- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it). Take whichever byte order gives a number that is
reasonable, i.e. lower than the number of bits in the buffer.
Continue to have `rndctl -S' generate it in machine-dependent byte
order for now, so that if you roll back to an older rndctl(8) then
`rndctl -L' on the same machine will still be able to load it with
the right entropy estimate. In a future revision, perhaps we can
change it to be little-endian.
boot.c:150:29, left shift of 255 by 24 places cannot be represented in type 'int'
boot.c:153:29, left shift of 255 by 24 places cannot be represented in type 'int'
From FreeBSD: https://reviews.freebsd.org/D23082:
Correct off-by-two issue when determining FAT type.
In the code we used NumClusters as the upper (non-inclusive) boundary
of valid cluster number, so the actual value was 2 (CLUST_FIRST) more
than the real number of clusters. This causes a FAT16 media with
65524 clusters be treated as FAT32 and might affect FAT12 media with
4084 clusters as well.
To fix this, we increment NumClusters by CLUST_FIRST after the type
determination.
- Partially sort the list of per-vnode namecache entries by using a TAILQ.
Put the real name to the head, and put dot and dotdot to the tail so that
cache_lookup_reverse() doesn't have to consider them.
no need to skip a prefix "0x" of output of snprintb.
ifconfig expect the result of snprintb has "0x" prefix, but snprintb(3) specification has changed
so that if 0 is passed, it prints "0" instead of "0x0". (common/lib/libutil/snprintb.c r1.22)
The seed file is updated by entering the old seed into the system and
then hashing the old seed together with data from /dev/urandom, and
writing it atomically with write-to-temporary/rename-to-permanent.
This way, interruption by crash or power loss does not obliterate
your persistent entropy (unless it causes file system corruption).
GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8)
GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8)
GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8)
GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8)
use these to turn off warnings for most GCC-8 complaints. many
of these are false positives, most of the real bugs are already
commited, or are yet to come.
we plan to introduce versions of (some?) of these that use the
"-Wno-error=" form, which still displays the warnings but does
not make it an error, and all of the above will be re-considered
as either being "fix me" (warning still displayed) or "warning
is wrong."
configuring default values, retry with a smaller cluster size.
This makes the typical invocation to create a spec conformant EFI boot
partition work out of the box.
otherwise, if DIOCGDISKINFO returns an error != ENXIO getdiskinfo() later
tries to prop_object_release() stack garbage.
found by rumpctrl tests using clang-7.
returntosingle was defined in multiple places:
- fsck_lfs/main.c
- fsck_ffs/main.c
- fsck_ext2fs/main.c
- fsck/fsutil.c
Keep the fsutil.c definition as the only one.
Detected during the build of telned with Address Sanitizer (MKSANITIZER).
First proposed by jmcneill in 2017 and modified by me.
How to use:
- Set callback function:
ether_set_vlan_cb(struct ethercom *, ether_vlancb_t)
- Callback. This function is called when a vlan is attached/detached to the
parent interface:
int (*ether_vlancb_t)(struct ethercom *ec, uint16_t vlanid, bool set);
- ifconfig(8)
ifconfig ixg0 [-]vlan-hwfilter
Note that ETHERCAP_VLAN_HWFILTER is set by default on ixg(4) because
the PF driver usually enable "all block" filter by default.
Make options to chose alternate label position for systems using MBR
more intuitive. -m now selects mode with MBR, -n selects mode without,
independent of the machine defaults.
gpt_change_ent(). The purpose of the third argument is to specify
whether the entry to be changed is a primary GPT entry or a secondary
GPT entry. It is assumed that a secondary GPT entry will always
follow a corresponding primary entry.
This is in preparation for an upcoming change that will require it.
Make a SMALL dmesg even smaller.
When compiled -DSMALL, dmesg does nothing at all with the kernel
timestamps (it processes no options to be told what would be the
user's desire) so make it truly do (almost) nothing, rather than
some botched partial processing of them.
The "almost" is that a SMALL dmesg will now ignore spaces at the
beginning of each new message line ... those are (vanishingly)
unlikely to occur, as the kernel puts the timestamp (which starts
with '[' there) - fixing this would have meant even more #ifdef's
as the code that ignores that leading space is the only remaining
thing that (in a SMALL) dmesg looks at the value of the "tstamp"
variable, and if we don't keep some use of it, gcc complains...
These changes affect only SMALL dmesg (as installed on boot
floppies, etc) and have no intended effect on the version that's
installed on a normal (full size) running system.
Don't use portal_node_reclaim() inappropriately. It frees data we
did not allocate, but which might have been allocated by someone else.
While here, various other cleanups (avoid losing fd's if fork fails,
don't compose mangled st_mode S_IFMT values - puffs or's in what it
thinks is correct to the value we set, one case I saw was producing
0110600 for the mode, the 011 isn't any defined type at all - I'd
never seen ls print a '?' as the first char of ls -l output before!
This is still not really correct, but is I believe, better than before.
names (including the terminating NUL), as well as directory entries with
extra free space (d->d_reclen > UFS_DIRSIZ(d)).
Inspired from FreeBSD:
https://svnweb.freebsd.org/base?view=revision&revision=347066
While the kernel has been fixed to deal with the padding bytes (new
kernels will correctly zero out all the padding after the name), it
appears that there is still an issue with directory entries with extra
free space, since a newly created and populated filesystem gets modified
with "fsck_ffs -z".
Fix cgdconfig to report verification failures with gpt and mbr
verification methods (and not treat them as silent hard errors).
This also causes the cgd to be unconfigured when one of those
verification methods fails.
Add ATF tests to check that bad verification is reported, and
does not leave the cgd configured.
Patches from the PR applied.
and size in sectors (instead of the totally confusing bytes),
followed by the humanized byte offset/size.
This makes the numbers match the "gpt show" or "gpt show -a"
output.
This address situations where dump(8) cannot figure out the device being
dumped. It also allows tracking of subvolume dumps by using virtual
device as dumpdates entry.
235 - POR Recovery Count
243 - SATA Downshift Count
244 - Thermal Throttle Status
245 - Timed Workload Media Wear
251 - NAND Writes
all 5 turn up on newer samsung SSDs, though 3 of them all
read 65535 for me across muliplte devices.
- remove casts when the same type is used on both sides
- expand hours_buffer[] to fit the range of hours in an 'int'
- add a work around for the sprintf() truncation checker that fails
to detect that 'minutes' and 'seconds' have a small range
wiz