Date: Thu, 30 Jun 2016 15:04:03 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r302299 - in projects/vnet: contrib/bmake contrib/ipfilter/tools contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/libarchive_fe lib/libcxxrt release/t... Message-ID: <201606301504.u5UF433e094572@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Thu Jun 30 15:04:03 2016 New Revision: 302299 URL: https://svnweb.freebsd.org/changeset/base/302299 Log: MfH @r302298 Sponsored by: The FreeBSD Foundation Modified: projects/vnet/contrib/bmake/meta.c projects/vnet/contrib/ipfilter/tools/ipf.c projects/vnet/contrib/libarchive/libarchive/archive_read_disk_posix.c projects/vnet/contrib/libarchive/libarchive/archive_string.c projects/vnet/contrib/libarchive/libarchive/archive_write_disk_posix.c projects/vnet/contrib/libarchive/libarchive/test/main.c projects/vnet/contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c projects/vnet/contrib/libarchive/libarchive_fe/passphrase.c projects/vnet/lib/libcxxrt/Version.map projects/vnet/release/tools/ec2.conf projects/vnet/share/mk/bsd.init.mk projects/vnet/sys/arm64/include/vmparam.h projects/vnet/sys/cam/scsi/scsi_all.c projects/vnet/sys/cddl/contrib/opensolaris/common/acl/acl_common.c projects/vnet/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c projects/vnet/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h projects/vnet/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c projects/vnet/sys/contrib/ipfilter/netinet/mlfk_ipl.c projects/vnet/sys/geom/uzip/g_uzip.c projects/vnet/sys/geom/uzip/g_uzip_dapi.h projects/vnet/sys/geom/uzip/g_uzip_lzma.c projects/vnet/sys/geom/uzip/g_uzip_zlib.c projects/vnet/sys/mips/malta/gt_pci.c projects/vnet/sys/modules/aic7xxx/ahd/Makefile projects/vnet/sys/net80211/ieee80211_ddb.c projects/vnet/sys/net80211/ieee80211_freebsd.h projects/vnet/sys/net80211/ieee80211_superg.c projects/vnet/sys/net80211/ieee80211_superg.h projects/vnet/sys/net80211/ieee80211_var.h projects/vnet/sys/netinet/sctp_output.c projects/vnet/sys/powerpc/aim/mmu_oea.c projects/vnet/sys/powerpc/powerpc/machdep.c projects/vnet/sys/sys/buf_ring.h Directory Properties: projects/vnet/ (props changed) projects/vnet/contrib/bmake/ (props changed) projects/vnet/contrib/ipfilter/ (props changed) projects/vnet/contrib/libarchive/ (props changed) projects/vnet/contrib/libarchive/libarchive/ (props changed) projects/vnet/contrib/libarchive/libarchive_fe/ (props changed) projects/vnet/sys/cddl/contrib/opensolaris/ (props changed) projects/vnet/sys/contrib/ipfilter/ (props changed) Modified: projects/vnet/contrib/bmake/meta.c ============================================================================== --- projects/vnet/contrib/bmake/meta.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/bmake/meta.c Thu Jun 30 15:04:03 2016 (r302299) @@ -1547,6 +1547,7 @@ meta_compat_parent(void) while (fgets(buf, sizeof(buf), fp)) { meta_job_output(NULL, buf, ""); printf("%s", buf); + (void)fflush(stdout); } fclose(fp); } Modified: projects/vnet/contrib/ipfilter/tools/ipf.c ============================================================================== --- projects/vnet/contrib/ipfilter/tools/ipf.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/ipfilter/tools/ipf.c Thu Jun 30 15:04:03 2016 (r302299) @@ -410,23 +410,6 @@ static void flushfilter(arg, filter) return; } -#ifdef SIOCIPFFA - if (!strcmp(arg, "u")) { - closedevice(); - /* - * Flush auth rules and packets - */ - if (opendevice(IPL_AUTH, 1) == -1) - perror("open(IPL_AUTH)"); - else { - if (ioctl(fd, SIOCIPFFA, &fl) == -1) - ipferror(fd, "ioctl(SIOCIPFFA)"); - } - closedevice(); - return; - } -#endif - if (strchr(arg, 'i') || strchr(arg, 'I')) fl = FR_INQUE; if (strchr(arg, 'o') || strchr(arg, 'O')) Modified: projects/vnet/contrib/libarchive/libarchive/archive_read_disk_posix.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive/archive_read_disk_posix.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive/archive_read_disk_posix.c Thu Jun 30 15:04:03 2016 (r302299) @@ -1504,7 +1504,11 @@ setup_current_filesystem(struct archive_ struct tree *t = a->tree; struct statfs sfs; #if defined(HAVE_GETVFSBYNAME) && defined(VFCF_SYNTHETIC) +# if defined(HAVE_STRUCT_VFSCONF) + struct vfsconf vfc; +# else struct xvfsconf vfc; +# endif #endif int r, xr = 0; #if !defined(HAVE_STRUCT_STATFS_F_NAMEMAX) Modified: projects/vnet/contrib/libarchive/libarchive/archive_string.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive/archive_string.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive/archive_string.c Thu Jun 30 15:04:03 2016 (r302299) @@ -559,7 +559,8 @@ archive_wstring_append_from_mbs_in_codep } if (count == 0 && length != 0) ret = -1; - } while (0); + break; + } while (1); } dest->length += count; dest->s[dest->length] = L'\0'; @@ -3552,18 +3553,19 @@ win_strncat_from_utf16(struct archive_st ll = WideCharToMultiByte(sc->to_cp, 0, (LPCWSTR)u16, (int)bytes>>1, mbs, (int)mbs_size, NULL, &defchar); - if (ll == 0 && - GetLastError() == ERROR_INSUFFICIENT_BUFFER) { - /* Need more buffer for MBS. */ - ll = WideCharToMultiByte(sc->to_cp, 0, - (LPCWSTR)u16, (int)bytes, NULL, 0, NULL, NULL); - if (archive_string_ensure(as, ll +1) == NULL) - return (-1); - mbs = as->s + as->length; - mbs_size = as->buffer_length - as->length -1; - continue; + /* Exit loop if we succeeded */ + if (ll != 0 || + GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + break; } - } while (0); + /* Else expand buffer and loop to try again. */ + ll = WideCharToMultiByte(sc->to_cp, 0, + (LPCWSTR)u16, (int)bytes, NULL, 0, NULL, NULL); + if (archive_string_ensure(as, ll +1) == NULL) + return (-1); + mbs = as->s + as->length; + mbs_size = as->buffer_length - as->length -1; + } while (1); archive_string_free(&tmp); as->length += ll; as->s[as->length] = '\0'; @@ -3634,19 +3636,20 @@ win_strncat_to_utf16(struct archive_stri do { count = MultiByteToWideChar(sc->from_cp, MB_PRECOMPOSED, s, (int)length, (LPWSTR)u16, (int)avail>>1); - if (count == 0 && - GetLastError() == ERROR_INSUFFICIENT_BUFFER) { - /* Need more buffer for UTF-16 string */ - count = MultiByteToWideChar(sc->from_cp, - MB_PRECOMPOSED, s, (int)length, NULL, 0); - if (archive_string_ensure(as16, (count +1) * 2) - == NULL) - return (-1); - u16 = as16->s + as16->length; - avail = as16->buffer_length - 2; - continue; + /* Exit loop if we succeeded */ + if (count != 0 || + GetLastError() != ERROR_INSUFFICIENT_BUFFER) { + break; } - } while (0); + /* Expand buffer and try again */ + count = MultiByteToWideChar(sc->from_cp, + MB_PRECOMPOSED, s, (int)length, NULL, 0); + if (archive_string_ensure(as16, (count +1) * 2) + == NULL) + return (-1); + u16 = as16->s + as16->length; + avail = as16->buffer_length - 2; + } while (1); as16->length += count * 2; as16->s[as16->length] = 0; as16->s[as16->length+1] = 0; Modified: projects/vnet/contrib/libarchive/libarchive/archive_write_disk_posix.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive/archive_write_disk_posix.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive/archive_write_disk_posix.c Thu Jun 30 15:04:03 2016 (r302299) @@ -3487,6 +3487,9 @@ exit_xattr: static int copy_acls(struct archive_write_disk *a, int tmpfd, int dffd) { +#ifndef HAVE_SYS_ACL_H + return 0; +#else acl_t acl, dfacl = NULL; int acl_r, ret = ARCHIVE_OK; @@ -3514,6 +3517,7 @@ exit_acl: if (dfacl) acl_free(dfacl); return (ret); +#endif } static int Modified: projects/vnet/contrib/libarchive/libarchive/test/main.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive/test/main.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive/test/main.c Thu Jun 30 15:04:03 2016 (r302299) @@ -1292,6 +1292,11 @@ assertion_file_time(const char *file, in switch (type) { case 'a': filet_nsec = st.st_atimespec.tv_nsec; break; case 'b': filet = st.st_birthtime; + /* FreeBSD filesystems that don't support birthtime + * (e.g., UFS1) always return -1 here. */ + if (filet == -1) { + return (1); + } filet_nsec = st.st_birthtimespec.tv_nsec; break; case 'm': filet_nsec = st.st_mtimespec.tv_nsec; break; default: fprintf(stderr, "INTERNAL: Bad type %c for file time", type); Modified: projects/vnet/contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive/test/test_write_format_gnutar_filenames.c Thu Jun 30 15:04:03 2016 (r302299) @@ -42,6 +42,7 @@ DEFINE_TEST(test_write_format_gnutar_fil struct archive_entry *ae, *template; struct archive *a; size_t used; + int i; buff = malloc(buffsize); /* million bytes of work area */ assert(buff != NULL); @@ -55,7 +56,7 @@ DEFINE_TEST(test_write_format_gnutar_fil archive_entry_set_mode(template, S_IFREG | 0755); archive_entry_set_size(template, 8); - for (int i = 0; i < 2000; ++i) { + for (i = 0; i < 2000; ++i) { filename[i] = 'a'; filename[i + 1] = '\0'; archive_entry_copy_pathname(template, filename); @@ -97,6 +98,7 @@ DEFINE_TEST(test_write_format_gnutar_lin struct archive_entry *ae, *template; struct archive *a; size_t used; + int i; buff = malloc(buffsize); /* million bytes of work area */ assert(buff != NULL); @@ -110,7 +112,7 @@ DEFINE_TEST(test_write_format_gnutar_lin archive_entry_set_mode(template, S_IFLNK | 0755); archive_entry_copy_pathname(template, "link"); - for (int i = 0; i < 2000; ++i) { + for (i = 0; i < 2000; ++i) { filename[i] = 'a'; filename[i + 1] = '\0'; archive_entry_copy_symlink(template, filename); Modified: projects/vnet/contrib/libarchive/libarchive_fe/passphrase.c ============================================================================== --- projects/vnet/contrib/libarchive/libarchive_fe/passphrase.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/contrib/libarchive/libarchive_fe/passphrase.c Thu Jun 30 15:04:03 2016 (r302299) @@ -132,6 +132,10 @@ readpassphrase(const char *prompt, char #include <termios.h> #include <unistd.h> +#ifndef _PATH_TTY +#define _PATH_TTY "/dev/tty" +#endif + #ifdef TCSASOFT # define _T_FLUSH (TCSAFLUSH|TCSASOFT) #else Modified: projects/vnet/lib/libcxxrt/Version.map ============================================================================== --- projects/vnet/lib/libcxxrt/Version.map Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/lib/libcxxrt/Version.map Thu Jun 30 15:04:03 2016 (r302299) @@ -209,19 +209,19 @@ CXXABI_1.3 { "typeinfo name for void*"; "typeinfo name for unsigned int*"; "typeinfo name for float*"; - # C++11 typeinfo not understood by our linker + # C++11 typeinfo name not understood by our linker # std::nullptr_t - _ZTSDn;_ZTIPDn;_ZTIPKDn; + _ZTSDn;_ZTSPDn;_ZTSPKDn; # char16_t - _ZTSDi;_ZTIPDi;_ZTIPKDi; + _ZTSDi;_ZTSPDi;_ZTSPKDi; # char32_t - _ZTSDs;_ZTIPDs;_ZTIPKDs; + _ZTSDs;_ZTSPDs;_ZTSPKDs; # IEEE 754r decimal floating point - _ZTSDd;_ZTIPDd;_ZTIPKDd; - _ZTSDe;_ZTIPDe;_ZTIPKDe; - _ZTSDf;_ZTIPDf;_ZTIPKDf; + _ZTSDd;_ZTSPDd;_ZTSPKDd; + _ZTSDe;_ZTSPDe;_ZTSPKDe; + _ZTSDf;_ZTSPDf;_ZTSPKDf; # IEEE 754r half-precision floating point - _ZTSDh;_ZTIPDh;_ZTIPKDh; + _ZTSDh;_ZTSPDh;_ZTSPKDh; "typeinfo name for __cxxabiv1::__array_type_info"; "typeinfo name for __cxxabiv1::__class_type_info"; Modified: projects/vnet/release/tools/ec2.conf ============================================================================== --- projects/vnet/release/tools/ec2.conf Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/release/tools/ec2.conf Thu Jun 30 15:04:03 2016 (r302299) @@ -72,11 +72,6 @@ vm_extra_pre_umount() { # nodes, but apply the workaround just in case. echo 'hw.broken_txfifo="1"' >> ${DESTDIR}/boot/loader.conf - # Some EC2 instances suffer a significant (~40%) reduction in - # throughput when using blkif indirect segment I/Os. Disable this - # by default for now. - echo 'hw.xbd.xbd_enable_indirect="0"' >> ${DESTDIR}/boot/loader.conf - # Some EC2 instances run on a version of Xen which has a bug relating # to the migration of MSI-X interrupts; this is visible as SR-IOV # networking (aka. "EC2 Enhanced Networking") not being able to pass Modified: projects/vnet/share/mk/bsd.init.mk ============================================================================== --- projects/vnet/share/mk/bsd.init.mk Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/share/mk/bsd.init.mk Thu Jun 30 15:04:03 2016 (r302299) @@ -31,7 +31,7 @@ _SKIP_BUILD = not building at level 0 .if ${MK_META_MODE} == "yes" .if !exists(/dev/filemon) && \ ${UPDATE_DEPENDFILE:Uyes:tl} != "no" && !defined(NO_FILEMON) && \ - !make(showconfig) + !make(showconfig) && ${.MAKEFLAGS:M-V} == "" .warning The filemon module (/dev/filemon) is not loaded. .warning META_MODE is less useful for incremental builds without filemon. .warning 'kldload filemon' or pass -DNO_FILEMON to suppress this warning. Modified: projects/vnet/sys/arm64/include/vmparam.h ============================================================================== --- projects/vnet/sys/arm64/include/vmparam.h Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/arm64/include/vmparam.h Thu Jun 30 15:04:03 2016 (r302299) @@ -181,7 +181,7 @@ KASSERT(PHYS_IN_DMAP(pa), \ ("%s: PA out of range, PA: 0x%lx", __func__, \ (vm_paddr_t)(pa))); \ - ((pa) - dmap_phys_base) | DMAP_MIN_ADDRESS; \ + ((pa) - dmap_phys_base) + DMAP_MIN_ADDRESS; \ }) #define DMAP_TO_PHYS(va) \ @@ -189,7 +189,7 @@ KASSERT(VIRT_IN_DMAP(va), \ ("%s: VA out of range, VA: 0x%lx", __func__, \ (vm_offset_t)(va))); \ - ((va) & ~DMAP_MIN_ADDRESS) + dmap_phys_base; \ + ((va) - DMAP_MIN_ADDRESS) + dmap_phys_base; \ }) #define VM_MIN_USER_ADDRESS (0x0000000000000000UL) Modified: projects/vnet/sys/cam/scsi/scsi_all.c ============================================================================== --- projects/vnet/sys/cam/scsi/scsi_all.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/cam/scsi/scsi_all.c Thu Jun 30 15:04:03 2016 (r302299) @@ -8788,6 +8788,7 @@ scsi_persistent_reserve_out(struct ccb_s scsi_cmd->opcode = PERSISTENT_RES_OUT; scsi_cmd->action = service_action; scsi_cmd->scope_type = scope | res_type; + scsi_ulto4b(dxfer_len, scsi_cmd->length); cam_fill_csio(csio, retries, Modified: projects/vnet/sys/cddl/contrib/opensolaris/common/acl/acl_common.c ============================================================================== --- projects/vnet/sys/cddl/contrib/opensolaris/common/acl/acl_common.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/cddl/contrib/opensolaris/common/acl/acl_common.c Thu Jun 30 15:04:03 2016 (r302299) @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2014 Nexenta Systems, Inc. All rights reserved. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -1580,8 +1580,7 @@ acl_trivial_access_masks(mode_t mode, bo uint32_t write_mask = ACE_WRITE_DATA|ACE_APPEND_DATA; uint32_t execute_mask = ACE_EXECUTE; - if (isdir) - write_mask |= ACE_DELETE_CHILD; + (void) isdir; /* will need this later */ masks->deny1 = 0; if (!(mode & S_IRUSR) && (mode & (S_IRGRP|S_IROTH))) @@ -1725,17 +1724,10 @@ ace_trivial_common(void *acep, int aclcn return (1); /* - * Delete permission is never set by default - */ - if (mask & ACE_DELETE) - return (1); - - /* - * Child delete permission should be accompanied by write + * Delete permissions are never set by default */ - if ((mask & ACE_DELETE_CHILD) && !(mask & ACE_WRITE_DATA)) + if (mask & (ACE_DELETE|ACE_DELETE_CHILD)) return (1); - /* * only allow owner@ to have * write_acl/write_owner/write_attributes/write_xattr/ Modified: projects/vnet/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c ============================================================================== --- projects/vnet/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c Thu Jun 30 15:04:03 2016 (r302299) @@ -20,8 +20,8 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright (c) 2013 by Delphix. All rights reserved. - * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -2085,7 +2085,7 @@ zfs_zaccess_dataset_check(znode_t *zp, u * placed into the working_mode, giving the caller a mask of denied * accesses. Returns: * 0 if all AoI granted - * EACCES if the denied mask is non-zero + * EACCESS if the denied mask is non-zero * other error if abnormal failure (e.g., IO error) * * A secondary usage of the function is to determine if any of the @@ -2532,32 +2532,46 @@ zfs_zaccess_unix(znode_t *zp, mode_t mod return (zfs_zaccess(zp, v4_mode, 0, B_FALSE, cr)); } -/* See zfs_zaccess_delete() */ -int zfs_write_implies_delete_child = 1; +static int +zfs_delete_final_check(znode_t *zp, znode_t *dzp, + mode_t available_perms, cred_t *cr) +{ + int error; + uid_t downer; + + downer = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, ZFS_OWNER); + + error = secpolicy_vnode_access2(cr, ZTOV(dzp), + downer, available_perms, VWRITE|VEXEC); + + if (error == 0) + error = zfs_sticky_remove_access(dzp, zp, cr); + + return (error); +} /* - * Determine whether delete access should be granted. + * Determine whether Access should be granted/deny, without + * consulting least priv subsystem. * - * The following chart outlines how we handle delete permissions which is - * how recent versions of windows (Windows 2008) handles it. The efficiency - * comes from not having to check the parent ACL where the object itself grants - * delete: + * The following chart is the recommended NFSv4 enforcement for + * ability to delete an object. * * ------------------------------------------------------- - * | Parent Dir | Target Object Permissions | + * | Parent Dir | Target Object Permissions | * | permissions | | * ------------------------------------------------------- * | | ACL Allows | ACL Denies| Delete | * | | Delete | Delete | unspecified| * ------------------------------------------------------- - * | ACL Allows | Permit | Deny * | Permit | - * | DELETE_CHILD | | | | + * | ACL Allows | Permit | Permit | Permit | + * | DELETE_CHILD | | * ------------------------------------------------------- - * | ACL Denies | Permit | Deny | Deny | - * | DELETE_CHILD | | | | + * | ACL Denies | Permit | Deny | Deny | + * | DELETE_CHILD | | | | * ------------------------------------------------------- * | ACL specifies | | | | - * | only allow | Permit | Deny * | Permit | + * | only allow | Permit | Permit | Permit | * | write and | | | | * | execute | | | | * ------------------------------------------------------- @@ -2567,171 +2581,91 @@ int zfs_write_implies_delete_child = 1; * ------------------------------------------------------- * ^ * | - * Re. execute permission on the directory: if that's missing, - * the vnode lookup of the target will fail before we get here. - * - * Re [*] in the table above: NFSv4 would normally Permit delete for - * these two cells of the matrix. - * See acl.h for notes on which ACE_... flags should be checked for which - * operations. Specifically, the NFSv4 committee recommendation is in - * conflict with the Windows interpretation of DENY ACEs, where DENY ACEs - * should take precedence ahead of ALLOW ACEs. - * - * This implementation always consults the target object's ACL first. - * If a DENY ACE is present on the target object that specifies ACE_DELETE, - * delete access is denied. If an ALLOW ACE with ACE_DELETE is present on - * the target object, access is allowed. If and only if no entries with - * ACE_DELETE are present in the object's ACL, check the container's ACL - * for entries with ACE_DELETE_CHILD. - * - * A summary of the logic implemented from the table above is as follows: + * No search privilege, can't even look up file? * - * First check for DENY ACEs that apply. - * If either target or container has a deny, EACCES. - * - * Delete access can then be summarized as follows: - * 1: The object to be deleted grants ACE_DELETE, or - * 2: The containing directory grants ACE_DELETE_CHILD. - * In a Windows system, that would be the end of the story. - * In this system, (2) has some complications... - * 2a: "sticky" bit on a directory adds restrictions, and - * 2b: existing ACEs from previous versions of ZFS may - * not carry ACE_DELETE_CHILD where they should, so we - * also allow delete when ACE_WRITE_DATA is granted. - * - * Note: 2b is technically a work-around for a prior bug, - * which hopefully can go away some day. For those who - * no longer need the work around, and for testing, this - * work-around is made conditional via the tunable: - * zfs_write_implies_delete_child */ int zfs_zaccess_delete(znode_t *dzp, znode_t *zp, cred_t *cr) { - uint32_t wanted_dirperms; uint32_t dzp_working_mode = 0; uint32_t zp_working_mode = 0; int dzp_error, zp_error; - boolean_t dzpcheck_privs; - boolean_t zpcheck_privs; + mode_t available_perms; + boolean_t dzpcheck_privs = B_TRUE; + boolean_t zpcheck_privs = B_TRUE; + + /* + * We want specific DELETE permissions to + * take precedence over WRITE/EXECUTE. We don't + * want an ACL such as this to mess us up. + * user:joe:write_data:deny,user:joe:delete:allow + * + * However, deny permissions may ultimately be overridden + * by secpolicy_vnode_access(). + * + * We will ask for all of the necessary permissions and then + * look at the working modes from the directory and target object + * to determine what was found. + */ if (zp->z_pflags & (ZFS_IMMUTABLE | ZFS_NOUNLINK)) return (SET_ERROR(EPERM)); /* - * Case 1: - * If target object grants ACE_DELETE then we are done. This is - * indicated by a return value of 0. For this case we don't worry - * about the sticky bit because sticky only applies to the parent - * directory and this is the child access result. - * - * If we encounter a DENY ACE here, we're also done (EACCES). - * Note that if we hit a DENY ACE here (on the target) it should - * take precedence over a DENY ACE on the container, so that when - * we have more complete auditing support we will be able to - * report an access failure against the specific target. - * (This is part of why we're checking the target first.) - */ - zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, - &zpcheck_privs, B_FALSE, cr); - if (zp_error == EACCES) { - /* We hit a DENY ACE. */ - if (!zpcheck_privs) - return (SET_ERROR(zp_error)); - return (secpolicy_vnode_remove(ZTOV(dzp), cr)); /* XXXPJD: s/dzp/zp/ ? */ - - } - if (zp_error == 0) + * First row + * If the directory permissions allow the delete, we are done. + */ + if ((dzp_error = zfs_zaccess_common(dzp, ACE_DELETE_CHILD, + &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr)) == 0) return (0); /* - * Case 2: - * If the containing directory grants ACE_DELETE_CHILD, - * or we're in backward compatibility mode and the - * containing directory has ACE_WRITE_DATA, allow. - * Case 2b is handled with wanted_dirperms. - */ - wanted_dirperms = ACE_DELETE_CHILD; - if (zfs_write_implies_delete_child) - wanted_dirperms |= ACE_WRITE_DATA; - dzp_error = zfs_zaccess_common(dzp, wanted_dirperms, - &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); - if (dzp_error == EACCES) { - /* We hit a DENY ACE. */ - if (!dzpcheck_privs) - return (SET_ERROR(dzp_error)); - return (secpolicy_vnode_remove(ZTOV(dzp), cr)); /* XXXPJD: s/dzp/zp/ ? */ - } + * If target object has delete permission then we are done + */ + if ((zp_error = zfs_zaccess_common(zp, ACE_DELETE, &zp_working_mode, + &zpcheck_privs, B_FALSE, cr)) == 0) + return (0); - /* - * Cases 2a, 2b (continued) - * - * Note: dzp_working_mode now contains any permissions - * that were NOT granted. Therefore, if any of the - * wanted_dirperms WERE granted, we will have: - * dzp_working_mode != wanted_dirperms - * We're really asking if ANY of those permissions - * were granted, and if so, grant delete access. - */ - if (dzp_working_mode != wanted_dirperms) - dzp_error = 0; + ASSERT(dzp_error && zp_error); + + if (!dzpcheck_privs) + return (dzp_error); + if (!zpcheck_privs) + return (zp_error); /* - * dzp_error is 0 if the container granted us permissions to "modify". - * If we do not have permission via one or more ACEs, our current - * privileges may still permit us to modify the container. + * Second row * - * dzpcheck_privs is false when i.e. the FS is read-only. - * Otherwise, do privilege checks for the container. + * If directory returns EACCES then delete_child was denied + * due to deny delete_child. In this case send the request through + * secpolicy_vnode_remove(). We don't use zfs_delete_final_check() + * since that *could* allow the delete based on write/execute permission + * and we want delete permissions to override write/execute. */ - if (dzp_error != 0 && dzpcheck_privs) { - uid_t owner; - /* - * The secpolicy call needs the requested access and - * the current access mode of the container, but it - * only knows about Unix-style modes (VEXEC, VWRITE), - * so this must condense the fine-grained ACE bits into - * Unix modes. - * - * The VEXEC flag is easy, because we know that has - * always been checked before we get here (during the - * lookup of the target vnode). The container has not - * granted us permissions to "modify", so we do not set - * the VWRITE flag in the current access mode. - */ - owner = zfs_fuid_map_id(dzp->z_zfsvfs, dzp->z_uid, cr, - ZFS_OWNER); - dzp_error = secpolicy_vnode_access2(cr, ZTOV(dzp), - owner, VEXEC, VWRITE|VEXEC); - } - if (dzp_error != 0) { - /* - * Note: We may have dzp_error = -1 here (from - * zfs_zacess_common). Don't return that. - */ - return (SET_ERROR(EACCES)); - } + if (dzp_error == EACCES) + return (secpolicy_vnode_remove(ZTOV(dzp), cr)); /* XXXPJD: s/dzp/zp/ ? */ /* - * At this point, we know that the directory permissions allow - * us to modify, but we still need to check for the additional - * restrictions that apply when the "sticky bit" is set. - * - * Yes, zfs_sticky_remove_access() also checks this bit, but - * checking it here and skipping the call below is nice when - * you're watching all of this with dtrace. + * Third Row + * only need to see if we have write/execute on directory. */ - if ((dzp->z_mode & S_ISVTX) == 0) - return (0); + + dzp_error = zfs_zaccess_common(dzp, ACE_EXECUTE|ACE_WRITE_DATA, + &dzp_working_mode, &dzpcheck_privs, B_FALSE, cr); + + if (dzp_error != 0 && !dzpcheck_privs) + return (dzp_error); /* - * zfs_sticky_remove_access will succeed if: - * 1. The sticky bit is absent. - * 2. We pass the sticky bit restrictions. - * 3. We have privileges that always allow file removal. + * Fourth row */ - return (zfs_sticky_remove_access(dzp, zp, cr)); + + available_perms = (dzp_working_mode & ACE_WRITE_DATA) ? 0 : VWRITE; + available_perms |= (dzp_working_mode & ACE_EXECUTE) ? 0 : VEXEC; + + return (zfs_delete_final_check(zp, dzp, available_perms, cr)); + } int Modified: projects/vnet/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h ============================================================================== --- projects/vnet/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h Thu Jun 30 15:04:03 2016 (r302299) @@ -23,8 +23,6 @@ * * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. - * - * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #ifndef _SYS_ACL_H @@ -90,55 +88,37 @@ typedef struct acl_info acl_t; /* * The following are defined for ace_t. - * - * Note, these are intentionally the same as the Windows - * "File Access Rights Constants" you can find on MSDN. - * (See also: "Standard Access Rights" on MSDN). - * - * The equivalent Windows names for these are just like - * those show below, with FILE_ in place of ACE_, except - * as noted below. Also note that Windows uses a special - * privilege: BYPASS_TRAVERSE_CHECKING, normally granted - * to everyone, that causes the absence of ACE_TRAVERSE - * to be ignored. - */ -#define ACE_READ_DATA 0x00000001 /* file: read data */ -#define ACE_LIST_DIRECTORY 0x00000001 /* dir: list files */ -#define ACE_WRITE_DATA 0x00000002 /* file: write data */ -#define ACE_ADD_FILE 0x00000002 /* dir: create file */ -#define ACE_APPEND_DATA 0x00000004 /* file: append data */ -#define ACE_ADD_SUBDIRECTORY 0x00000004 /* dir: create subdir */ -#define ACE_READ_NAMED_ATTRS 0x00000008 /* FILE_READ_EA */ -#define ACE_WRITE_NAMED_ATTRS 0x00000010 /* FILE_WRITE_EA */ -#define ACE_EXECUTE 0x00000020 /* file: execute */ -#define ACE_TRAVERSE 0x00000020 /* dir: lookup name */ -#define ACE_DELETE_CHILD 0x00000040 /* dir: unlink child */ -#define ACE_READ_ATTRIBUTES 0x00000080 /* (all) stat, etc. */ -#define ACE_WRITE_ATTRIBUTES 0x00000100 /* (all) utimes, etc. */ -#define ACE_DELETE 0x00010000 /* (all) unlink self */ -#define ACE_READ_ACL 0x00020000 /* (all) getsecattr */ -#define ACE_WRITE_ACL 0x00040000 /* (all) setsecattr */ -#define ACE_WRITE_OWNER 0x00080000 /* (all) chown */ -#define ACE_SYNCHRONIZE 0x00100000 /* (all) see MSDN */ - -/* - * Some of the following are the same as Windows uses. (but NOT ALL!) - * See the "ACE_HEADER" structure description on MSDN for details. - * Comments show relations to the MSDN names. */ -#define ACE_FILE_INHERIT_ACE 0x0001 /* = OBJECT_INHERIT_ACE */ -#define ACE_DIRECTORY_INHERIT_ACE 0x0002 /* = CONTAINER_INHERIT_ACE */ -#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 /* = NO_PROPAGATE_INHERIT_ACE */ -#define ACE_INHERIT_ONLY_ACE 0x0008 /* = INHERIT_ONLY_ACE */ +#define ACE_READ_DATA 0x00000001 +#define ACE_LIST_DIRECTORY 0x00000001 +#define ACE_WRITE_DATA 0x00000002 +#define ACE_ADD_FILE 0x00000002 +#define ACE_APPEND_DATA 0x00000004 +#define ACE_ADD_SUBDIRECTORY 0x00000004 +#define ACE_READ_NAMED_ATTRS 0x00000008 +#define ACE_WRITE_NAMED_ATTRS 0x00000010 +#define ACE_EXECUTE 0x00000020 +#define ACE_DELETE_CHILD 0x00000040 +#define ACE_READ_ATTRIBUTES 0x00000080 +#define ACE_WRITE_ATTRIBUTES 0x00000100 +#define ACE_DELETE 0x00010000 +#define ACE_READ_ACL 0x00020000 +#define ACE_WRITE_ACL 0x00040000 +#define ACE_WRITE_OWNER 0x00080000 +#define ACE_SYNCHRONIZE 0x00100000 + +#define ACE_FILE_INHERIT_ACE 0x0001 +#define ACE_DIRECTORY_INHERIT_ACE 0x0002 +#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004 +#define ACE_INHERIT_ONLY_ACE 0x0008 #define ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x0010 #define ACE_FAILED_ACCESS_ACE_FLAG 0x0020 #define ACE_IDENTIFIER_GROUP 0x0040 -#define ACE_INHERITED_ACE 0x0080 /* INHERITED_ACE, 0x10 on NT */ +#define ACE_INHERITED_ACE 0x0080 #define ACE_OWNER 0x1000 #define ACE_GROUP 0x2000 #define ACE_EVERYONE 0x4000 -/* These four are the same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_ACE_TYPE 0x0000 #define ACE_ACCESS_DENIED_ACE_TYPE 0x0001 #define ACE_SYSTEM_AUDIT_ACE_TYPE 0x0002 @@ -154,7 +134,6 @@ typedef struct acl_info acl_t; /* * These are only applicable in a CIFS context. - * Here again, same as Windows, but with an ACE_ prefix added. */ #define ACE_ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 #define ACE_ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 Modified: projects/vnet/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c ============================================================================== --- projects/vnet/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c Thu Jun 30 15:04:03 2016 (r302299) @@ -117,6 +117,14 @@ VNET_DEFINE(ipf_main_softc_t, ipfmain) = static eventhandler_tag ipf_arrivetag, ipf_departtag; #if 0 +/* + * Disable the "cloner" event handler; we are getting interface + * events before the firewall is fully initiallized and also no vnet + * information thus leading to uninitialised memory accesses. + * In addition it is unclear why we need it in first place. + * If it turns out to be needed, well need a dedicated event handler + * for it to deal with the ifc and the correct vnet. + */ static eventhandler_tag ipf_clonetag; #endif Modified: projects/vnet/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- projects/vnet/sys/contrib/ipfilter/netinet/mlfk_ipl.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/contrib/ipfilter/netinet/mlfk_ipl.c Thu Jun 30 15:04:03 2016 (r302299) @@ -439,18 +439,6 @@ sysctl_ipf_int_frag ( SYSCTL_HANDLER_ARG return (sysctl_ipf_int(oidp, arg1, arg2, req)); } - - -#if 0 -- ipf_state_softc_t *state_softc; -- ipf_auth_softc_t *auth_softc; -- ipf_frag_softc_t *frag_softc; - -- state_softc = main_softc->ipf_state_soft; -- auth_softc = main_softc->ipf_auth_soft; -- frag_softc = main_softc->ipf_frag_soft; -#endif - #endif Modified: projects/vnet/sys/geom/uzip/g_uzip.c ============================================================================== --- projects/vnet/sys/geom/uzip/g_uzip.c Thu Jun 30 15:01:07 2016 (r302298) +++ projects/vnet/sys/geom/uzip/g_uzip.c Thu Jun 30 15:04:03 2016 (r302299) @@ -60,6 +60,8 @@ FEATURE(geom_uzip, "GEOM read-only compr struct g_uzip_blk { uint64_t offset; uint32_t blen; + unsigned char last:1; + unsigned char padded:1; #define BLEN_UNDEF UINT32_MAX }; @@ -84,6 +86,16 @@ struct g_uzip_blk { #define GUZ_DBG_IO 3 #define GUZ_DBG_TOC 4 +#define GUZ_DEV_SUFX ".uzip" +#define GUZ_DEV_NAME(p) (p GUZ_DEV_SUFX) + +static char g_uzip_attach_to[MAXPATHLEN] = {"*"}; +static char g_uzip_noattach_to[MAXPATHLEN] = {GUZ_DEV_NAME("*")}; +TUNABLE_STR("kern.geom.uzip.attach_to", g_uzip_attach_to, + sizeof(g_uzip_attach_to)); +TUNABLE_STR("kern.geom.uzip.noattach_to", g_uzip_noattach_to, + sizeof(g_uzip_noattach_to)); + SYSCTL_DECL(_kern_geom); SYSCTL_NODE(_kern_geom, OID_AUTO, uzip, CTLFLAG_RW, 0, "GEOM_UZIP stuff"); static u_int g_uzip_debug = GEOM_UZIP_DBG_DEFAULT; @@ -258,8 +270,9 @@ g_uzip_request(struct g_geom *gp, struct } DPRINTF_BRNG(GUZ_DBG_IO, start_blk, end_blk, ("%s/%s: %p: " - "start=%u (%ju), end=%u (%ju)\n", __func__, gp->name, bp, + "start=%u (%ju[%jd]), end=%u (%ju)\n", __func__, gp->name, bp, (u_int)start_blk, (uintmax_t)sc->toc[start_blk].offset, + (intmax_t)sc->toc[start_blk].blen, (u_int)end_blk, (uintmax_t)BLK_ENDS(sc, end_blk - 1))); bp2 = g_clone_bio(bp); @@ -272,16 +285,18 @@ g_uzip_request(struct g_geom *gp, struct bp2->bio_offset = TOFF_2_BOFF(sc, pp, start_blk); while (1) { bp2->bio_length = TLEN_2_BLEN(sc, pp, bp2, end_blk - 1); - if (bp2->bio_length <= MAXPHYS) + if (bp2->bio_length <= MAXPHYS) { break; + } if (end_blk == (start_blk + 1)) { break; } end_blk--; } - DPRINTF(GUZ_DBG_IO, ("%s/%s: bp2->bio_length = %jd\n", - __func__, gp->name, (intmax_t)bp2->bio_length)); + DPRINTF(GUZ_DBG_IO, ("%s/%s: bp2->bio_length = %jd, " + "bp2->bio_offset = %jd\n", __func__, gp->name, + (intmax_t)bp2->bio_length, (intmax_t)bp2->bio_offset)); bp2->bio_data = malloc(bp2->bio_length, M_GEOM_UZIP, M_NOWAIT); if (bp2->bio_data == NULL) { @@ -315,6 +330,15 @@ g_uzip_read_done(struct bio *bp) wakeup(sc); } +static int +g_uzip_memvcmp(const void *memory, unsigned char val, size_t size) +{ + const u_char *mm; + + mm = (const u_char *)memory; + return (*mm == val) && memcmp(mm, mm + 1, size - 1) == 0; +} + static void g_uzip_do(struct g_uzip_softc *sc, struct bio *bp) { @@ -362,18 +386,33 @@ g_uzip_do(struct g_uzip_softc *sc, struc bp->bio_completed, data2, (u_int)ulen, data, (u_int)len)); if (len == 0) { /* All zero block: no cache update */ +zero_block: bzero(data2, ulen); } else if (len <= bp->bio_completed) { mtx_lock(&sc->last_mtx); err = sc->dcp->decompress(sc->dcp, gp->name, data, len, sc->last_buf); + if (err != 0 && sc->toc[blk].last != 0) { + /* + * Last block decompression has failed, check + * if it's just zero padding. + */ + if (g_uzip_memvcmp(data, '\0', len) == 0) { + sc->toc[blk].blen = 0; + sc->last_blk = -1; + mtx_unlock(&sc->last_mtx); + len = 0; + goto zero_block; + } + } if (err != 0) { sc->last_blk = -1; mtx_unlock(&sc->last_mtx); bp2->bio_error = EILSEQ; DPRINTF(GUZ_DBG_ERR, ("%s/%s: decompress" - "(%p) failed\n", __func__, gp->name, - sc->dcp)); + "(%p, %ju, %ju) failed\n", __func__, + gp->name, sc->dcp, (uintmax_t)blk, + (uintmax_t)len)); goto done; } sc->last_blk = blk; @@ -471,6 +510,7 @@ g_uzip_spoiled(struct g_consumer *cp) { struct g_geom *gp; + G_VALID_CONSUMER(cp); gp = cp->geom; g_trace(G_T_TOPOLOGY, "%s(%p/%s)", __func__, cp, gp->name); g_topology_assert(); @@ -486,10 +526,12 @@ g_uzip_parse_toc(struct g_uzip_softc *sc { uint32_t i, j, backref_to; uint64_t max_offset, min_offset; + struct g_uzip_blk *last_blk; min_offset = sizeof(struct cloop_header) + (sc->nblocks + 1) * sizeof(uint64_t); max_offset = sc->toc[0].offset - 1; + last_blk = &sc->toc[0]; for (i = 0; i < sc->nblocks; i++) { /* First do some bounds checking */ if ((sc->toc[i].offset < min_offset) || @@ -497,7 +539,7 @@ g_uzip_parse_toc(struct g_uzip_softc *sc goto error_offset; } DPRINTF_BLK(GUZ_DBG_IO, i, ("%s: cluster #%u " - "sc->toc[i].offset=%ju max_offset=%ju\n", gp->name, + "offset=%ju max_offset=%ju\n", gp->name, (u_int)i, (uintmax_t)sc->toc[i].offset, (uintmax_t)max_offset)); backref_to = BLEN_UNDEF; @@ -523,6 +565,7 @@ g_uzip_parse_toc(struct g_uzip_softc *sc sc->toc[i].blen = sc->toc[j].blen; backref_to = j; } else { + last_blk = &sc->toc[i]; /* * For the "normal blocks" seek forward until we hit * block whose offset is larger than ours and assume @@ -557,6 +600,25 @@ g_uzip_parse_toc(struct g_uzip_softc *sc } DPRINTF_BLK(GUZ_DBG_TOC, i, ("\n")); } + last_blk->last = 1; + /* Do a second pass to validate block lengths */ + for (i = 0; i < sc->nblocks; i++) { + if (sc->toc[i].blen > sc->dcp->max_blen) { + if (sc->toc[i].last == 0) { + DPRINTF(GUZ_DBG_ERR, ("%s: cluster #%u " + "length (%ju) exceeds " + "max_blen (%ju)\n", gp->name, i, + (uintmax_t)sc->toc[i].blen, + (uintmax_t)sc->dcp->max_blen)); + return (-1); + } + DPRINTF(GUZ_DBG_INFO, ("%s: cluster #%u extra " + "padding is detected, trimmed to %ju\n", + gp->name, i, (uintmax_t)sc->dcp->max_blen)); + sc->toc[i].blen = sc->dcp->max_blen; + sc->toc[i].padded = 1; + } + } return (0); error_offset: @@ -589,12 +651,19 @@ g_uzip_taste(struct g_class *mp, struct if (pp->acw > 0) return (NULL); + if ((fnmatch(g_uzip_attach_to, pp->name, 0) != 0) || + (fnmatch(g_uzip_noattach_to, pp->name, 0) == 0)) { + DPRINTF(GUZ_DBG_INFO, ("%s(%s,%s), ignoring\n", __func__, + mp->name, pp->name)); + return (NULL); + } + buf = NULL; /* * Create geom instance. */ - gp = g_new_geomf(mp, "%s.uzip", pp->name); + gp = g_new_geomf(mp, GUZ_DEV_NAME("%s"), pp->name); cp = g_new_consumer(gp); error = g_attach(cp, pp); if (error == 0) @@ -712,6 +781,16 @@ g_uzip_taste(struct g_class *mp, struct sc->nblocks < offsets_read ? "more" : "less")); goto e5; } + + if (type == G_UZIP) { + sc->dcp = g_uzip_zlib_ctor(sc->blksz); + } else { + sc->dcp = g_uzip_lzma_ctor(sc->blksz); + } + if (sc->dcp == NULL) { + goto e5; + } + /* * "Fake" last+1 block, to make it easier for the TOC parser to * iterate without making the last element a special case. @@ -720,7 +799,7 @@ g_uzip_taste(struct g_class *mp, struct /* Massage TOC (table of contents), make sure it is sound */ if (g_uzip_parse_toc(sc, pp, gp) != 0) { DPRINTF(GUZ_DBG_ERR, ("%s: TOC error\n", gp->name)); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606301504.u5UF433e094572>