aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix OpenSSL NULL pointer de-reference.releng/12.2Gordon Tetlow2020-12-088-11/+94
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:33.openssl Security: CVE-2020-1971 Notes: svn path=/releng/12.2/; revision=368463
* Add UPDATING entries and bump version.Gordon Tetlow2020-12-012-1/+20
| | | | | | | Approved by: so Notes: svn path=/releng/12.2/; revision=368257
* Fix multiple vulnerabilities in rtsold.Gordon Tetlow2020-12-011-6/+18
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:32.rtsold Security: CVE-2020-25577 Notes: svn path=/releng/12.2/; revision=368256
* Fix ICMPv6 use-after-free in error message handling.Gordon Tetlow2020-12-011-9/+5
| | | | | | | | | Approved by: so Security: FreeBSD-SA-20:31.icmp6 Security: CVE-2020-7469 Notes: svn path=/releng/12.2/; revision=368255
* Fix race condition in callout CPU migration.Gordon Tetlow2020-12-011-2/+2
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:22.callout Notes: svn path=/releng/12.2/; revision=368254
* Fix uninitialized variable in ipfw.Gordon Tetlow2020-12-014-11/+10
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:21.ipfw Notes: svn path=/releng/12.2/; revision=368252
* Update timezone database information.Gordon Tetlow2020-12-0119-336/+640
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:20.tzdata Notes: svn path=/releng/12.2/; revision=368251
* Fix execve/fexecve system call auditing.Gordon Tetlow2020-12-017-0/+27
| | | | | | | | Approved by: so Security: FreeBSD-EN-20:19.audit Notes: svn path=/releng/12.2/; revision=368249
* - Switch releng/12.2 from RC3 to RELEASE.release/12.2.0Glen Barber2020-10-233-3/+6
| | | | | | | | | | | | | - Add the anticipated 12.2-RELEASE date to UPDATING. Fix a missing colon in the previous UPDATING entry while here. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366954 svn path=/release/12.2.0/; revision=367086; tag=release/12.2.0
* Update releng/12.2 to RC3 as part of the 12.2-RELEASE cycle.Glen Barber2020-10-161-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366739
* ZFS: whitelist zstd and encryption in the loaderAllan Jude2020-10-151-0/+2
| | | | | | | | | | | | | | | MFC r364787: MFS r366593: Please note that neither zstd nor encryption is supported by the loader at this instant. This change makes it safe to use those features in one's root pool, but not in one's root dataset. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366729
* MFS r365964:Ganael LAPLANCHE2020-10-141-3/+4
| | | | | | | | | | | Allow slow USB devices to be given more time to return their USB descriptors, like Logitech HD Pro Webcam C920. PR: 248926 Approved by: re (gjb), hselasky Notes: svn path=/releng/12.2/; revision=366693
* MFS12: r366422 r366588Warner Losh2020-10-143-2/+49
| | | | | | | | | | | | | | r366588: fixes video display heuristic that prevented byhve and vmware from detecting dual consoles. r366422: Report the kernel console on the boot screen Report what console the boot loader is telling the kernel to use and allow toggling between them. Approved by: re@ (gjb) Notes: svn path=/releng/12.2/; revision=366691
* Update releng/12.2 to RC2 as part of the 12.2-RELEASE cycle.Glen Barber2020-10-081-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366553
* Update the 12.2 pkg_repos/release-dvd.conf file to use theGlen Barber2020-10-081-1/+1
| | | | | | | | | | release_2 set for dvd1.iso builds for reproducibility. Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366530
* MFS r366360,r366361:Mitchell Horne2020-10-071-1/+1
| | | | | | | | | | MFC r366271: arm64: set the correct HWCAP Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366520
* MFS12 r366180, r366341:Glen Barber2020-10-061-2/+4
| | | | | | | | | | | | | | r366180 (asomers): Fix resuming receive stream to dataset with mounted clone r366341 (asomers): Fix "zfs receive" of interrupted stream without "-F" Approved by: re (kib) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366490
* MFS r366438:Navdeep Parhar2020-10-051-26/+41
| | | | | | | | | | cxgbe(4): set up the firmware flowc for the tid before send_abort_rpl. Approved by: re@ (gjb@) Sponsored by: Chelsio Communications Notes: svn path=/releng/12.2/; revision=366451
* MFS r366395: Fix Typo in ng_hci_le_connection_complete_ep struct.Kyle Evans2020-10-041-1/+1
| | | | | | | Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366419
* Rename releng/12.2 to RC1 as part of the 12.2-RELEASE cycle.Glen Barber2020-10-021-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366352
* MFS r366305: MFC r366064, r366065, r366215Xin LI2020-10-011-6/+13
| | | | | | | | | sbin/fsck_msdosfs: Fix an integer overflow on 32-bit platforms Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366338
* MFS r366324:Michael Tuexen2020-10-013-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | Improve the handling of receiving unordered and unreliable user messages using DATA chunks. Don't use fsn_included when not being sure that it is set to an appropriate value. If the default is used, which is -1, this can result in SCTP associaitons not making any user visible progress. Thanks to Yutaka Takeda for reporting this issue for the the userland stack in https://github.com/pion/sctp/issues/138. MFS r366329: Improve the input validation and processing of cookies. This avoids setting the association in an inconsistent state, which could result in a use-after-free situation. This can be triggered by a malicious peer, if the peer can modify the cookie without the local endpoint recognizing it. Thanks to Ned Williamson for reporting the issue. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366335
* MFS 366297: Revert most of r360179.John Baldwin2020-10-011-24/+1
| | | | | | | | | | | | I had failed to notice that sgsendccb() was using cam_periph_mapmem() and thus was not passing down user pointers directly to drivers. In practice this broke requests submitted from userland. PR: 249395 Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366332
* MFS r365996:Mitchell Horne2020-09-301-28/+57
| | | | | | | | | | | | | MFC r365304: arm64: update the set of HWCAP definitions MFC r365459: arm64: fix incorrect HWCAP definitions Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366301
* MFC r357530/MFS r357530:Konstantin Belousov2020-09-301-5/+1
| | | | | | | | | Remove unneeded assert for curproc. Simplify. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366292
* MF stable/12 r366258:Niclas Zeising2020-09-292-27/+0
| | | | | | | | | | | | bsdconfig, bsdinstall: Prune dead mirrors Prune dead mirrors from the list of mirrors in bsdconfig and bsdinstall. All these return NXDOMAIN when trying to resolve them. Approved by: re (gjb), emaste Notes: svn path=/releng/12.2/; revision=366263
* MFS: r366238Rick Macklem2020-09-291-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bjorn reported a problem where the Linux NFSv4.1 client is using an open_to_lock_owner4 when that lock_owner4 has already been created by a previous open_to_lock_owner4. This caused the NFS server to reply NFSERR_INVAL. For NFSv4.0, this is an error, although the updated NFSv4.0 RFC7530 notes that the correct error reply is NFSERR_BADSEQID (RFC3530 did not specify what error to return). For NFSv4.1, it is not obvious whether or not this is allowed by RFC5661, but the NFSv4.1 server can handle this case without error. This patch changes the NFSv4.1 (and NFSv4.2) server to handle multiple uses of the same lock_owner in open_to_lock_owner so that it now correctly interoperates with the Linux NFS client. It also changes the error returned for NFSv4.0 to be NFSERR_BADSEQID. Thanks go to Bjorn for diagnosing this and testing the patch. He also provided a program that I could use to reproduce the problem. PR: 249567 Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366256
* MFS r366028: Spawn the DHCPv6 client in EC2 instances via rtsold.Colin Percival2020-09-281-3/+13
| | | | | | | | Approved by: re (gjb) Sponsored by: https://www.patreon.com/cperciva Notes: svn path=/releng/12.2/; revision=366232
* MF12 r366218:Stefan E├čer2020-09-283-1/+19
| | | | | | | | | | | | | | Add documentation of the build options WITH_GH_BC and WITHOUT_GH_BC to optionally replace the traditional implementation of bc(1) and dc(1) with the new implementation that has become the default version in -CURRENT. The man-page differs from the one in -CURRENT due to different default values of that build option. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366227
* MFS r366220:Mark Johnston2020-09-281-5/+7
| | | | | | | | | | | MFC r366167: ng_l2tp: Fix callout synchronization in the rexmit timeout handler PR: 241133 Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366223
* MFS r366178: Move finalize_components_config from get_params to cmd_*.Colin Percival2020-09-281-1/+8
| | | | | | | | | | | This eliminates spurious emails from `freebsd-update cron` when the src component is listed in freebsd-update.conf but is not present. Approved by: re (delphij) Sponsored by: https://www.patreon.com/cperciva Notes: svn path=/releng/12.2/; revision=366214
* MFS r366179: Make nvmecontrol work with nda like it does with nvd, andColin Percival2020-09-283-3/+97
| | | | | | | | | | associated bits. Approved by: re (delphij) Sponsored by: https://www.patreon.com/cperciva Notes: svn path=/releng/12.2/; revision=366213
* MFS r366009: Include ebsnvme-id in arm64 AMIs.Colin Percival2020-09-281-8/+1
| | | | | | | | Approved by: re (delphij) Sponsored by: https://www.patreon.com/cperciva Notes: svn path=/releng/12.2/; revision=366212
* MF stable/12 r366190:Alan Somers2020-09-282-8/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | fusefs: fix mmap'd writes in direct_io mode If a FUSE server returns FOPEN_DIRECT_IO in response to FUSE_OPEN, that instructs the kernel to bypass the page cache for that file. This feature is also known by libfuse's name: "direct_io". However, when accessing a file via mmap, there is no possible way to bypass the cache completely. This change fixes a deadlock that would happen when an mmap'd write tried to invalidate a portion of the cache, wrongly assuming that a write couldn't possibly come from cache if direct_io were set. Arguably, we could instead disable mmap for files with FOPEN_DIRECT_IO set. But allowing it is less likely to cause user complaints, and is more in keeping with the spirit of open(2), where O_DIRECT instructs the kernel to "reduce", not "eliminate" cache effects. PR: 247276 Approved by: re (gjb) Reported by: trapexit@spawn.link Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D26485 Notes: svn path=/releng/12.2/; revision=366211
* MFS of 366163 from stable/12 which is MFC of 365992 from head.Kirk McKusick2020-09-261-0/+3
| | | | | | | | | | Update check-hash when doing large UFS filesystem expansions. Approved by: re@ (Glen Barber) Sponsored by: Netflix Notes: svn path=/releng/12.2/; revision=366187
* MFS: r366176Jung-uk Kim2020-09-25787-5532/+3879
| | | | | | | | | Merge OpenSSL 1.1.1h. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366177
* MFS r366154:Mark Johnston2020-09-251-16/+30
| | | | | | | | | | | MFC r366005: udf: Validate the full file entry length PR: 248613 Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366160
* Update releng/12.2 to BETA3 as part of the 12.2-RELEASE cycle.Glen Barber2020-09-251-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=366133
* MFS r365987: certctl rehash upon install/distributeKyle Evans2020-09-242-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r365829: installworld: run `certctl rehash` after installation completes This was originally introduced back in r360833, and subsequently reverted because it was broken for -DNO_ROOT builds and it may not have been the correct place for it. While debatably this may still not be 'the correct place,' it's much cleaner than scattering rehashes all throughout the tree. brooks has fixed the issue with -DNO_ROOT by properly writing to the METALOG in r361397. Do note that this is different than what was originally committed; brooks had revisions in D24932 that made it actually use the revised unprivileged mode and write to METALOG, along with being a little more friendly to foreign crossbuilds and just using the certctl in-tree. With this change, I believe we should now have a populated /etc/ssl/certs in the VM images. r365837: Promote the installworld `certctl rehash` to distributeworld Contrary to my belief, installworld is not sufficient for getting certs installed into VM images. Promote the rehash to both installworld and distributeworld (notably: not stageworld) and rehash the base distdir so we end up with /etc/ssl/certs populated in the base dist archive. A future commit will remove the rehash from bsdinstall, which doesn't really need to happen if they're installed into base.txz. While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/ r365852: Revert r361257: bsdinstall: do a `certctl rehash` upon installation [...] As of r365829, any given base distribution set will now include the /etc/ssl symlinks that this rehash would've otherwise installed. This extra step is no longer required. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366125
* MFS: r366050, r366117Rick Macklem2020-09-241-4/+6
| | | | | | | | | | | | | | | | | | | | | | | Fix a LOR between the NFS server and server side krpc. Recent testing of the NFS-over-TLS code found a LOR between the mutex lock used for sessions and the sleep lock used for server side krpc socket structures. The code in nfsrv_checksequence() and nfsrv_bindconnsess() would call SVC_RELEASE() with mutex(es) held. Normally this is ok, since all that happens is SVC_RELEASE() decrements the reference count. However, if the socket has just been shut down, SVC_RELEASE() drops the reference count to 0 and acquires a sleep lock during destruction of the server side krpc structure. This patch fixes the problem by moving the SVC_RELEASE() call in nfsrv_checksequence() and nfsrv_bindconnsess() down a few lines to below where the mutex(es) are released. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366120
* MFS: r365703Rick Macklem2020-09-241-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a case where the NFSv4.0 server might crash if delegations are enabled. asomers@ reported a crash on an NFSv4.0 server with a backtrace of: kdb_backtrace vpanic panic nfsrv_docallback nfsrv_checkgetattr nfsrvd_getattr nfsrvd_dorpc nfssvc_program svc_run_internal svc_thread_start fork_exit fork_trampoline where the panic message was "docallb", which indicates that a callback was attempted when the ClientID is unconfirmed. This would not normally occur, but it is possible to have an unconfirmed ClientID structure with delegation structure(s) chained off it if the client were to issue a SetClientID with the same "id" but different "verifier" after acquiring delegations on the previously confirmed ClientID. The bug appears to be that nfsrv_checkgetattr() failed to check for this uncommon case of an unconfirmed ClientID with a delegation structure that no longer refers to a delegation the client knows about. This patch adds a check for this case, handling it as if no delegation exists, which is the case when the above occurs. Although difficult to reproduce, this change should avoid the panic(). PR: 249127 Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366116
* MFS r365983Eric Joyner2020-09-232-1/+6
| | | | | | | | | | | | Contains fixes for issues in em(4)/igb(4): - Fix define and includes with RSS option enabled - Properly retain promisc flag in init PR: 249191, 248869 Approved by: re (gjb@) Notes: svn path=/releng/12.2/; revision=366097
* MFS r365986: caroot: update base storeKyle Evans2020-09-235-0/+265
| | | | | | | | | | | Count: - Two (2) removed - Three (3) added Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=366084
* MFS r365979:Mark Johnston2020-09-221-4/+4
| | | | | | | | | Mark sysctls added in r365689 as MPSAFE. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=365985
* MFS r365937, which merged r365861 and r365872 from head to stable/12.Navdeep Parhar2020-09-2113-24/+72
| | | | | | | | | | | | | | r365861: cxgbe(4): Update T4/5/6 firmwares to 1.25.0.0. r365872: cxgbe(4): add the firmware binaries instead of the empty files that were added in r365861. Approved by: re@ (gjb@) Notes: svn path=/releng/12.2/; revision=365961
* MFS r365667,r365920: extend kern.geom.part.check_integrity to work on GPTEugene Grosbein2020-09-212-6/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are multiple USB/SATA bridges on the market that unconditionally cut some LBAs off connected media. This could be a problem for pre-partitioned drives so GEOM complains and does not create devices in /dev for slices/partitions preventing access to existing data. We have a knob kern.geom.part.check_integrity that allows us to correct partitioning if changed from default 1 to 0 but it works for MBR only. If backup copy of GPT is unavailable due to decreased number of LBAs, the kernel does not give access to partitions still and prints to dmesg: GEOM: md0: corrupt or invalid GPT detected. GEOM: md0: GPT rejected -- may not be recoverable. This change makes it work for GPT too, so it created partitions in /dev and prints to dmesg this instead: GEOM: md0: the secondary GPT table is corrupt or invalid. GEOM: md0: using the primary only -- recovery suggested. Then "gpart recover" re-creates backup copy of GPT and allows further manipulations with partitions. This change is no-op for default configuration having kern.geom.part.check_integrity=1 Reported by: Alex Korchmar Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=365944
* MFS r365928:Mark Johnston2020-09-211-2/+7
| | | | | | | | | | MFC r365841: Increase the default vm.max_user_wired value. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=365933
* MFS r365689,r365808,r365860Allan Jude2020-09-1917-13/+413
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MFOpenZFS: Introduce read/write kstats per dataset The following patch introduces a few statistics on reads and writes grouped by dataset. These statistics are implemented as kstats (backed by aggregate sums for performance) and can be retrieved by using the dataset objset ID number. The motivation for this change is to provide some preliminary analytics on dataset usage/performance. Reviewed-by: Richard Elling <Richard.Elling@RichardElling.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed by: Matthew Ahrens <mahrens@delphix.com> Signed-off-by: Serapheim Dimitropoulos <serapheim@delphix.com> openzfs/zfs@a448a2557ec4938ed6944c7766fe0b8e6e5f6456 Also contains parts of: MFOpenZFS: Connect dataset_kstats for FreeBSD Example output: kstat.zfs.mypool.dataset.objset-0x10b.nread: 150528 kstat.zfs.mypool.dataset.objset-0x10b.reads: 48 kstat.zfs.mypool.dataset.objset-0x10b.nwritten: 134217728 kstat.zfs.mypool.dataset.objset-0x10b.writes: 1024 kstat.zfs.mypool.dataset.objset-0x10b.dataset_name: mypool/datasetname Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Reviewed by: Sean Eric Fagan <sef@ixsystems.com> Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Allan Jude <allan@klarasystems.com> openzfs/zfs@4547fc4e071ceb1818b3a46c3035b923e06e5390 Approved by: re (gjb) Relnotes: yes Sponsored by: Klara Inc. Notes: svn path=/releng/12.2/; revision=365917
* MFS r365891: certctl: fix unprivileged modeKyle Evans2020-09-191-2/+2
| | | | | | | | | | | | | | | The first issue was lack of quoting around INSTALLFLAGS, which set it incorrectly and produced an error on -M. The second issue was that we weren't actually doing the install in unprivileged mode, making it effectively useless. This was designed to pass through the proper metalog/unpriv flags to install(1), so just let it happen. Approved by: re (gjb) Notes: svn path=/releng/12.2/; revision=365897
* Rename releng/12.2 to BETA2 as part of the 12.2-RELEASE cycle.Glen Barber2020-09-181-1/+1
| | | | | | | | Approved by: re (implicit) Sponsored by: Rubicon Communications, LLC (netgate.com) Notes: svn path=/releng/12.2/; revision=365865