From owner-svn-src-user@FreeBSD.ORG Thu Feb 6 11:40:05 2014 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CCCD62F1; Thu, 6 Feb 2014 11:40:05 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B4E8F1926; Thu, 6 Feb 2014 11:40:05 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s16Be5b6096815; Thu, 6 Feb 2014 11:40:05 GMT (envelope-from ae@svn.freebsd.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s16Be2BN096782; Thu, 6 Feb 2014 11:40:02 GMT (envelope-from ae@svn.freebsd.org) Message-Id: <201402061140.s16Be2BN096782@svn.freebsd.org> From: "Andrey V. Elsukov" Date: Thu, 6 Feb 2014 11:40:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r261548 - in user/ae/inet6: crypto/openssh etc/devd lib/libc/net lib/libstand lib/libvmmapi release/doc/en_US.ISO8859-1/hardware release/doc/share/misc sbin/etherswitchcfg sbin/hastd sb... X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 11:40:05 -0000 Author: ae Date: Thu Feb 6 11:40:01 2014 New Revision: 261548 URL: http://svnweb.freebsd.org/changeset/base/261548 Log: Merge from head/. Added: user/ae/inet6/sys/boot/userboot/userboot/biossmap.c - copied unchanged from r261546, head/sys/boot/userboot/userboot/biossmap.c user/ae/inet6/sys/dev/ofw/ofwbus.c - copied unchanged from r261546, head/sys/dev/ofw/ofwbus.c user/ae/inet6/sys/dev/usb/net/if_urndis.c - copied unchanged from r261546, head/sys/dev/usb/net/if_urndis.c user/ae/inet6/sys/dev/usb/net/if_urndisreg.h - copied unchanged from r261546, head/sys/dev/usb/net/if_urndisreg.h user/ae/inet6/sys/modules/usb/urndis/ - copied from r261546, head/sys/modules/usb/urndis/ Deleted: user/ae/inet6/sys/dev/fdt/fdtbus.c user/ae/inet6/sys/dev/ofw/ofw_nexus.c user/ae/inet6/sys/dev/ofw/ofw_nexus.h Modified: user/ae/inet6/crypto/openssh/sandbox-capsicum.c user/ae/inet6/etc/devd/usb.conf user/ae/inet6/lib/libc/net/ip6opt.c user/ae/inet6/lib/libstand/sbrk.c user/ae/inet6/lib/libstand/zalloc.c user/ae/inet6/lib/libstand/zalloc_defs.h user/ae/inet6/lib/libstand/zalloc_mem.h user/ae/inet6/lib/libvmmapi/vmmapi.h user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml user/ae/inet6/release/doc/share/misc/dev.archlist.txt user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 user/ae/inet6/sbin/hastd/refcnt.h user/ae/inet6/sbin/mount_udf/mount_udf.c user/ae/inet6/sbin/ping/Makefile user/ae/inet6/sbin/ping/ping.c user/ae/inet6/share/man/man3/stdarg.3 user/ae/inet6/share/man/man4/Makefile user/ae/inet6/share/man/man4/mfi.4 user/ae/inet6/sys/amd64/include/vmm.h (contents, props changed) user/ae/inet6/sys/amd64/include/vmm_instruction_emul.h (contents, props changed) user/ae/inet6/sys/amd64/vmm/intel/vmx.c user/ae/inet6/sys/amd64/vmm/vmm.c user/ae/inet6/sys/amd64/vmm/vmm_instruction_emul.c user/ae/inet6/sys/arm/arm/nexus.c user/ae/inet6/sys/arm/broadcom/bcm2835/bcm2835_fb.c user/ae/inet6/sys/arm/broadcom/bcm2835/bcm2835_fbd.c user/ae/inet6/sys/arm/freescale/imx/tzic.c user/ae/inet6/sys/arm/mv/mv_localbus.c user/ae/inet6/sys/arm/mv/mv_pci.c user/ae/inet6/sys/boot/common/load_elf32.c user/ae/inet6/sys/boot/common/load_elf32_obj.c user/ae/inet6/sys/boot/fdt/dts/bindings-gpio.txt user/ae/inet6/sys/boot/i386/cdboot/cdboot.S user/ae/inet6/sys/boot/i386/gptboot/gptboot.8 user/ae/inet6/sys/boot/i386/pxeldr/pxeldr.S user/ae/inet6/sys/boot/userboot/userboot/Makefile user/ae/inet6/sys/boot/userboot/userboot/bootinfo32.c user/ae/inet6/sys/boot/userboot/userboot/bootinfo64.c user/ae/inet6/sys/boot/userboot/userboot/elf32_freebsd.c user/ae/inet6/sys/boot/userboot/userboot/libuserboot.h user/ae/inet6/sys/cam/ctl/ctl_backend_block.c user/ae/inet6/sys/conf/Makefile.amd64 user/ae/inet6/sys/conf/Makefile.arm user/ae/inet6/sys/conf/Makefile.i386 user/ae/inet6/sys/conf/Makefile.ia64 user/ae/inet6/sys/conf/Makefile.mips user/ae/inet6/sys/conf/Makefile.pc98 user/ae/inet6/sys/conf/Makefile.powerpc user/ae/inet6/sys/conf/Makefile.sparc64 user/ae/inet6/sys/conf/NOTES user/ae/inet6/sys/conf/files user/ae/inet6/sys/conf/files.powerpc user/ae/inet6/sys/dev/cxgbe/adapter.h user/ae/inet6/sys/dev/cxgbe/common/t4_hw.c user/ae/inet6/sys/dev/cxgbe/t4_main.c user/ae/inet6/sys/dev/cxgbe/t4_sge.c user/ae/inet6/sys/dev/drm2/radeon/r600.c user/ae/inet6/sys/dev/drm2/radeon/rv770.c user/ae/inet6/sys/dev/ed/if_ed.c user/ae/inet6/sys/dev/ed/if_ed_hpp.c user/ae/inet6/sys/dev/fdt/simplebus.c user/ae/inet6/sys/dev/isp/isp_library.c user/ae/inet6/sys/dev/mfi/mfi_pci.c user/ae/inet6/sys/dev/mfi/mfi_tbolt.c user/ae/inet6/sys/dev/mfi/mfivar.h user/ae/inet6/sys/dev/pci/pci.c user/ae/inet6/sys/dev/pci/pci_pci.c user/ae/inet6/sys/dev/pci/pci_subr.c user/ae/inet6/sys/dev/pci/vga_pci.c user/ae/inet6/sys/dev/powermac_nvram/powermac_nvram.c user/ae/inet6/sys/dev/re/if_re.c user/ae/inet6/sys/dev/sound/pci/hda/hdaa_patches.c user/ae/inet6/sys/dev/sound/pci/hda/hdac.h user/ae/inet6/sys/dev/usb/usb.h user/ae/inet6/sys/dev/usb/usb_busdma.c user/ae/inet6/sys/dev/usb/wlan/if_urtwn.c user/ae/inet6/sys/dev/watchdog/watchdog.c user/ae/inet6/sys/kern/kern_ktr.c user/ae/inet6/sys/kern/kern_rwlock.c user/ae/inet6/sys/kern/subr_lock.c user/ae/inet6/sys/kern/subr_sleepqueue.c user/ae/inet6/sys/kern/subr_smp.c user/ae/inet6/sys/mips/beri/beri_simplebus.c user/ae/inet6/sys/mips/mips/nexus.c user/ae/inet6/sys/modules/usb/Makefile user/ae/inet6/sys/pci/if_rlreg.h user/ae/inet6/sys/powerpc/mambo/mambo.c user/ae/inet6/sys/powerpc/mpc85xx/lbc.c user/ae/inet6/sys/powerpc/mpc85xx/pci_mpc85xx.c user/ae/inet6/sys/powerpc/ofw/ofw_cpu.c user/ae/inet6/sys/powerpc/ofw/openpic_ofw.c user/ae/inet6/sys/powerpc/powermac/cpcht.c user/ae/inet6/sys/powerpc/powermac/grackle.c user/ae/inet6/sys/powerpc/powermac/smu.c user/ae/inet6/sys/powerpc/powermac/uninorth.c user/ae/inet6/sys/powerpc/powermac/uninorthpci.c user/ae/inet6/sys/powerpc/powerpc/nexus.c user/ae/inet6/sys/powerpc/pseries/rtas_dev.c user/ae/inet6/sys/powerpc/pseries/rtas_pci.c user/ae/inet6/sys/powerpc/pseries/vdevice.c user/ae/inet6/sys/powerpc/pseries/xics.c user/ae/inet6/sys/powerpc/psim/iobus.c user/ae/inet6/sys/sys/_rwlock.h user/ae/inet6/sys/sys/refcount.h user/ae/inet6/sys/sys/rwlock.h user/ae/inet6/sys/sys/sleepqueue.h user/ae/inet6/sys/sys/turnstile.h user/ae/inet6/sys/x86/acpica/madt.c user/ae/inet6/sys/x86/include/apicvar.h user/ae/inet6/sys/x86/isa/atpic.c user/ae/inet6/sys/x86/isa/elcr.c user/ae/inet6/sys/x86/x86/intr_machdep.c user/ae/inet6/sys/x86/x86/io_apic.c user/ae/inet6/sys/x86/x86/local_apic.c user/ae/inet6/sys/x86/x86/mptable_pci.c user/ae/inet6/tools/build/mk/OptionalObsoleteFiles.inc user/ae/inet6/tools/tools/cxgbetool/cxgbetool.c user/ae/inet6/usr.bin/netstat/inet.c user/ae/inet6/usr.bin/nfsstat/nfsstat.c user/ae/inet6/usr.sbin/bhyveload/bhyveload.c user/ae/inet6/usr.sbin/config/configvers.h user/ae/inet6/usr.sbin/config/mkmakefile.c user/ae/inet6/usr.sbin/pwd_mkdb/pwd_mkdb.8 Directory Properties: user/ae/inet6/ (props changed) user/ae/inet6/crypto/openssh/ (props changed) user/ae/inet6/etc/ (props changed) user/ae/inet6/lib/libc/ (props changed) user/ae/inet6/lib/libvmmapi/ (props changed) user/ae/inet6/sbin/ (props changed) user/ae/inet6/share/man/man4/ (props changed) user/ae/inet6/sys/ (props changed) user/ae/inet6/sys/amd64/vmm/ (props changed) user/ae/inet6/sys/boot/ (props changed) user/ae/inet6/sys/conf/ (props changed) user/ae/inet6/usr.sbin/bhyveload/ (props changed) user/ae/inet6/usr.sbin/jail/ (props changed) Modified: user/ae/inet6/crypto/openssh/sandbox-capsicum.c ============================================================================== --- user/ae/inet6/crypto/openssh/sandbox-capsicum.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/crypto/openssh/sandbox-capsicum.c Thu Feb 6 11:40:01 2014 (r261548) @@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *bo fatal("can't limit stderr: %m"); cap_rights_init(&rights, CAP_READ, CAP_WRITE); - if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1) + if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1 && + errno != ENOSYS) fatal("%s: failed to limit the network socket", __func__); cap_rights_init(&rights, CAP_WRITE); - if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1) + if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1 && + errno != ENOSYS) fatal("%s: failed to limit the logging socket", __func__); if (cap_enter() < 0 && errno != ENOSYS) fatal("%s: failed to enter capability mode", __func__); Modified: user/ae/inet6/etc/devd/usb.conf ============================================================================== --- user/ae/inet6/etc/devd/usb.conf Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/etc/devd/usb.conf Thu Feb 6 11:40:01 2014 (r261548) @@ -5313,6 +5313,24 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "intclass" "0xe0"; + match "intsubclass" "0x01"; + match "intprotocol" "0x03"; + action "kldload -n if_urndis"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "intclass" "0xef"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n if_urndis"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "intclass" "0xff"; match "intsubclass" "0x5d"; match "intprotocol" "0x01"; @@ -5381,5 +5399,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2619 USB entries processed +# 2621 USB entries processed Modified: user/ae/inet6/lib/libc/net/ip6opt.c ============================================================================== --- user/ae/inet6/lib/libc/net/ip6opt.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libc/net/ip6opt.c Thu Feb 6 11:40:01 2014 (r261548) @@ -382,7 +382,7 @@ inet6_opt_init(void *extbuf, socklen_t e struct ip6_ext *ext = (struct ip6_ext *)extbuf; if (ext) { - if (extlen == 0 || (extlen % 8)) + if (extlen <= 0 || (extlen % 8)) return(-1); ext->ip6e_len = (extlen >> 3) - 1; } Modified: user/ae/inet6/lib/libstand/sbrk.c ============================================================================== --- user/ae/inet6/lib/libstand/sbrk.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libstand/sbrk.c Thu Feb 6 11:40:01 2014 (r261548) @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); #include #include "stand.h" +#include "zalloc_defs.h" static size_t maxheap, heapsize = 0; static void *heapbase; @@ -40,8 +41,9 @@ static void *heapbase; void setheap(void *base, void *top) { - /* Align start address to 16 bytes for the malloc code. Sigh. */ - heapbase = (void *)(((uintptr_t)base + 15) & ~15); + /* Align start address for the malloc code. Sigh. */ + heapbase = (void *)(((uintptr_t)base + MALLOCALIGN_MASK) & + ~MALLOCALIGN_MASK); maxheap = (char *)top - (char *)heapbase; } Modified: user/ae/inet6/lib/libstand/zalloc.c ============================================================================== --- user/ae/inet6/lib/libstand/zalloc.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libstand/zalloc.c Thu Feb 6 11:40:01 2014 (r261548) @@ -71,6 +71,15 @@ __FBSDID("$FreeBSD$"); #include "zalloc_defs.h" /* + * Objects in the pool must be aligned to at least the size of struct MemNode. + * They must also be aligned to MALLOCALIGN, which should normally be larger + * than the struct, so assert that to be so at compile time. + */ +typedef char assert_align[(sizeof(struct MemNode) <= MALLOCALIGN) ? 1 : -1]; + +#define MEMNODE_SIZE_MASK MALLOCALIGN_MASK + +/* * znalloc() - allocate memory (without zeroing) from pool. Call reclaim * and retry if appropriate, return NULL if unable to allocate * memory. Modified: user/ae/inet6/lib/libstand/zalloc_defs.h ============================================================================== --- user/ae/inet6/lib/libstand/zalloc_defs.h Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libstand/zalloc_defs.h Thu Feb 6 11:40:01 2014 (r261548) @@ -52,18 +52,26 @@ #define BLKEXTENDMASK (BLKEXTEND - 1) /* - * required malloc alignment. Just hardwire to 16. + * Required malloc alignment. * - * Note: if we implement a more sophisticated realloc, we should ensure that - * MALLOCALIGN is at least as large as MemNode. + * Embedded platforms using the u-boot API drivers require that all I/O buffers + * be on a cache line sized boundary. The worst case size for that is 64 bytes. + * For other platforms, 16 bytes works fine. The alignment also must be at + * least sizeof(struct MemNode); this is asserted in zalloc.c. */ +#if defined(__arm__) || defined(__mips__) || defined(__powerpc__) +#define MALLOCALIGN 64 +#else +#define MALLOCALIGN 16 +#endif +#define MALLOCALIGN_MASK (MALLOCALIGN - 1) + typedef struct Guard { size_t ga_Bytes; size_t ga_Magic; /* must be at least 32 bits */ } Guard; -#define MALLOCALIGN 16 #define GAMAGIC 0x55FF44FD #define GAFREE 0x5F54F4DF Modified: user/ae/inet6/lib/libstand/zalloc_mem.h ============================================================================== --- user/ae/inet6/lib/libstand/zalloc_mem.h Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libstand/zalloc_mem.h Thu Feb 6 11:40:01 2014 (r261548) @@ -48,8 +48,6 @@ typedef struct MemPool { uintptr_t mp_Used; } MemPool; -#define MEMNODE_SIZE_MASK ((sizeof(MemNode) <= 8) ? 7 : 15) - #define ZNOTE_FREE 0 #define ZNOTE_REUSE 1 Modified: user/ae/inet6/lib/libvmmapi/vmmapi.h ============================================================================== --- user/ae/inet6/lib/libvmmapi/vmmapi.h Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libvmmapi/vmmapi.h Thu Feb 6 11:40:01 2014 (r261548) @@ -111,5 +111,8 @@ int vcpu_reset(struct vmctx *ctx, int vc int vm_setup_freebsd_registers(struct vmctx *ctx, int vcpu, uint64_t rip, uint64_t cr3, uint64_t gdtbase, uint64_t rsp); +int vm_setup_freebsd_registers_i386(struct vmctx *vmctx, int vcpu, + uint32_t eip, uint32_t gdtbase, + uint32_t esp); void vm_setup_freebsd_gdt(uint64_t *gdtr); #endif /* _VMMAPI_H_ */ Modified: user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c ============================================================================== --- user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/lib/libvmmapi/vmmapi_freebsd.c Thu Feb 6 11:40:01 2014 (r261548) @@ -35,14 +35,176 @@ __FBSDID("$FreeBSD$"); #include #include +#include +#include + #include "vmmapi.h" +#define I386_TSS_SIZE 104 + +#define DESC_PRESENT 0x00000080 +#define DESC_LONGMODE 0x00002000 +#define DESC_DEF32 0x00004000 +#define DESC_GRAN 0x00008000 #define DESC_UNUSABLE 0x00010000 #define GUEST_NULL_SEL 0 #define GUEST_CODE_SEL 1 #define GUEST_DATA_SEL 2 -#define GUEST_GDTR_LIMIT (3 * 8 - 1) +#define GUEST_TSS_SEL 3 +#define GUEST_GDTR_LIMIT64 (3 * 8 - 1) + +static struct segment_descriptor i386_gdt[] = { + {}, /* NULL */ + { .sd_lolimit = 0xffff, .sd_type = SDT_MEMER, /* CODE */ + .sd_p = 1, .sd_hilimit = 0xf, .sd_def32 = 1, .sd_gran = 1 }, + { .sd_lolimit = 0xffff, .sd_type = SDT_MEMRW, /* DATA */ + .sd_p = 1, .sd_hilimit = 0xf, .sd_def32 = 1, .sd_gran = 1 }, + { .sd_lolimit = I386_TSS_SIZE - 1, /* TSS */ + .sd_type = SDT_SYS386TSS, .sd_p = 1 } +}; + +/* + * Setup the 'vcpu' register set such that it will begin execution at + * 'eip' in flat mode. + */ +int +vm_setup_freebsd_registers_i386(struct vmctx *vmctx, int vcpu, uint32_t eip, + uint32_t gdtbase, uint32_t esp) +{ + uint64_t cr0, rflags, desc_base; + uint32_t desc_access, desc_limit, tssbase; + uint16_t gsel; + struct segment_descriptor *gdt; + int error, tmp; + + /* A 32-bit guest requires unrestricted mode. */ + error = vm_get_capability(vmctx, vcpu, VM_CAP_UNRESTRICTED_GUEST, &tmp); + if (error) + goto done; + error = vm_set_capability(vmctx, vcpu, VM_CAP_UNRESTRICTED_GUEST, 1); + if (error) + goto done; + + cr0 = CR0_PE | CR0_NE; + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CR0, cr0)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CR4, 0)) != 0) + goto done; + + /* + * Forcing EFER to 0 causes bhyve to clear the "IA-32e guest + * mode" entry control. + */ + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_EFER, 0))) + goto done; + + gdt = vm_map_gpa(vmctx, gdtbase, 0x1000); + if (gdt == NULL) + return (EFAULT); + memcpy(gdt, i386_gdt, sizeof(i386_gdt)); + desc_base = gdtbase; + desc_limit = sizeof(i386_gdt) - 1; + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GDTR, + desc_base, desc_limit, 0); + if (error != 0) + goto done; + + /* Place the TSS one page above the GDT. */ + tssbase = gdtbase + 0x1000; + gdt[3].sd_lobase = tssbase; + + rflags = 0x2; + error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RFLAGS, rflags); + if (error) + goto done; + + desc_base = 0; + desc_limit = 0xffffffff; + desc_access = DESC_GRAN | DESC_DEF32 | DESC_PRESENT | SDT_MEMERA; + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_CS, + desc_base, desc_limit, desc_access); + + desc_access = DESC_GRAN | DESC_DEF32 | DESC_PRESENT | SDT_MEMRWA; + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_DS, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_ES, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_FS, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GS, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_SS, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + desc_base = tssbase; + desc_limit = I386_TSS_SIZE - 1; + desc_access = DESC_PRESENT | SDT_SYS386BSY; + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_TR, + desc_base, desc_limit, desc_access); + if (error) + goto done; + + + error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_LDTR, 0, 0, + DESC_UNUSABLE); + if (error) + goto done; + + gsel = GSEL(GUEST_CODE_SEL, SEL_KPL); + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_CS, gsel)) != 0) + goto done; + + gsel = GSEL(GUEST_DATA_SEL, SEL_KPL); + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_DS, gsel)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_ES, gsel)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_FS, gsel)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_GS, gsel)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_SS, gsel)) != 0) + goto done; + + gsel = GSEL(GUEST_TSS_SEL, SEL_KPL); + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_TR, gsel)) != 0) + goto done; + + /* LDTR is pointing to the null selector */ + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_LDTR, 0)) != 0) + goto done; + + /* entry point */ + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RIP, eip)) != 0) + goto done; + + if ((error = vm_set_register(vmctx, vcpu, VM_REG_GUEST_RSP, esp)) != 0) + goto done; + + error = 0; +done: + return (error); +} void vm_setup_freebsd_gdt(uint64_t *gdtr) @@ -168,7 +330,7 @@ vm_setup_freebsd_registers(struct vmctx goto done; desc_base = gdtbase; - desc_limit = GUEST_GDTR_LIMIT; + desc_limit = GUEST_GDTR_LIMIT64; error = vm_set_desc(vmctx, vcpu, VM_REG_GUEST_GDTR, desc_base, desc_limit, 0); if (error != 0) Modified: user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml ============================================================================== --- user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/release/doc/en_US.ISO8859-1/hardware/article.xml Thu Feb 6 11:40:01 2014 (r261548) @@ -893,6 +893,10 @@ &hwlist.qlxgb; + &hwlist.qlxgbe; + + &hwlist.qlxge; + &hwlist.re; &hwlist.rl; Modified: user/ae/inet6/release/doc/share/misc/dev.archlist.txt ============================================================================== --- user/ae/inet6/release/doc/share/misc/dev.archlist.txt Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/release/doc/share/misc/dev.archlist.txt Thu Feb 6 11:40:01 2014 (r261548) @@ -105,6 +105,8 @@ oltr i386 pcn i386,pc98,ia64,amd64 pst i386 qlxgb amd64 +qlxgbe amd64 +qlxge amd64 rc i386 ral i386,amd64 rue i386,pc98,amd64 Modified: user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 ============================================================================== --- user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/sbin/etherswitchcfg/etherswitchcfg.8 Thu Feb 6 11:40:01 2014 (r261548) @@ -1,4 +1,29 @@ +.\" Copyright (c) 2011-2012 Stefan Bethke. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" .\" $FreeBSD$ +.\" .Dd September 20, 2013 .Dt ETHERSWITCHCFG 8 .Os @@ -35,13 +60,14 @@ The utility is used to configure an Ethernet switch built into the system. .Nm accepts a number of options: +.Pp .Bl -tag -width ".Fl f" -compact .It Fl "f control file" Specifies the .Xr etherswitch 4 control file that represents the switch to be configured. It defaults to -.Li /dev/etherswitch0 . +.Pa /dev/etherswitch0 . .It Fl m When reporting port information, also list available media options for that port. @@ -54,6 +80,7 @@ options are omitted. The config command provides access to global switch configuration parameters. It support the following commands: +.Pp .Bl -tag -width ".Ar vlan_mode mode" -compact .It Ar vlan_mode mode Sets the switch VLAN mode (depends on the hardware). @@ -74,6 +101,7 @@ To set the register value, use the form .Ss port The port command selects one of the ports of the switch. It supports the following commands: +.Pp .Bl -tag -width ".Ar pvid number" -compact .It Ar pvid number Sets the default port VID that is used to process incoming frames that are not tagged. @@ -88,8 +116,10 @@ for details on and .Ar mediaopt . .El +.Pp And the following flags (please note that not all flags -are supporterd by all switch drivers): +are supported by all switch drivers): +.Pp .Bl -tag -width ".Ar addtag" -compact .It Ar addtag Add VLAN tag to each packet sent by the port. @@ -100,7 +130,7 @@ Strip the VLAN tags from the packets sen .It Ar -striptag Disable the strip VLAN tag option. .It Ar firstlock -This options makes the switch port lock on the first MAC address it seems. +This options makes the switch port lock on the first MAC address it sees. After that, usually you need to reset the switch to learn different MAC addresses. .It Ar -firstlock @@ -125,6 +155,7 @@ The reg command provides access to the r .Ss vlangroup The vlangroup command selects one of the VLAN groups for configuration. It supports the following commands: +.Pp .Bl -tag -width ".Ar vlangroup" -compact .It Ar vlan VID Sets the VLAN ID (802.1q VID) for this VLAN group. @@ -142,13 +173,14 @@ to indicate that frames on this port are .Sh FILES .Bl -tag -width /dev/etherswitch? -compact .It Pa /dev/etherswitch? -Control file for the ethernet switch driver. +Control file for the Ethernet switch driver. .El .Sh EXAMPLES Configure VLAN group 1 with a VID of 2 and make ports 0 and 5 its members while excluding all other ports. Port 5 will send and receive tagged frames while port 0 will be untagged. Incoming untagged frames on port 0 are assigned to vlangroup1. +.Pp .Dl # etherswitchcfg vlangroup1 vlan 2 members 0,5t port0 pvid 2 .Sh SEE ALSO .Xr etherswitch 4 Modified: user/ae/inet6/sbin/hastd/refcnt.h ============================================================================== --- user/ae/inet6/sbin/hastd/refcnt.h Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/sbin/hastd/refcnt.h Thu Feb 6 11:40:01 2014 (r261548) @@ -10,9 +10,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of any co-contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE Modified: user/ae/inet6/sbin/mount_udf/mount_udf.c ============================================================================== --- user/ae/inet6/sbin/mount_udf/mount_udf.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/sbin/mount_udf/mount_udf.c Thu Feb 6 11:40:01 2014 (r261548) @@ -77,9 +77,9 @@ main(int argc, char **argv) char fstype[] = "udf"; struct iovec *iov; char *cs_disk, *cs_local, *dev, *dir; - int ch, i, iovlen, mntflags, udf_flags, verbose; + int ch, iovlen, mntflags, udf_flags, verbose; - i = iovlen = mntflags = udf_flags = verbose = 0; + iovlen = mntflags = udf_flags = verbose = 0; cs_disk = cs_local = NULL; iov = NULL; while ((ch = getopt(argc, argv, "o:vC:")) != -1) @@ -129,7 +129,7 @@ main(int argc, char **argv) build_iovec(&iov, &iovlen, "cs_disk", cs_disk, (size_t)-1); build_iovec(&iov, &iovlen, "cs_local", cs_local, (size_t)-1); } - if (nmount(iov, i, mntflags) < 0) + if (nmount(iov, iovlen, mntflags) < 0) err(1, "%s", dev); exit(0); } Modified: user/ae/inet6/sbin/ping/Makefile ============================================================================== --- user/ae/inet6/sbin/ping/Makefile Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/sbin/ping/Makefile Thu Feb 6 11:40:01 2014 (r261548) @@ -1,6 +1,8 @@ # @(#)Makefile 8.1 (Berkeley) 6/5/93 # $FreeBSD$ +.include + PROG= ping MAN= ping.8 BINOWN= root @@ -9,6 +11,12 @@ WARNS?= 2 DPADD= ${LIBM} LDADD= -lm +.if ${MK_CASPER} != "no" && !defined(RESCUE) +DPADD+= ${LIBCAPSICUM} +LDADD+= -lcapsicum +CFLAGS+=-DHAVE_LIBCAPSICUM +.endif + .if !defined(RELEASE_CRUNCH) CFLAGS+=-DIPSEC DPADD+= ${LIBIPSEC} Modified: user/ae/inet6/sbin/ping/ping.c ============================================================================== --- user/ae/inet6/sbin/ping/ping.c Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/sbin/ping/ping.c Thu Feb 6 11:40:01 2014 (r261548) @@ -63,6 +63,7 @@ __FBSDID("$FreeBSD$"); */ #include /* NB: we rely on this for */ +#include #include #include #include @@ -74,6 +75,11 @@ __FBSDID("$FreeBSD$"); #include #include #include +#ifdef HAVE_LIBCAPSICUM +#include +#include +#include +#endif #ifdef IPSEC #include @@ -157,7 +163,8 @@ char rcvd_tbl[MAX_DUP_CHK / 8]; struct sockaddr_in whereto; /* who to ping */ int datalen = DEFDATALEN; int maxpayload; -int s; /* socket file descriptor */ +int ssend; /* send socket file descriptor */ +int srecv; /* receive socket file descriptor */ u_char outpackhdr[IP_MAXPACKET], *outpack; char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ char BSPACE = '\b'; /* characters written for flood */ @@ -197,8 +204,15 @@ double tsumsq = 0.0; /* sum of all time volatile sig_atomic_t finish_up; /* nonzero if we've been told to finish up */ volatile sig_atomic_t siginfo_p; +#ifdef HAVE_LIBCAPSICUM +static cap_channel_t *capdns; +#endif + static void fill(char *, char *); static u_short in_cksum(u_short *, int); +#ifdef HAVE_LIBCAPSICUM +static cap_channel_t *capdns_setup(void); +#endif static void check_status(void); static void finish(void) __dead2; static void pinger(void); @@ -233,8 +247,8 @@ main(int argc, char *const *argv) struct sockaddr_in *to; double t; u_long alarmtimeout, ultmp; - int almost_done, ch, df, hold, i, icmp_len, mib[4], preload, sockerrno, - tos, ttl; + int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; + int ssend_errno, srecv_errno, tos, ttl; char ctrl[CMSG_SPACE(sizeof(struct timeval))]; char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; #ifdef IP_OPTIONS @@ -246,14 +260,26 @@ main(int argc, char *const *argv) #ifdef IPSEC_POLICY_IPSEC policy_in = policy_out = NULL; #endif + cap_rights_t rights; + bool cansandbox; /* * Do the stuff that we need root priv's for *first*, and * then drop our setuid bit. Save error reporting for * after arg parsing. + * + * Historicaly ping was using one socket 's' for sending and for + * receiving. After capsicum(4) related changes we use two + * sockets. It was done for special ping use case - when user + * issue ping on multicast or broadcast address replies come + * from different addresses, not from the address we + * connect(2)'ed to, and send socket do not receive those + * packets. */ - s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); - sockerrno = errno; + ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + ssend_errno = errno; + srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + srecv_errno = errno; if (setuid(getuid()) != 0) err(EX_NOPERM, "setuid() failed"); @@ -527,13 +553,22 @@ main(int argc, char *const *argv) if (options & F_PINGFILLED) { fill((char *)datap, payload); } +#ifdef HAVE_LIBCAPSICUM + capdns = capdns_setup(); +#endif if (source) { bzero((char *)&sock_in, sizeof(sock_in)); sock_in.sin_family = AF_INET; if (inet_aton(source, &sock_in.sin_addr) != 0) { shostname = source; } else { - hp = gethostbyname2(source, AF_INET); +#ifdef HAVE_LIBCAPSICUM + if (capdns != NULL) + hp = cap_gethostbyname2(capdns, source, + AF_INET); + else +#endif + hp = gethostbyname2(source, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", source, hstrerror(h_errno)); @@ -549,7 +584,8 @@ main(int argc, char *const *argv) snamebuf[sizeof(snamebuf) - 1] = '\0'; shostname = snamebuf; } - if (bind(s, (struct sockaddr *)&sock_in, sizeof sock_in) == -1) + if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == + -1) err(1, "bind"); } @@ -560,7 +596,12 @@ main(int argc, char *const *argv) if (inet_aton(target, &to->sin_addr) != 0) { hostname = target; } else { - hp = gethostbyname2(target, AF_INET); +#ifdef HAVE_LIBCAPSICUM + if (capdns != NULL) + hp = cap_gethostbyname2(capdns, target, AF_INET); + else +#endif + hp = gethostbyname2(target, AF_INET); if (!hp) errx(EX_NOHOST, "cannot resolve %s: %s", target, hstrerror(h_errno)); @@ -573,6 +614,30 @@ main(int argc, char *const *argv) hostname = hnamebuf; } +#ifdef HAVE_LIBCAPSICUM + /* From now on we will use only reverse DNS lookups. */ + if (capdns != NULL) { + const char *types[1]; + + types[0] = "ADDR"; + if (cap_dns_type_limit(capdns, types, 1) < 0) + err(1, "unable to limit access to system.dns service"); + } +#endif + + if (ssend < 0) { + errno = ssend_errno; + err(EX_OSERR, "ssend socket"); + } + + if (srecv < 0) { + errno = srecv_errno; + err(EX_OSERR, "srecv socket"); + } + + if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) + err(1, "connect"); + if (options & F_FLOOD && options & F_INTERVAL) errx(EX_USAGE, "-f and -i: incompatible options"); @@ -593,16 +658,15 @@ main(int argc, char *const *argv) ident = getpid() & 0xFFFF; - if (s < 0) { - errno = sockerrno; - err(EX_OSERR, "socket"); - } hold = 1; - if (options & F_SO_DEBUG) - (void)setsockopt(s, SOL_SOCKET, SO_DEBUG, (char *)&hold, + if (options & F_SO_DEBUG) { + (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, sizeof(hold)); + (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, + sizeof(hold)); + } if (options & F_SO_DONTROUTE) - (void)setsockopt(s, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, + (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, sizeof(hold)); #ifdef IPSEC #ifdef IPSEC_POLICY_IPSEC @@ -612,7 +676,7 @@ main(int argc, char *const *argv) buf = ipsec_set_policy(policy_in, strlen(policy_in)); if (buf == NULL) errx(EX_CONFIG, "%s", ipsec_strerror()); - if (setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, + if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf)) < 0) err(EX_CONFIG, "ipsec policy cannot be configured"); @@ -623,7 +687,7 @@ main(int argc, char *const *argv) buf = ipsec_set_policy(policy_out, strlen(policy_out)); if (buf == NULL) errx(EX_CONFIG, "%s", ipsec_strerror()); - if (setsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY, + if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, buf, ipsec_get_policylen(buf)) < 0) err(EX_CONFIG, "ipsec policy cannot be configured"); @@ -644,7 +708,7 @@ main(int argc, char *const *argv) if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) err(1, "sysctl(net.inet.ip.ttl)"); } - setsockopt(s, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); + setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); ip->ip_v = IPVERSION; ip->ip_hl = sizeof(struct ip) >> 2; ip->ip_tos = tos; @@ -655,6 +719,35 @@ main(int argc, char *const *argv) ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; ip->ip_dst = to->sin_addr; } + + if (options & F_NUMERIC) + cansandbox = true; +#ifdef HAVE_LIBCAPSICUM + else if (capdns != NULL) + cansandbox = true; +#endif + else + cansandbox = false; + + /* + * Here we enter capability mode. Further down access to global + * namespaces (e.g filesystem) is restricted (see capsicum(4)). + * We must connect(2) our socket before this point. + */ + if (cansandbox && cap_enter() < 0 && errno != ENOSYS) + err(1, "cap_enter"); + + if (cap_sandboxed()) + fprintf(stderr, "capability mode sandbox enabled\n"); + + cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); + if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit srecv"); + + cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); + if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit ssend"); + /* record route option */ if (options & F_RROUTE) { #ifdef IP_OPTIONS @@ -663,7 +756,7 @@ main(int argc, char *const *argv) rspace[IPOPT_OLEN] = sizeof(rspace) - 1; rspace[IPOPT_OFFSET] = IPOPT_MINOFF; rspace[sizeof(rspace) - 1] = IPOPT_EOL; - if (setsockopt(s, IPPROTO_IP, IP_OPTIONS, rspace, + if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, sizeof(rspace)) < 0) err(EX_OSERR, "setsockopt IP_OPTIONS"); #else @@ -673,32 +766,32 @@ main(int argc, char *const *argv) } if (options & F_TTL) { - if (setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, + if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) { err(EX_OSERR, "setsockopt IP_TTL"); } } if (options & F_NOLOOP) { - if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, + if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); } } if (options & F_MTTL) { - if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, + if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, sizeof(mttl)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); } } if (options & F_MIF) { - if (setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, + if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, sizeof(ifaddr)) < 0) { err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); } } #ifdef SO_TIMESTAMP { int on = 1; - if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0) + if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0) err(EX_OSERR, "setsockopt SO_TIMESTAMP"); } #endif @@ -733,11 +826,19 @@ main(int argc, char *const *argv) * as well. */ hold = IP_MAXPACKET + 128; - (void)setsockopt(s, SOL_SOCKET, SO_RCVBUF, (char *)&hold, + (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, sizeof(hold)); + /* CAP_SETSOCKOPT removed */ + cap_rights_init(&rights, CAP_RECV, CAP_EVENT); + if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit srecv setsockopt"); if (uid == 0) - (void)setsockopt(s, SOL_SOCKET, SO_SNDBUF, (char *)&hold, + (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, sizeof(hold)); + /* CAP_SETSOCKOPT removed */ + cap_rights_init(&rights, CAP_SEND); + if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit ssend setsockopt"); if (to->sin_family == AF_INET) { (void)printf("PING %s (%s)", hostname, @@ -817,10 +918,10 @@ main(int argc, char *const *argv) int cc, n; check_status(); - if ((unsigned)s >= FD_SETSIZE) + if ((unsigned)srecv >= FD_SETSIZE) errx(EX_OSERR, "descriptor too large"); FD_ZERO(&rfds); - FD_SET(s, &rfds); + FD_SET(srecv, &rfds); (void)gettimeofday(&now, NULL); timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec; timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec; @@ -834,7 +935,7 @@ main(int argc, char *const *argv) } if (timeout.tv_sec < 0) timerclear(&timeout); - n = select(s + 1, &rfds, NULL, NULL, &timeout); + n = select(srecv + 1, &rfds, NULL, NULL, &timeout); if (n < 0) continue; /* Must be EINTR. */ if (n == 1) { @@ -845,7 +946,7 @@ main(int argc, char *const *argv) msg.msg_controllen = sizeof(ctrl); #endif msg.msg_namelen = sizeof(from); - if ((cc = recvmsg(s, &msg, 0)) < 0) { + if ((cc = recvmsg(srecv, &msg, 0)) < 0) { if (errno == EINTR) continue; warn("recvmsg"); @@ -981,9 +1082,7 @@ pinger(void) ip->ip_sum = in_cksum((u_short *)outpackhdr, cc); packet = outpackhdr; } - i = sendto(s, (char *)packet, cc, 0, (struct sockaddr *)&whereto, - sizeof(whereto)); - + i = send(ssend, (char *)packet, cc, 0); if (i < 0 || i != cc) { if (i < 0) { if (options & F_FLOOD && errno == ENOBUFS) { @@ -1604,12 +1703,21 @@ pr_addr(struct in_addr ina) struct hostent *hp; static char buf[16 + 3 + MAXHOSTNAMELEN]; - if ((options & F_NUMERIC) || - !(hp = gethostbyaddr((char *)&ina, 4, AF_INET))) + if (options & F_NUMERIC) return inet_ntoa(ina); + +#ifdef HAVE_LIBCAPSICUM + if (capdns != NULL) + hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); else - (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, - inet_ntoa(ina)); +#endif + hp = gethostbyaddr((char *)&ina, 4, AF_INET); + + if (hp == NULL) + return inet_ntoa(ina); + + (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, + inet_ntoa(ina)); return(buf); } @@ -1682,6 +1790,36 @@ fill(char *bp, char *patp) } } +#ifdef HAVE_LIBCAPSICUM +static cap_channel_t * +capdns_setup(void) +{ + cap_channel_t *capcas, *capdnsloc; + const char *types[2]; + int families[1]; + + capcas = cap_init(); + if (capcas == NULL) { + warn("unable to contact casperd"); + return (NULL); + } + capdnsloc = cap_service_open(capcas, "system.dns"); + /* Casper capability no longer needed. */ + cap_close(capcas); + if (capdnsloc == NULL) + err(1, "unable to open system.dns service"); + types[0] = "NAME"; + types[1] = "ADDR"; + if (cap_dns_type_limit(capdnsloc, types, 2) < 0) + err(1, "unable to limit access to system.dns service"); + families[0] = AF_INET; + if (cap_dns_family_limit(capdnsloc, families, 1) < 0) + err(1, "unable to limit access to system.dns service"); + + return (capdnsloc); +} +#endif /* HAVE_LIBCAPSICUM */ + #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) #define SECOPT " [-P policy]" #else Modified: user/ae/inet6/share/man/man3/stdarg.3 ============================================================================== --- user/ae/inet6/share/man/man3/stdarg.3 Thu Feb 6 11:38:39 2014 (r261547) +++ user/ae/inet6/share/man/man3/stdarg.3 Thu Feb 6 11:40:01 2014 (r261548) @@ -59,7 +59,7 @@ The include file .In stdarg.h declares a type .Pq Em va_list -and defines three macros for stepping +and defines four macros for stepping through a list of arguments whose number and types are not known to the called function. .Pp @@ -77,7 +77,8 @@ The macro initializes .Fa ap for subsequent use by -.Fn va_arg +.Fn va_arg , +.Fn va_copy , and .Fn va_end , and must be called first. @@ -93,10 +94,6 @@ macro, it should not be declared as a re function or an array type. .Pp The -.Fn va_start -macro returns no value. -.Pp -The .Fn va_arg macro expands to an expression that has the type and value of the next argument in the call. @@ -105,7 +102,9 @@ The parameter is the .Em va_list Fa ap *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***