aboutsummaryrefslogtreecommitdiff
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* - Add support for eMMC "partitions". Besides the user data area, i. e.Marius Strobl2017-03-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the default partition, eMMC v4.41 and later devices can additionally provide up to: 1 enhanced user data area partition 2 boot partitions 1 RPMB (Replay Protected Memory Block) partition 4 general purpose partitions (optionally with a enhanced or extended attribute) Of these "partitions", only the enhanced user data area one actually slices the user data area partition and, thus, gets handled with the help of geom_flashmap(4). The other types of partitions have address space independent from the default partition and need to be switched to via CMD6 (SWITCH), i. e. constitute a set of additional "disks". The second kind of these "partitions" doesn't fit that well into the design of mmc(4) and mmcsd(4). I've decided to let mmcsd(4) hook all of these "partitions" up as disk(9)'s (except for the RPMB partition as it didn't seem to make much sense to be able to put a file-system there and may require authentication; therefore, RPMB partitions are solely accessible via the newly added IOCTL interface currently; see also below). This approach for one resulted in cleaner code. Second, it retains the notion of mmcsd(4) children corresponding to a single physical device each. With the addition of some layering violations, it also would have been possible for mmc(4) to add separate mmcsd(4) instances with one disk each for all of these "partitions", however. Still, both mmc(4) and mmcsd(4) share some common code now e. g. for issuing CMD6, which has been factored out into mmc_subr.c. Besides simply subdividing eMMC devices, some Intel NUCs having UEFI code in the boot partitions etc., another use case for the partition support is the activation of pseudo-SLC mode, which manufacturers of eMMC chips typically associate with the enhanced user data area and/ or the enhanced attribute of general purpose partitions. CAVEAT EMPTOR: Partitioning eMMC devices is a one-time operation. - Now that properly issuing CMD6 is crucial (so data isn't written to the wrong partition for example), make a step into the direction of correctly handling the timeout for these commands in the MMC layer. Also, do a SEND_STATUS when CMD6 is invoked with an R1B response as recommended by relevant specifications. However, quite some work is left to be done in this regard; all other R1B-type commands done by the MMC layer also should be followed by a SEND_STATUS (CMD13), the erase timeout calculations/handling as documented in specifications are entirely ignored so far, the MMC layer doesn't provide timeouts applicable up to the bridge drivers and at least sdhci(4) currently is hardcoding 1 s as timeout for all command types unconditionally. Let alone already available return codes often not being checked in the MMC layer ... - Add an IOCTL interface to mmcsd(4); this is sufficiently compatible with Linux so that the GNU mmc-utils can be ported to and used with FreeBSD (note that due to the remaining deficiencies outlined above SANITIZE operations issued by/with `mmc` currently most likely will fail). These latter will be added to ports as sysutils/mmc-utils in a bit. Among others, the `mmc` tool of the GNU mmc-utils allows for partitioning eMMC devices (tested working). - For devices following the eMMC specification v4.41 or later, year 0 is 2013 rather than 1997; so correct this for assembling the device ID string properly. - Let mmcsd.ko depend on mmc.ko. Additionally, bump MMC_VERSION as at least for some of the above a matching pair is required. - In the ACPI front-end of sdhci(4) describe the Intel eMMC and SDXC controllers as such in order to match the PCI one. Additionally, in the entry for the 80860F14 SDXC controller remove the eMMC-only SDHCI_QUIRK_INTEL_POWER_UP_RESET. OKed by: imp Submitted by: ian (mmc_switch_status() implementation) Notes: svn path=/head/; revision=315430
* Start adding basic tests for cam(3)Enji Cooper2017-03-151-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This change contains several negative and positive tests for: - cam_open_device - cam_close_device - cam_getccb - cam_freeccb This also contains a test for the failure case noted in bug 217649, i.e., O_RDWR must be specified because pass(4) requires it. This test unfortunately cannot assume that cam-capable devices are present, so the user must explicitly provide a device via `test_suites.FreeBSD.cam_test_device`. In the future, a test kernel module might be shipped, or ctl(4) might be used, as a test device when testing out libcam, which will allow the tests to do away with having to specify an explicit test device. Reviewed by: asomers, ken (earlier diff) MFC after: 1 week Sponsored by: Dell EMC Isilon Differential Revision: D9928 Notes: svn path=/head/; revision=315320
* Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/...Enji Cooper2017-03-141-4/+0
| | | | | | | | | | | | | | | | | | | This change moves the tests added in r313962 to an existing directory structure used by the geli TAP tests. It also, renames the test from pbkdf2 to pbkdf2_test . The changes to ObsoleteFiles.inc are being committed separately as they aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests is done all in one commit. MFC after: 2 weeks X-MFC with: r313962, r313972-r313973 Reviewed by: allanjude Sponsored by: Dell EMC Isilon Differential Revision: D9985 Notes: svn path=/head/; revision=315230
* Move /etc/ to SRCTOPWarner Losh2017-03-122-13/+13
| | | | | | | | | | | Prefer ${SRCTOP}/ to ${.CURDIR}/../ and ${.CURDIR}/../../ as appropriate. Differential Revision: https://reviews.freebsd.org/D9932 Sponsored by: Netflix Silence On: arch@ (twice) Notes: svn path=/head/; revision=315171
* Add the diff to the tests mtreeBaptiste Daroussin2017-03-111-0/+2
| | | | | | | Reported by: lwhsu Notes: svn path=/head/; revision=315055
* texinfo is gone in r276551 remove the related directoriesBaptiste Daroussin2017-03-081-2/+0
| | | | | | | Reported by: jbeich Notes: svn path=/head/; revision=314902
* Only install 900.tcpwrap if MK_INETD != "no" and MK_TCP_WRAPPERS != "no"Enji Cooper2017-03-081-2/+5
| | | | | | | | | | | | | | | It relies on output from inetd that is triggered by MK_TCP_WRAPPERS=yes. We need to check for both knobs being set -- otherwise the script doesn't have much value. PR: 217577 Submitted by: Sergey <kpect@protonmail.com> (MK_TCP_WRAPPERS piece) MFC after: 1 week Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=314895
* Fix install due to incorrect placement of pwait dir in r314886.Cy Schubert2017-03-081-2/+2
| | | | | | | | | Reported by: Shawn Webb <shawn.webb@hardenedbsd.org> MFC after: 2 weeks X-MFC with: r314886 Notes: svn path=/head/; revision=314892
* pwait: Add a -t flag to specify a timeout before exiting, and tests.Bryan Drewery2017-03-071-0/+2
| | | | | | | | | | | The exit status will be 124, as the timeout(1) utility uses. Reviewed by: jilles MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D9697 Notes: svn path=/head/; revision=314886
* Integrate indent tests added in r313544 into ATF/Kyua and the FreeBSDEnji Cooper2017-03-031-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | test suite This change does the following: - Introduces symmetry in the test inputs/outputs by adding the exit code to the files. This simplified the test driver notably by requiring less filename/test name manipulation. - Adds a test driver for the testcases added in r313544, patterned after bin/sh/tests/functional_test.sh . The driver calls indent as noted in r313544, with an exception: The $FreeBSD$ RCS keyword's expansion is reindented with indent, which means that the output differs from the expected output. Thus, all lines with $FreeBSD$ in them are deleted on the fly, both in the input file and the output file. The test inputs/outputs are copied to the kyua sandbox before the test is run as the pathing in some of the files relies on pathing normalized to the current directory (copying the files is the easiest way to resolve the issue). Approved by: pstef (maintainer) Reviewed by: pstef X-MFC with: r313544 Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D9682 Notes: svn path=/head/; revision=314613
* Merge ^/head r314270 through r314419.Dimitry Andric2017-02-283-11/+3
|\ | | | | | | Notes: svn path=/projects/clang400-import/; revision=314421
| * Remove SVR4 (System V Release 4) binary compatibility support.Gleb Smirnoff2017-02-282-9/+1
| | | | | | | | | | | | | | | | UNIX System V Release 4 is operating system released in 1988. It ceased to exist in early 2000-s. Notes: svn path=/head/; revision=314373
| * Update devd.conf for ports change 421360Alan Somers2017-02-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Ports change 421360 changed the name and UID of the postgres user Reviewed by: trasz, imp, girgen MFC after: 3 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D9746 Notes: svn path=/head/; revision=314341
* | Merge ^/head r314129 through r314177.Dimitry Andric2017-02-231-1/+1
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=314178
| * The ct driver was removed by r312910.Yoshihiro Takahashi2017-02-231-1/+1
| | | | | | | | Notes: svn path=/head/; revision=314149
* | Merge ^/head r313896 through r314128.Dimitry Andric2017-02-232-3/+5
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=314130
| * Remove more stray EISA refernces: ahb was removed. Remove the crossWarner Losh2017-02-221-1/+1
| | | | | | | | | | | | | | reference and replace, where appropiate, with ahd.4. Notes: svn path=/head/; revision=314110
| * Remove lib/libpam tests after they were removed from the source tree in r313975Enji Cooper2017-02-201-2/+0
| | | | | | | | | | | | | | | | X-MFC with: r313975 Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=313976
| * improve PBKDF2 performanceAllan Jude2017-02-191-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be GELI's PBKDF2 uses a simple benchmark to determine a number of iterations that will takes approximately 2 seconds. The security provided is actually half what is expected, because an attacker could use the optimized algorithm to brute force the key in half the expected time. With this change, all newly generated GELI keys will be approximately 2x as strong. Previously generated keys will talk half as long to calculate, resulting in faster mounting of encrypted volumes. Users may choose to rekey, to generate a new key with the larger default number of iterations using the geli(8) setkey command. Security of existing data is not compromised, as ~1 second per brute force attempt is still a very high threshold. PR: 202365 Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/ Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version) Reviewed by: ed, pjd, delphij Approved by: secteam, pjd (maintainer) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D8236 Notes: svn path=/head/; revision=313962
* | Merge ^/head r313301 through r313643.Dimitry Andric2017-02-111-0/+2
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=313644
| * MFhead@r313360Enji Cooper2017-02-071-1/+1
| |\ | | | | | | | | | Notes: svn path=/projects/netbsd-tests-upstream-01-2017/; revision=313361
| * \ MFhead@r313243Enji Cooper2017-02-047-61/+24
| |\ \ | | | | | | | | | | | | Notes: svn path=/projects/netbsd-tests-upstream-01-2017/; revision=313244
| * | | Integrate .../contrib/netbsd-tests/usr.bin/uniq into the FreeBSD testEnji Cooper2017-01-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | suite as .../usr.bin/uniq/tests Sponsored by: Dell EMC Isilon Notes: svn path=/projects/netbsd-tests-upstream-01-2017/; revision=312127
* | | | Merge ^/head r313055 through r313300.Dimitry Andric2017-02-054-4/+19
|\ \ \ \ | | |_|/ | |/| | | | | | Notes: svn path=/projects/clang400-import/; revision=313301
| * | | Use kldload -n when loading if_deqnaEnji Cooper2017-02-051-1/+1
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes if_deqna from being loaded by accident twice if it's already loaded in the kernel. MFC after: 1 week Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=313276
| * | Allow 999.local to run scripts in any languageAlan Somers2017-02-013-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If one of the scripts listed in (daily|weekly|monthly)_local is executable, 999.local should simply execute it. Only if the script isn't executable should 999.local assume it needs /bin/sh. Reviewed by: brian MFC after: 3 weeks Sponsored by: Spectra Logic Corp Notes: svn path=/head/; revision=313069
* | | Merge ^/head r312894 through r312967.Dimitry Andric2017-01-292-50/+0
|\| | | | | | | | | | | Notes: svn path=/projects/clang400-import/; revision=312968
| * | Remove pc98 support completely.Yoshihiro Takahashi2017-01-282-50/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | I thank all developers and contributors for pc98. Relnotes: yes Notes: svn path=/head/; revision=312910
* | | Merge ^/head r312624 through r312719.Dimitry Andric2017-01-241-6/+6
|\| | | | | | | | | | | Notes: svn path=/projects/clang400-import/; revision=312720
| * | Sort REALTEK section and remove duplicate entry for RTL8192CU.Kevin Lo2017-01-241-1/+1
| | | | | | | | | | | | Notes: svn path=/head/; revision=312681
| * | Add support for the Realtek RTL8192EU chipset.Kevin Lo2017-01-241-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | Committed over the D-Link DWA-131 rev E1 on amd64 with WPA. Reviewed by: avos Notes: svn path=/head/; revision=312680
* | | Merge ^/head r312309 through r312623.Dimitry Andric2017-01-221-2/+0
|\| | | | | | | | | | | Notes: svn path=/projects/clang400-import/; revision=312624
| * | Remove obsolete /usr/lib/debug/usr/lib/private dirEd Maste2017-01-201-2/+0
| |/ | | | | | | | | | | | | | | | | Missed in r282420 Reported by: dim Notes: svn path=/head/; revision=312450
* | Merge ^/head r311812 through r311939.Dimitry Andric2017-01-112-1/+3
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=311940
| * Follow r311103: add "pool" to the keywords that rc.d/ntpdate examines toIan Lepore2017-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | find a server address in ntp.conf. Submitted by: Ronald Klop <ronald@klop.ws> Pointy hat to: ian Notes: svn path=/head/; revision=311907
| * Fix memory leaks during "tail -r" of an irregular fileAlan Somers2017-01-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rewrite r_buf to use standard tail queues instead of a hand-rolled circular linked list. Free dynamic allocations when done. * Remove an optimization for the case where the file is a multiple of 128KB in size and there is a scarcity of memory. * Add ATF tests for "tail -r" and its variants. Reported by: Valgrind Reviewed by: ngie MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D9067 Notes: svn path=/head/; revision=311895
* | Merge ^/head r311546 through r311683.Dimitry Andric2017-01-081-5/+8
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=311684
| * Move the mibII module up so uncommenting the bridge module worksEnji Cooper2017-01-071-5/+8
| | | | | | | | | | | | | | | | | | Add a note about how module ordering and dependent modules MFC after: 1 week Notes: svn path=/head/; revision=311601
* | Merge ^/head r311314 through r311459.Dimitry Andric2017-01-052-3/+3
|\| | | | | | | Notes: svn path=/projects/clang400-import/; revision=311460
| * Fix typo from r311349Alan Somers2017-01-051-0/+1
| | | | | | | | | | | | | | | | | | | | Reported by: lwhsu Pointy-hat-to: asomers MFC after: 4 weeks X-MFC-with: 311349 Notes: svn path=/head/; revision=311445
| * tabs -> spaces in etc/mtreeAlan Somers2017-01-052-3/+2
| | | | | | | | | | | | | | MFC after: 4 weeks Notes: svn path=/head/; revision=311349
* | Adjust version numbers for the clang library directory.Dimitry Andric2017-01-052-2/+2
|/ | | | Notes: svn path=/projects/clang400-import/; revision=311456
* Update ntp.conf to use the ntpd pool feature.Ian Lepore2017-01-021-16/+36
| | | | | | | | | | | | | | | | | | | | | | | Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org using 3 separate 'server' config lines. That is now replaced with a single 'pool' line which causes ntpd to add multiple servers from the pool. More than just making the config smaller, the pool feature in ntpd has one major advantage over configuring 3 separate servers from a pool: if a server that was added using a 'pool' statement provides bad time (initially or at some later date), ntpd automatically discards it and configures a new different server from the pool without needing to be restarted. These changes also add a 'tos' line to control how many pool servers get added, a 'restrict source' line that is required to allow ntpd to add new peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does nothing and should never have been there (127.127.1.0 is not a valid IP address, it's a refclock identifier). Differential Revision: https://reviews.freebsd.org/D9011 Notes: svn path=/head/; revision=311103
* Provide some guidance when dealing with sections and variables containedEnji Cooper2016-12-231-0/+8
| | | | | | | | | | | | within them For example, using variables designated for %usm requires uncommenting %usm section header MFC after: 1 month Notes: svn path=/head/; revision=310467
* Don't hardcode $(securityModelUSM) (3) in the authPriv example under the %vacmEnji Cooper2016-12-231-4/+4
| | | | | | | | | section MFC after: 1 week Notes: svn path=/head/; revision=310466
* Group all loadable modules in the %default sectionEnji Cooper2016-12-231-47/+51
| | | | | | | | | | | | This will allow new users to uncomment the modules and have things work with less head scratching, in the event they decide to uncomment any of the section separators, e.g. %usm or %vcm, as the module loading is only effective in the %default section. MFC after: 1 week Notes: svn path=/head/; revision=310458
* Clean up trailing whitespaceEnji Cooper2016-12-231-3/+3
| | | | | | | | | No functional change MFC after: 3 days Notes: svn path=/head/; revision=310457
* Add an example inetd(8) entry for the Prometheus sysctl exporter.Ed Schouten2016-12-212-0/+5
| | | | | | | | | | | | I went through the process of allocating a default port number for this exporter, TCP 9124. This means that we can add an entry to the services file as well. List of Prometheus default port numbers: https://github.com/prometheus/prometheus/wiki/Default-port-allocations Notes: svn path=/head/; revision=310355
* Merge ^/head r309817 through r310168.Dimitry Andric2016-12-162-1/+8
|\ | | | | | | Notes: svn path=/projects/clang391-import/; revision=310169
| * Add support for encrypted kernel crash dumps.Konrad Witaszczyk2016-12-102-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712 Notes: svn path=/head/; revision=309818
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-11 16:28:51 +0000