wAM9fs72065989@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tijl set sender to tijl@FreeBSD.org using -f From: Tijl Coosemans Date: Thu, 22 Nov 2018 09:41:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340756 - stable/11/sys/compat/linux X-SVN-Group: stable-11 X-SVN-Commit-Author: tijl X-SVN-Commit-Paths: stable/11/sys/compat/linux X-SVN-Commit-Revision: 340756 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: BF55F6E506 X-Spamd-Result: default: False [1.51 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.41)[0.407,0]; NEURAL_SPAM_MEDIUM(0.52)[0.517,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.59)[0.589,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 09:41:59 -0000 Author: tijl Date: Thu Nov 22 09:41:54 2018 New Revision: 340756 URL: https://svnweb.freebsd.org/changeset/base/340756 Log: MFC r340631: Do proper copyin of control message data in the Linux sendmsg syscall. Instead of calling m_append with a user address, allocate an mbuf cluster and copy data into it using copyin. For the SCM_CREDS case, instead of zeroing a stack variable and appending that to the mbuf, zero part of the mbuf cluster directly. One mbuf cluster is also the size limit used by the FreeBSD sendmsg syscall (uipc_syscalls.c:sockargs()). PR: 217901 Reviewed by: kib Modified: stable/11/sys/compat/linux/linux_socket.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/compat/linux/linux_socket.c ============================================================================== --- stable/11/sys/compat/linux/linux_socket.c Thu Nov 22 09:41:45 2018 (r340755) +++ stable/11/sys/compat/linux/linux_socket.c Thu Nov 22 09:41:54 2018 (r340756) @@ -1088,7 +1088,6 @@ linux_sendmsg_common(struct thread *td, l_int s, struc l_uint flags) { struct cmsghdr *cmsg; - struct cmsgcred cmcred; struct mbuf *control; struct msghdr msg; struct l_cmsghdr linux_cmsg; @@ -1099,6 +1098,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc struct sockaddr *sa; sa_family_t sa_family; void *data; + l_size_t len; int error; error = copyin(msghdr, &linux_msg, sizeof(linux_msg)); @@ -1129,7 +1129,6 @@ linux_sendmsg_common(struct thread *td, l_int s, struc return (error); control = NULL; - cmsg = NULL; if ((ptr_cmsg = LINUX_CMSG_FIRSTHDR(&linux_msg)) != NULL) { error = kern_getsockname(td, s, &sa, &datalen); @@ -1139,8 +1138,10 @@ linux_sendmsg_common(struct thread *td, l_int s, struc free(sa, M_SONAME); error = ENOBUFS; - cmsg = malloc(CMSG_HDRSZ, M_LINUX, M_WAITOK|M_ZERO); control = m_get(M_WAITOK, MT_CONTROL); + MCLGET(control, M_WAITOK); + data = mtod(control, void *); + datalen = 0; do { error = copyin(ptr_cmsg, &linux_cmsg, @@ -1152,10 +1153,14 @@ linux_sendmsg_common(struct thread *td, l_int s, struc if (linux_cmsg.cmsg_len < sizeof(struct l_cmsghdr)) goto bad; + if (datalen + CMSG_HDRSZ > MCLBYTES) + goto bad; + /* * Now we support only SCM_RIGHTS and SCM_CRED, * so return EINVAL in any other cmsg_type */ + cmsg = data; cmsg->cmsg_type = linux_to_bsd_cmsg_type(linux_cmsg.cmsg_type); cmsg->cmsg_level = @@ -1173,35 +1178,34 @@ linux_sendmsg_common(struct thread *td, l_int s, struc if (sa_family != AF_UNIX) continue; - data = LINUX_CMSG_DATA(ptr_cmsg); - datalen = linux_cmsg.cmsg_len - L_CMSG_HDRSZ; + if (cmsg->cmsg_type == SCM_CREDS) { + len = sizeof(struct cmsgcred); + if (datalen + CMSG_SPACE(len) > MCLBYTES) + goto bad; - switch (cmsg->cmsg_type) - { - case SCM_RIGHTS: - break; - - case SCM_CREDS: - data = &cmcred; - datalen = sizeof(cmcred); - /* * The lower levels will fill in the structure */ - bzero(data, datalen); - break; + memset(CMSG_DATA(data), 0, len); + } else { + len = linux_cmsg.cmsg_len - L_CMSG_HDRSZ; + if (datalen + CMSG_SPACE(len) < datalen || + datalen + CMSG_SPACE(len) > MCLBYTES) + goto bad; + + error = copyin(LINUX_CMSG_DATA(ptr_cmsg), + CMSG_DATA(data), len); + if (error != 0) + goto bad; } - cmsg->cmsg_len = CMSG_LEN(datalen); - - error = ENOBUFS; - if (!m_append(control, CMSG_HDRSZ, (c_caddr_t)cmsg)) - goto bad; - if (!m_append(control, datalen, (c_caddr_t)data)) - goto bad; + cmsg->cmsg_len = CMSG_LEN(len); + data = (char *)data + CMSG_SPACE(len); + datalen += CMSG_SPACE(len); } while ((ptr_cmsg = LINUX_CMSG_NXTHDR(&linux_msg, ptr_cmsg))); - if (m_length(control, NULL) == 0) { + control->m_len = datalen; + if (datalen == 0) { m_freem(control); control = NULL; } @@ -1215,8 +1219,6 @@ linux_sendmsg_common(struct thread *td, l_int s, struc bad: m_freem(control); free(iov, M_IOV); - if (cmsg) - free(cmsg, M_LINUX); return (error); } From owner-svn-src-stable-11@freebsd.org Thu Nov 22 09:47:56 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B7BB1142F85; Thu, 22 Nov 2018 09:47:56 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E41606EC6C; Thu, 22 Nov 2018 09:47:55 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1A78E63D4; Thu, 22 Nov 2018 09:47:52 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAM9lpnU067291; Thu, 22 Nov 2018 09:47:51 GMT (envelope-from tijl@FreeBSD.org) Received: (from tijl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAM9lpjs067290; Thu, 22 Nov 2018 09:47:51 GMT (envelope-from tijl@FreeBSD.org) Message-Id: <201811220947.wAM9lpjs067290@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tijl set sender to tijl@FreeBSD.org using -f From: Tijl Coosemans Date: Thu, 22 Nov 2018 09:47:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340758 - stable/11/sys/compat/linux X-SVN-Group: stable-11 X-SVN-Commit-Author: tijl X-SVN-Commit-Paths: stable/11/sys/compat/linux X-SVN-Commit-Revision: 340758 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E41606EC6C X-Spamd-Result: default: False [1.51 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.41)[0.407,0]; NEURAL_SPAM_MEDIUM(0.52)[0.517,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.59)[0.589,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 09:47:56 -0000 Author: tijl Date: Thu Nov 22 09:47:51 2018 New Revision: 340758 URL: https://svnweb.freebsd.org/changeset/base/340758 Log: MFC r340674: Fix another user address dereference in linux_sendmsg syscall. This was hidden behind the LINUX_CMSG_NXTHDR macro which dereferences its second argument. Stop using the macro as well as LINUX_CMSG_FIRSTHDR. Use the size field of the kernel copy of the control message header to obtain the next control message. PR: 217901 Modified: stable/11/sys/compat/linux/linux_socket.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/compat/linux/linux_socket.c ============================================================================== --- stable/11/sys/compat/linux/linux_socket.c Thu Nov 22 09:47:42 2018 (r340757) +++ stable/11/sys/compat/linux/linux_socket.c Thu Nov 22 09:47:51 2018 (r340758) @@ -1099,6 +1099,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc sa_family_t sa_family; void *data; l_size_t len; + l_size_t clen; int error; error = copyin(msghdr, &linux_msg, sizeof(linux_msg)); @@ -1130,7 +1131,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc control = NULL; - if ((ptr_cmsg = LINUX_CMSG_FIRSTHDR(&linux_msg)) != NULL) { + if (linux_msg.msg_controllen >= sizeof(struct l_cmsghdr)) { error = kern_getsockname(td, s, &sa, &datalen); if (error != 0) goto bad; @@ -1143,6 +1144,8 @@ linux_sendmsg_common(struct thread *td, l_int s, struc data = mtod(control, void *); datalen = 0; + ptr_cmsg = PTRIN(linux_msg.msg_control); + clen = linux_msg.msg_controllen; do { error = copyin(ptr_cmsg, &linux_cmsg, sizeof(struct l_cmsghdr)); @@ -1150,7 +1153,8 @@ linux_sendmsg_common(struct thread *td, l_int s, struc goto bad; error = EINVAL; - if (linux_cmsg.cmsg_len < sizeof(struct l_cmsghdr)) + if (linux_cmsg.cmsg_len < sizeof(struct l_cmsghdr) || + linux_cmsg.cmsg_len > clen) goto bad; if (datalen + CMSG_HDRSZ > MCLBYTES) @@ -1202,7 +1206,14 @@ linux_sendmsg_common(struct thread *td, l_int s, struc cmsg->cmsg_len = CMSG_LEN(len); data = (char *)data + CMSG_SPACE(len); datalen += CMSG_SPACE(len); - } while ((ptr_cmsg = LINUX_CMSG_NXTHDR(&linux_msg, ptr_cmsg))); + + if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)) + break; + + clen -= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len); + ptr_cmsg = (struct l_cmsghdr *)((char *)ptr_cmsg + + LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)); + } while(clen >= sizeof(struct l_cmsghdr)); control->m_len = datalen; if (datalen == 0) { From owner-svn-src-stable-11@freebsd.org Thu Nov 22 13:14:17 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB57411486B2; Thu, 22 Nov 2018 13:14:16 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6D2FE76318; Thu, 22 Nov 2018 13:14:16 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4888D105BF; Thu, 22 Nov 2018 13:14:16 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAMDEGte077130; Thu, 22 Nov 2018 13:14:16 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAMDEFom077127; Thu, 22 Nov 2018 13:14:15 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201811221314.wAMDEFom077127@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Thu, 22 Nov 2018 13:14:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340763 - stable/11/sys/dev/sdhci X-SVN-Group: stable-11 X-SVN-Commit-Author: marius X-SVN-Commit-Paths: stable/11/sys/dev/sdhci X-SVN-Commit-Revision: 340763 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 6D2FE76318 X-Spamd-Result: default: False [1.07 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.41)[0.407,0]; NEURAL_SPAM_SHORT(0.15)[0.145,0]; NEURAL_SPAM_MEDIUM(0.52)[0.517,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 13:14:17 -0000 Author: marius Date: Thu Nov 22 13:14:15 2018 New Revision: 340763 URL: https://svnweb.freebsd.org/changeset/base/340763 Log: MFC: r339007, r340543, r340654 - Add ACPI identifier for AMD eMMC 5.0 controller [1] - Add a quirk handling for AMDI0040 controllers allowing them to do HS400. [2] Submitted by: Rajesh Kumar [1], Shreyank Amartya (original version) [2] Modified: stable/11/sys/dev/sdhci/sdhci.c stable/11/sys/dev/sdhci/sdhci.h stable/11/sys/dev/sdhci/sdhci_acpi.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/sdhci/sdhci.c ============================================================================== --- stable/11/sys/dev/sdhci/sdhci.c Thu Nov 22 13:12:17 2018 (r340762) +++ stable/11/sys/dev/sdhci/sdhci.c Thu Nov 22 13:14:15 2018 (r340763) @@ -809,6 +809,9 @@ sdhci_init_slot(device_t dev, struct sdhci_slot *slot, if (slot->quirks & SDHCI_QUIRK_CAPS_BIT63_FOR_MMC_HS400 && caps2 & SDHCI_CAN_MMC_HS400) host_caps |= MMC_CAP_MMC_HS400; + if (slot->quirks & SDHCI_QUIRK_MMC_HS400_IF_CAN_SDR104 && + caps2 & SDHCI_CAN_SDR104) + host_caps |= MMC_CAP_MMC_HS400; /* * Disable UHS-I and eMMC modes if the set_uhs_timing method is the Modified: stable/11/sys/dev/sdhci/sdhci.h ============================================================================== --- stable/11/sys/dev/sdhci/sdhci.h Thu Nov 22 13:12:17 2018 (r340762) +++ stable/11/sys/dev/sdhci/sdhci.h Thu Nov 22 13:14:15 2018 (r340763) @@ -89,6 +89,8 @@ #define SDHCI_QUIRK_PRESET_VALUE_BROKEN (1 << 27) /* Controller does not support or the support for ACMD12 is broken. */ #define SDHCI_QUIRK_BROKEN_AUTO_STOP (1 << 28) +/* Controller supports eMMC HS400 mode if SDHCI_CAN_SDR104 is set. */ +#define SDHCI_QUIRK_MMC_HS400_IF_CAN_SDR104 (1 << 29) /* * Controller registers Modified: stable/11/sys/dev/sdhci/sdhci_acpi.c ============================================================================== --- stable/11/sys/dev/sdhci/sdhci_acpi.c Thu Nov 22 13:12:17 2018 (r340762) +++ stable/11/sys/dev/sdhci/sdhci_acpi.c Thu Nov 22 13:14:15 2018 (r340763) @@ -45,12 +45,15 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include "mmcbr_if.h" #include "sdhci_if.h" +#define SDHCI_AMD_RESET_DLL_REG 0x908 + static const struct sdhci_acpi_device { const char* hid; int uid; @@ -79,6 +82,9 @@ static const struct sdhci_acpi_device { SDHCI_QUIRK_MMC_DDR52 | SDHCI_QUIRK_CAPS_BIT63_FOR_MMC_HS400 | SDHCI_QUIRK_PRESET_VALUE_BROKEN }, + { "AMDI0040", 0, "AMD eMMC 5.0 Controller", + SDHCI_QUIRK_32BIT_DMA_SIZE | + SDHCI_QUIRK_MMC_HS400_IF_CAN_SDR104 }, { NULL, 0, NULL, 0} }; @@ -87,16 +93,16 @@ static char *sdhci_ids[] = { "80860F16", "80865ACA", "80865ACC", + "AMDI0040", NULL }; struct sdhci_acpi_softc { - u_int quirks; /* Chip specific quirks */ - struct resource *irq_res; /* IRQ resource */ - void *intrhand; /* Interrupt handle */ - struct sdhci_slot slot; struct resource *mem_res; /* Memory resource */ + struct resource *irq_res; /* IRQ resource */ + void *intrhand; /* Interrupt handle */ + const struct sdhci_acpi_device *acpi_dev; }; static void sdhci_acpi_intr(void *arg); @@ -186,6 +192,52 @@ sdhci_acpi_write_multi_4(device_t dev, struct sdhci_sl bus_write_multi_stream_4(sc->mem_res, off, data, count); } +static void +sdhci_acpi_set_uhs_timing(device_t dev, struct sdhci_slot *slot) +{ + const struct sdhci_acpi_softc *sc; + const struct sdhci_acpi_device *acpi_dev; + const struct mmc_ios *ios; + device_t bus; + uint16_t old_timing; + enum mmc_bus_timing timing; + + bus = slot->bus; + old_timing = SDHCI_READ_2(bus, slot, SDHCI_HOST_CONTROL2); + old_timing &= SDHCI_CTRL2_UHS_MASK; + sdhci_generic_set_uhs_timing(dev, slot); + + sc = device_get_softc(dev); + acpi_dev = sc->acpi_dev; + /* + * AMDI0040 controllers require SDHCI_CTRL2_SAMPLING_CLOCK to be + * disabled when switching from HS200 to high speed and to always + * be turned on again when tuning for HS400. In the later case, + * an AMD-specific DLL reset additionally is needed. + */ + if (strcmp(acpi_dev->hid, "AMDI0040") == 0 && acpi_dev->uid == 0) { + ios = &slot->host.ios; + timing = ios->timing; + if (old_timing == SDHCI_CTRL2_UHS_SDR104 && + timing == bus_timing_hs) + SDHCI_WRITE_2(bus, slot, SDHCI_HOST_CONTROL2, + SDHCI_READ_2(bus, slot, SDHCI_HOST_CONTROL2) & + ~SDHCI_CTRL2_SAMPLING_CLOCK); + if (ios->clock > SD_SDR50_MAX && + old_timing != SDHCI_CTRL2_MMC_HS400 && + timing == bus_timing_mmc_hs400) { + SDHCI_WRITE_2(bus, slot, SDHCI_HOST_CONTROL2, + SDHCI_READ_2(bus, slot, SDHCI_HOST_CONTROL2) | + SDHCI_CTRL2_SAMPLING_CLOCK); + SDHCI_WRITE_4(bus, slot, SDHCI_AMD_RESET_DLL_REG, + 0x40003210); + DELAY(20); + SDHCI_WRITE_4(bus, slot, SDHCI_AMD_RESET_DLL_REG, + 0x40033210); + } + } +} + static const struct sdhci_acpi_device * sdhci_acpi_find_device(device_t dev) { @@ -234,13 +286,15 @@ sdhci_acpi_attach(device_t dev) { struct sdhci_acpi_softc *sc = device_get_softc(dev); int rid, err; + u_int quirks; const struct sdhci_acpi_device *acpi_dev; acpi_dev = sdhci_acpi_find_device(dev); if (acpi_dev == NULL) return (ENXIO); - sc->quirks = acpi_dev->quirks; + sc->acpi_dev = acpi_dev; + quirks = acpi_dev->quirks; /* Allocate IRQ. */ rid = 0; @@ -268,11 +322,10 @@ sdhci_acpi_attach(device_t dev) if (strcmp(acpi_dev->hid, "80860F14") == 0 && acpi_dev->uid == 1 && SDHCI_READ_4(dev, &sc->slot, SDHCI_CAPABILITIES) == 0x446cc8b2 && SDHCI_READ_4(dev, &sc->slot, SDHCI_CAPABILITIES2) == 0x00000807) - sc->quirks |= SDHCI_QUIRK_MMC_DDR52 | - SDHCI_QUIRK_DATA_TIMEOUT_1MHZ; - sc->quirks &= ~sdhci_quirk_clear; - sc->quirks |= sdhci_quirk_set; - sc->slot.quirks = sc->quirks; + quirks |= SDHCI_QUIRK_MMC_DDR52 | SDHCI_QUIRK_DATA_TIMEOUT_1MHZ; + quirks &= ~sdhci_quirk_clear; + quirks |= sdhci_quirk_set; + sc->slot.quirks = quirks; err = sdhci_init_slot(dev, &sc->slot, 0); if (err) { @@ -389,7 +442,7 @@ static device_method_t sdhci_methods[] = { DEVMETHOD(sdhci_write_2, sdhci_acpi_write_2), DEVMETHOD(sdhci_write_4, sdhci_acpi_write_4), DEVMETHOD(sdhci_write_multi_4, sdhci_acpi_write_multi_4), - DEVMETHOD(sdhci_set_uhs_timing, sdhci_generic_set_uhs_timing), + DEVMETHOD(sdhci_set_uhs_timing, sdhci_acpi_set_uhs_timing), DEVMETHOD_END }; From owner-svn-src-stable-11@freebsd.org Thu Nov 22 19:56:52 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B92DA11056BD; Thu, 22 Nov 2018 19:56:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5FD9083BAF; Thu, 22 Nov 2018 19:56:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 421861464C; Thu, 22 Nov 2018 19:56:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAMJuqG4083817; Thu, 22 Nov 2018 19:56:52 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAMJuqmB083816; Thu, 22 Nov 2018 19:56:52 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811221956.wAMJuqmB083816@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Thu, 22 Nov 2018 19:56:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340776 - stable/11/sys/netpfil/pf X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sys/netpfil/pf X-SVN-Commit-Revision: 340776 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5FD9083BAF X-Spamd-Result: default: False [1.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.03)[-0.027,0]; NEURAL_SPAM_LONG(0.39)[0.387,0]; NEURAL_SPAM_MEDIUM(0.70)[0.699,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 19:56:52 -0000 Author: kp Date: Thu Nov 22 19:56:51 2018 New Revision: 340776 URL: https://svnweb.freebsd.org/changeset/base/340776 Log: MFC r340265: pf: Prevent tables referenced by rules in anchors from getting disabled. PR: 183198 Obtained from: OpenBSD Modified: stable/11/sys/netpfil/pf/pf_table.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/pf/pf_table.c ============================================================================== --- stable/11/sys/netpfil/pf/pf_table.c Thu Nov 22 19:56:50 2018 (r340775) +++ stable/11/sys/netpfil/pf/pf_table.c Thu Nov 22 19:56:51 2018 (r340776) @@ -1747,6 +1747,7 @@ pfr_setflags_ktable(struct pfr_ktable *kt, int newf) PF_RULES_WASSERT(); if (!(newf & PFR_TFLAG_REFERENCED) && + !(newf & PFR_TFLAG_REFDANCHOR) && !(newf & PFR_TFLAG_PERSIST)) newf &= ~PFR_TFLAG_ACTIVE; if (!(newf & PFR_TFLAG_ACTIVE)) From owner-svn-src-stable-11@freebsd.org Thu Nov 22 19:59:05 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C098110597A; Thu, 22 Nov 2018 19:59:05 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A462D840D2; Thu, 22 Nov 2018 19:59:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 857E814667; Thu, 22 Nov 2018 19:59:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAMJx4RY084083; Thu, 22 Nov 2018 19:59:04 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAMJx4QP084082; Thu, 22 Nov 2018 19:59:04 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201811221959.wAMJx4QP084082@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Thu, 22 Nov 2018 19:59:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340779 - stable/11/sbin/pfctl X-SVN-Group: stable-11 X-SVN-Commit-Author: kp X-SVN-Commit-Paths: stable/11/sbin/pfctl X-SVN-Commit-Revision: 340779 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A462D840D2 X-Spamd-Result: default: False [1.06 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_SHORT(-0.03)[-0.027,0]; NEURAL_SPAM_LONG(0.39)[0.387,0]; NEURAL_SPAM_MEDIUM(0.70)[0.699,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2018 19:59:05 -0000 Author: kp Date: Thu Nov 22 19:59:04 2018 New Revision: 340779 URL: https://svnweb.freebsd.org/changeset/base/340779 Log: MFC r340264: pfctl: Populate ifname in ifa_lookup() pfctl_adjust_skip_ifaces() relies on this name. Modified: stable/11/sbin/pfctl/pfctl_parser.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sbin/pfctl/pfctl_parser.c ============================================================================== --- stable/11/sbin/pfctl/pfctl_parser.c Thu Nov 22 19:59:02 2018 (r340778) +++ stable/11/sbin/pfctl/pfctl_parser.c Thu Nov 22 19:59:04 2018 (r340779) @@ -1404,6 +1404,7 @@ ifa_lookup(const char *ifa_name, int flags) set_ipmask(n, 128); } n->ifindex = p->ifindex; + n->ifname = strdup(p->ifname); n->next = NULL; n->tail = n; From owner-svn-src-stable-11@freebsd.org Fri Nov 23 00:59:43 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DD6A1135D96; Fri, 23 Nov 2018 00:59:43 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B4AB46FAC6; Fri, 23 Nov 2018 00:59:42 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 900091775D; Fri, 23 Nov 2018 00:59:42 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAN0xg35042273; Fri, 23 Nov 2018 00:59:42 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAN0xg5P042272; Fri, 23 Nov 2018 00:59:42 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201811230059.wAN0xg5P042272@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Fri, 23 Nov 2018 00:59:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340789 - stable/11/sys/kern X-SVN-Group: stable-11 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: stable/11/sys/kern X-SVN-Commit-Revision: 340789 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: B4AB46FAC6 X-Spamd-Result: default: False [1.51 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.39)[0.387,0]; NEURAL_SPAM_SHORT(0.42)[0.424,0]; NEURAL_SPAM_MEDIUM(0.70)[0.699,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2018 00:59:43 -0000 Author: markj Date: Fri Nov 23 00:59:42 2018 New Revision: 340789 URL: https://svnweb.freebsd.org/changeset/base/340789 Log: MFC r340699: Clear pad bytes in the struct exported by kern.ntp_pll.gettime. Modified: stable/11/sys/kern/kern_ntptime.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/kern_ntptime.c ============================================================================== --- stable/11/sys/kern/kern_ntptime.c Fri Nov 23 00:56:42 2018 (r340788) +++ stable/11/sys/kern/kern_ntptime.c Fri Nov 23 00:59:42 2018 (r340789) @@ -300,6 +300,8 @@ ntp_sysctl(SYSCTL_HANDLER_ARGS) { struct ntptimeval ntv; /* temporary structure */ + memset(&ntv, 0, sizeof(ntv)); + NTP_LOCK(); ntp_gettime1(&ntv); NTP_UNLOCK(); From owner-svn-src-stable-11@freebsd.org Fri Nov 23 20:38:51 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB0BA11033A7; Fri, 23 Nov 2018 20:38:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F7447429B; Fri, 23 Nov 2018 20:38:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CE0A23A88; Fri, 23 Nov 2018 20:38:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wANKcpnV054769; Fri, 23 Nov 2018 20:38:51 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wANKcpQ4054768; Fri, 23 Nov 2018 20:38:51 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811232038.wANKcpQ4054768@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 23 Nov 2018 20:38:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340852 - stable/11/sys/fs/nfsserver X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/sys/fs/nfsserver X-SVN-Commit-Revision: 340852 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5F7447429B X-Spamd-Result: default: False [1.40 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.32)[0.320,0]; NEURAL_SPAM_MEDIUM(0.70)[0.697,0]; NEURAL_SPAM_LONG(0.39)[0.387,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2018 20:38:51 -0000 Author: emaste Date: Fri Nov 23 20:38:50 2018 New Revision: 340852 URL: https://svnweb.freebsd.org/changeset/base/340852 Log: MFC r340661 (rmacklem): r304026 added code that started statistics gathering for an operation before the operation number (the variable called "op") was sanity checked. This patch moves the code down to below the range sanity check for "op". Modified: stable/11/sys/fs/nfsserver/nfs_nfsdsocket.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdsocket.c ============================================================================== --- stable/11/sys/fs/nfsserver/nfs_nfsdsocket.c Fri Nov 23 20:32:41 2018 (r340851) +++ stable/11/sys/fs/nfsserver/nfs_nfsdsocket.c Fri Nov 23 20:38:50 2018 (r340852) @@ -758,11 +758,6 @@ nfsrvd_compound(struct nfsrv_descript *nd, int isdgram *repp = *tl; op = fxdr_unsigned(int, *tl); NFSD_DEBUG(4, "op=%d\n", op); - - binuptime(&start_time); - nfsrvd_statstart(op, &start_time); - statsinprog = 1; - if (op < NFSV4OP_ACCESS || (op >= NFSV4OP_NOPS && (nd->nd_flag & ND_NFSV41) == 0) || (op >= NFSV41_NOPS && (nd->nd_flag & ND_NFSV41) != 0)) { @@ -774,6 +769,11 @@ nfsrvd_compound(struct nfsrv_descript *nd, int isdgram } else { repp++; } + + binuptime(&start_time); + nfsrvd_statstart(op, &start_time); + statsinprog = 1; + if (i == 0) op0 = op; if (i == numops - 1) From owner-svn-src-stable-11@freebsd.org Fri Nov 23 20:39:38 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A9191103413; Fri, 23 Nov 2018 20:39:38 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0CADC743CF; Fri, 23 Nov 2018 20:39:38 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E1FC423A89; Fri, 23 Nov 2018 20:39:37 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wANKdb4l054862; Fri, 23 Nov 2018 20:39:37 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wANKdbh8054861; Fri, 23 Nov 2018 20:39:37 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811232039.wANKdbh8054861@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 23 Nov 2018 20:39:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340853 - stable/11/sys/fs/nfs X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/sys/fs/nfs X-SVN-Commit-Revision: 340853 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0CADC743CF X-Spamd-Result: default: False [1.40 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.39)[0.387,0]; NEURAL_SPAM_MEDIUM(0.70)[0.697,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.32)[0.320,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2018 20:39:38 -0000 Author: emaste Date: Fri Nov 23 20:39:37 2018 New Revision: 340853 URL: https://svnweb.freebsd.org/changeset/base/340853 Log: MFC r340662 (rmacklem): nfsm_advance() would panic() when the offs argument was negative. The code assumed that this would indicate a corrupted mbuf chain, but it could simply be caused by bogus RPC message data. This patch replaces the panic() with a printf() plus error return. Modified: stable/11/sys/fs/nfs/nfs_commonsubs.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfs/nfs_commonsubs.c ============================================================================== --- stable/11/sys/fs/nfs/nfs_commonsubs.c Fri Nov 23 20:38:50 2018 (r340852) +++ stable/11/sys/fs/nfs/nfs_commonsubs.c Fri Nov 23 20:39:37 2018 (r340853) @@ -360,10 +360,14 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int if (offs == 0) goto out; /* - * A negative offs should be considered a serious problem. + * A negative offs might indicate a corrupted mbuf chain and, + * as such, a printf is logged. */ - if (offs < 0) - panic("nfsrv_advance"); + if (offs < 0) { + printf("nfsrv_advance: negative offs\n"); + error = EBADRPC; + goto out; + } /* * If left == -1, calculate it here. From owner-svn-src-stable-11@freebsd.org Fri Nov 23 20:41:55 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9715111036A2; Fri, 23 Nov 2018 20:41:55 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3D6617474D; Fri, 23 Nov 2018 20:41:55 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1F89B23C29; Fri, 23 Nov 2018 20:41:55 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wANKftUf058705; Fri, 23 Nov 2018 20:41:55 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wANKftsn058691; Fri, 23 Nov 2018 20:41:55 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201811232041.wANKftsn058691@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 23 Nov 2018 20:41:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340854 - stable/11/sys/fs/nfsserver X-SVN-Group: stable-11 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: stable/11/sys/fs/nfsserver X-SVN-Commit-Revision: 340854 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 3D6617474D X-Spamd-Result: default: False [1.40 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.39)[0.387,0]; NEURAL_SPAM_MEDIUM(0.70)[0.697,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.32)[0.320,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2018 20:41:55 -0000 Author: emaste Date: Fri Nov 23 20:41:54 2018 New Revision: 340854 URL: https://svnweb.freebsd.org/changeset/base/340854 Log: MFC r340663 (rmacklem): Improve sanity checking for the dircount hint argument to NFSv3's ReaddirPlus and NFSv4's Readdir operations. The code checked for a zero argument, but did not check for a very large value. This patch clips dircount at the server's maximum data size. Modified: stable/11/sys/fs/nfsserver/nfs_nfsdport.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- stable/11/sys/fs/nfsserver/nfs_nfsdport.c Fri Nov 23 20:39:37 2018 (r340853) +++ stable/11/sys/fs/nfsserver/nfs_nfsdport.c Fri Nov 23 20:41:54 2018 (r340854) @@ -1858,9 +1858,15 @@ nfsrvd_readdirplus(struct nfsrv_descript *nd, int isdg * cookie) should be in the reply. At least one client "hints" 0, * so I set it to cnt for that case. I also round it up to the * next multiple of DIRBLKSIZ. + * Since the size of a Readdirplus directory entry reply will always + * be greater than a directory entry returned by VOP_READDIR(), it + * does not make sense to read more than NFS_SRVMAXDATA() via + * VOP_READDIR(). */ if (siz <= 0) siz = cnt; + else if (siz > NFS_SRVMAXDATA(nd)) + siz = NFS_SRVMAXDATA(nd); siz = ((siz + DIRBLKSIZ - 1) & ~(DIRBLKSIZ - 1)); if (nd->nd_flag & ND_NFSV4) { From owner-svn-src-stable-11@freebsd.org Sat Nov 24 17:11:49 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D525B1104CAD; Sat, 24 Nov 2018 17:11:48 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D7EA83845; Sat, 24 Nov 2018 17:11:48 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 45CF810DA0; Sat, 24 Nov 2018 17:11:48 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAOHBmBm012642; Sat, 24 Nov 2018 17:11:48 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAOHBmMD012641; Sat, 24 Nov 2018 17:11:48 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201811241711.wAOHBmMD012641@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Sat, 24 Nov 2018 17:11:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r340904 - stable/11/sys/kern X-SVN-Group: stable-11 X-SVN-Commit-Author: markj X-SVN-Commit-Paths: stable/11/sys/kern X-SVN-Commit-Revision: 340904 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 7D7EA83845 X-Spamd-Result: default: False [1.79 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.61)[0.611,0]; NEURAL_SPAM_MEDIUM(0.70)[0.697,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.49)[0.486,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2018 17:11:49 -0000 Author: markj Date: Sat Nov 24 17:11:47 2018 New Revision: 340904 URL: https://svnweb.freebsd.org/changeset/base/340904 Log: MFC r340734: Avoid unsynchronized updates to kn_status. Modified: stable/11/sys/kern/kern_event.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/kern/kern_event.c ============================================================================== --- stable/11/sys/kern/kern_event.c Sat Nov 24 17:09:35 2018 (r340903) +++ stable/11/sys/kern/kern_event.c Sat Nov 24 17:11:47 2018 (r340904) @@ -1391,6 +1391,8 @@ findkn: kn->kn_kevent.flags &= ~(EV_ADD | EV_DELETE | EV_ENABLE | EV_DISABLE | EV_FORCEONESHOT); kn->kn_status = KN_INFLUX|KN_DETACHED; + if ((kev->flags & EV_DISABLE) != 0) + kn->kn_status |= KN_DISABLED; error = knote_attach(kn, kq); KQ_UNLOCK(kq); @@ -1427,6 +1429,11 @@ findkn: KNOTE_ACTIVATE(kn, 1); } + if ((kev->flags & EV_ENABLE) != 0) + kn->kn_status &= ~KN_DISABLED; + else if ((kev->flags & EV_DISABLE) != 0) + kn->kn_status |= KN_DISABLED; + /* * The user may change some filter values after the initial EV_ADD, * but doing so will not reset any filter which has already been @@ -1443,19 +1450,17 @@ findkn: kn->kn_sdata = kev->data; } +done_ev_add: /* * We can get here with kn->kn_knlist == NULL. This can happen when * the initial attach event decides that the event is "completed" - * already. i.e. filt_procattach is called on a zombie process. It - * will call filt_proc which will remove it from the list, and NULL + * already, e.g., filt_procattach() is called on a zombie process. It + * will call filt_proc() which will remove it from the list, and NULL * kn_knlist. + * + * KN_DISABLED will be stable while the knote is in flux, so the + * unlocked read will not race with an update. */ -done_ev_add: - if ((kev->flags & EV_ENABLE) != 0) - kn->kn_status &= ~KN_DISABLED; - else if ((kev->flags & EV_DISABLE) != 0) - kn->kn_status |= KN_DISABLED; - if ((kn->kn_status & KN_DISABLED) == 0) event = kn->kn_fop->f_event(kn, 0); else