Date: Tue, 14 May 2019 03:52:07 +0000 (UTC) From: Enji Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r347560 - in projects/runtime-coverage-v2: . contrib/netbsd-tests/lib/libc/sys etc lib/libc/powerpc64/string lib/libc/sys lib/libc/tests/sys lib/libcasper/services/cap_sysctl lib/libcas... Message-ID: <201905140352.x4E3q7iq048225@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Tue May 14 03:52:06 2019 New Revision: 347560 URL: https://svnweb.freebsd.org/changeset/base/347560 Log: MFhead@r347559 Added: projects/runtime-coverage-v2/tests/sys/sys/rb_test.c - copied unchanged from r347559, head/tests/sys/sys/rb_test.c projects/runtime-coverage-v2/tests/sys/sys/splay_test.c - copied unchanged from r347559, head/tests/sys/sys/splay_test.c Deleted: projects/runtime-coverage-v2/lib/libc/powerpc64/string/ projects/runtime-coverage-v2/tests/sys/opencrypto/dpkt.py Modified: projects/runtime-coverage-v2/ObsoleteFiles.inc projects/runtime-coverage-v2/UPDATING projects/runtime-coverage-v2/contrib/netbsd-tests/lib/libc/sys/t_mlock.c projects/runtime-coverage-v2/etc/Makefile projects/runtime-coverage-v2/lib/libc/sys/mlock.2 projects/runtime-coverage-v2/lib/libc/sys/mlockall.2 projects/runtime-coverage-v2/lib/libc/tests/sys/mlock_helper.c projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/Makefile projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.3 projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.c projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.h projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/tests/Makefile projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/tests/sysctl_test.c projects/runtime-coverage-v2/lib/libnetgraph/msg.c projects/runtime-coverage-v2/lib/libsecureboot/Makefile.inc projects/runtime-coverage-v2/lib/libsecureboot/libsecureboot-priv.h projects/runtime-coverage-v2/lib/libsecureboot/local.trust.mk projects/runtime-coverage-v2/lib/libsecureboot/openpgp/Makefile.inc projects/runtime-coverage-v2/lib/libsecureboot/openpgp/opgp_key.c projects/runtime-coverage-v2/lib/libsecureboot/tests/Makefile projects/runtime-coverage-v2/lib/libsecureboot/vets.c projects/runtime-coverage-v2/sbin/ifconfig/ifconfig.c projects/runtime-coverage-v2/stand/common/module.c projects/runtime-coverage-v2/sys/amd64/amd64/mp_machdep.c projects/runtime-coverage-v2/sys/amd64/amd64/support.S projects/runtime-coverage-v2/sys/amd64/conf/GENERIC projects/runtime-coverage-v2/sys/amd64/include/pcpu.h projects/runtime-coverage-v2/sys/amd64/linux/linux.h projects/runtime-coverage-v2/sys/amd64/linux/linux_sysvec.c projects/runtime-coverage-v2/sys/amd64/linux32/linux.h projects/runtime-coverage-v2/sys/amd64/linux32/linux32_machdep.c projects/runtime-coverage-v2/sys/amd64/linux32/linux32_sysvec.c projects/runtime-coverage-v2/sys/amd64/vmm/vmm.c projects/runtime-coverage-v2/sys/arm/allwinner/clkng/aw_clk_nm.c projects/runtime-coverage-v2/sys/arm/allwinner/clkng/aw_clk_prediv_mux.c projects/runtime-coverage-v2/sys/arm/allwinner/clkng/ccu_sun8i_r.c projects/runtime-coverage-v2/sys/arm/conf/std.armv6 projects/runtime-coverage-v2/sys/arm/conf/std.armv7 projects/runtime-coverage-v2/sys/arm64/conf/GENERIC projects/runtime-coverage-v2/sys/arm64/linux/linux.h projects/runtime-coverage-v2/sys/arm64/linux/linux_sysvec.c projects/runtime-coverage-v2/sys/arm64/rockchip/clk/rk3399_cru.c projects/runtime-coverage-v2/sys/arm64/rockchip/clk/rk_clk_pll.c projects/runtime-coverage-v2/sys/arm64/rockchip/clk/rk_clk_pll.h projects/runtime-coverage-v2/sys/compat/linux/linux.c projects/runtime-coverage-v2/sys/compat/linux/linux.h projects/runtime-coverage-v2/sys/compat/linux/linux_common.h projects/runtime-coverage-v2/sys/compat/linux/linux_file.c projects/runtime-coverage-v2/sys/compat/linux/linux_fork.c projects/runtime-coverage-v2/sys/compat/linux/linux_getcwd.c projects/runtime-coverage-v2/sys/compat/linux/linux_ioctl.c projects/runtime-coverage-v2/sys/compat/linux/linux_misc.c projects/runtime-coverage-v2/sys/compat/linux/linux_misc.h projects/runtime-coverage-v2/sys/compat/linux/linux_signal.c projects/runtime-coverage-v2/sys/compat/linux/linux_socket.c projects/runtime-coverage-v2/sys/compat/linux/linux_socket.h projects/runtime-coverage-v2/sys/compat/linux/linux_stats.c projects/runtime-coverage-v2/sys/compat/linuxkpi/common/include/linux/pci.h projects/runtime-coverage-v2/sys/compat/linuxkpi/common/src/linux_pci.c projects/runtime-coverage-v2/sys/conf/kern.post.mk projects/runtime-coverage-v2/sys/contrib/dev/acpica/changes.txt projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcodegen.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcompile.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcompiler.h projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslerror.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslfiles.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslload.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslmain.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslmessages.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslmessages.h projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/asloperands.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslstartup.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslutils.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslwalks.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslxref.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/events/evgpe.c projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/acpixf.h projects/runtime-coverage-v2/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c projects/runtime-coverage-v2/sys/dev/ahci/ahci_generic.c projects/runtime-coverage-v2/sys/dev/dcons/dcons_os.c projects/runtime-coverage-v2/sys/dev/iicbus/twsi/a10_twsi.c projects/runtime-coverage-v2/sys/dev/iicbus/twsi/twsi.c projects/runtime-coverage-v2/sys/dev/random/fortuna.c projects/runtime-coverage-v2/sys/dev/random/ivy.c projects/runtime-coverage-v2/sys/i386/conf/GENERIC projects/runtime-coverage-v2/sys/i386/i386/mp_machdep.c projects/runtime-coverage-v2/sys/i386/include/pcpu.h projects/runtime-coverage-v2/sys/i386/linux/linux.h projects/runtime-coverage-v2/sys/i386/linux/linux_machdep.c projects/runtime-coverage-v2/sys/i386/linux/linux_sysvec.c projects/runtime-coverage-v2/sys/kern/kern_intr.c projects/runtime-coverage-v2/sys/kern/stack_protector.c projects/runtime-coverage-v2/sys/kern/subr_blist.c projects/runtime-coverage-v2/sys/kern/vfs_cache.c projects/runtime-coverage-v2/sys/libkern/arc4random.c projects/runtime-coverage-v2/sys/mips/conf/std.AR_MIPS_BASE projects/runtime-coverage-v2/sys/modules/linprocfs/Makefile projects/runtime-coverage-v2/sys/modules/linsysfs/Makefile projects/runtime-coverage-v2/sys/modules/linux/Makefile projects/runtime-coverage-v2/sys/modules/linux64/Makefile projects/runtime-coverage-v2/sys/modules/linux_common/Makefile projects/runtime-coverage-v2/sys/net/bpf.c projects/runtime-coverage-v2/sys/net/bpf.h projects/runtime-coverage-v2/sys/net/bpfdesc.h projects/runtime-coverage-v2/sys/net/if_tuntap.c projects/runtime-coverage-v2/sys/net/iflib.c projects/runtime-coverage-v2/sys/netinet/ip_output.c projects/runtime-coverage-v2/sys/netinet/netdump/netdump_client.c projects/runtime-coverage-v2/sys/netinet/tcp_hpts.c projects/runtime-coverage-v2/sys/netinet/tcp_input.c projects/runtime-coverage-v2/sys/netinet6/ip6_output.c projects/runtime-coverage-v2/sys/powerpc/aim/mp_cpudep.c projects/runtime-coverage-v2/sys/powerpc/conf/GENERIC projects/runtime-coverage-v2/sys/powerpc/conf/GENERIC64 projects/runtime-coverage-v2/sys/riscv/conf/GENERIC projects/runtime-coverage-v2/sys/riscv/include/pcpu.h projects/runtime-coverage-v2/sys/riscv/riscv/intr_machdep.c projects/runtime-coverage-v2/sys/riscv/riscv/locore.S projects/runtime-coverage-v2/sys/riscv/riscv/machdep.c projects/runtime-coverage-v2/sys/riscv/riscv/mp_machdep.c projects/runtime-coverage-v2/sys/riscv/riscv/pmap.c projects/runtime-coverage-v2/sys/sparc64/conf/GENERIC projects/runtime-coverage-v2/sys/sys/blist.h projects/runtime-coverage-v2/sys/sys/interrupt.h projects/runtime-coverage-v2/sys/sys/param.h projects/runtime-coverage-v2/sys/sys/seqc.h projects/runtime-coverage-v2/sys/sys/vmmeter.h projects/runtime-coverage-v2/sys/vm/swap_pager.c projects/runtime-coverage-v2/sys/vm/vm_glue.c projects/runtime-coverage-v2/sys/vm/vm_map.c projects/runtime-coverage-v2/sys/vm/vm_map.h projects/runtime-coverage-v2/sys/vm/vm_meter.c projects/runtime-coverage-v2/sys/vm/vm_mmap.c projects/runtime-coverage-v2/sys/vm/vm_pageout.c projects/runtime-coverage-v2/sys/vm/vm_pageout.h projects/runtime-coverage-v2/sys/vm/vm_unix.c projects/runtime-coverage-v2/sys/x86/include/x86_smp.h projects/runtime-coverage-v2/sys/x86/x86/mp_x86.c projects/runtime-coverage-v2/tests/sys/opencrypto/Makefile projects/runtime-coverage-v2/tests/sys/opencrypto/runtests.sh projects/runtime-coverage-v2/tests/sys/sys/Makefile projects/runtime-coverage-v2/usr.bin/dtc/fdt.hh projects/runtime-coverage-v2/usr.bin/vmstat/vmstat.c projects/runtime-coverage-v2/usr.sbin/efibootmgr/efibootmgr.c projects/runtime-coverage-v2/usr.sbin/mountd/mountd.c projects/runtime-coverage-v2/usr.sbin/nfsd/nfsd.8 projects/runtime-coverage-v2/usr.sbin/ntp/ntpd/leap-seconds Directory Properties: projects/runtime-coverage-v2/ (props changed) projects/runtime-coverage-v2/contrib/netbsd-tests/ (props changed) projects/runtime-coverage-v2/sys/contrib/dev/acpica/ (props changed) projects/runtime-coverage-v2/sys/contrib/ipfilter/ (props changed) Modified: projects/runtime-coverage-v2/ObsoleteFiles.inc ============================================================================== --- projects/runtime-coverage-v2/ObsoleteFiles.inc Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/ObsoleteFiles.inc Tue May 14 03:52:06 2019 (r347560) @@ -38,6 +38,11 @@ # xargs -n1 | sort | uniq -d; # done +# 20190513: libcap_sysctl interface change +OLD_FILES+=lib/casper/libcap_sysctl.1 +# 20190509: tests/sys/opencrypto requires the net/py-dpkt package. +OLD_FILES+=usr/tests/sys/opencrypto/dpkt.py +OLD_FILES+=usr/tests/sys/opencrypto/dpkt.pyc # 20190304: new libc++ import which bumps version from 7.0.1 to 8.0.0. OLD_FILES+=usr/include/c++/v1/experimental/dynarray # 20190304: new clang import which bumps version from 7.0.1 to 8.0.0. Modified: projects/runtime-coverage-v2/UPDATING ============================================================================== --- projects/runtime-coverage-v2/UPDATING Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/UPDATING Tue May 14 03:52:06 2019 (r347560) @@ -31,7 +31,19 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20190513: + User-wired pages now have their own counter, + vm.stats.vm.v_user_wire_count. The vm.max_wired sysctl was renamed + to vm.max_user_wired and changed from an unsigned int to an unsigned + long. bhyve VMs wired with the -S are now subject to the user + wiring limit; the vm.max_user_wired sysctl may need to be tuned to + avoid running into the limit. + 20190507: + The IPSEC option has been removed from GENERIC. Users requiring + ipsec(4) must now load the ipsec(4) kernel module. + +20190507: The tap(4) driver has been folded into tun(4), and the module has been renamed to tuntap. You should update any kld_load="if_tap" or kld_load="if_tun" entries in /etc/rc.conf, if_tap_load="YES" or @@ -64,13 +76,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: produce warnings in dmesg when the conditions are met. 20190416: - The tunable "security.stack_protect.permit_nonrandom_cookies" may be - set to a non-zero value to boot systems that do not provide early - entropy. Otherwise, such systems may see the panic message: - "cannot initialize stack cookies because random device is not yet - seeded." - -20190416: The loadable random module KPI has changed; the random_infra_init() routine now requires a 3rd function pointer for a bool (*)(void) method that returns true if the random device is seeded (and @@ -88,7 +93,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: The fuse(4) module has been renamed to fusefs(4) for consistency with other filesystems. You should update any kld_load="fuse" entries in /etc/rc.conf, fuse_load="YES" entries in /boot/loader.conf, and - "options FUSE" enties in kernel config files. + "options FUSE" entries in kernel config files. 20190304: Clang, llvm, lld, lldb, compiler-rt and libc++ have been upgraded to @@ -152,7 +157,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: 20181211: Remove the timed and netdate programs from the base tree. Setting - the time with these deamons has been obsolete for over a decade. + the time with these daemons has been obsolete for over a decade. 20181126: On amd64, arm64 and armv7 (architectures that install LLVM's ld.lld @@ -215,7 +220,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: 20181009: OpenSSL has been updated to version 1.1.1. This update included - additional various API changes througout the base system. It is + additional various API changes throughout the base system. It is important to rebuild third-party software after upgrading. The value of __FreeBSD_version has been bumped accordingly. @@ -312,13 +317,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: 20180719: ARM64 now have efifb support, if you want to have serial console on your arm64 board when an screen is connected and the bootloader - setup a framebuffer for us to use, just add : + setup a frame buffer for us to use, just add : boot_serial=YES boot_multicons=YES in /boot/loader.conf For Raspberry Pi 3 (RPI) users, this is needed even if you don't have - an screen connected as the firmware will setup a framebuffer are that - u-boot will expose as an EFI framebuffer. + an screen connected as the firmware will setup a frame buffer are that + u-boot will expose as an EFI frame buffer. 20180719: New uid:gid added, ntpd:ntpd (123:123). Be sure to run mergemaster @@ -417,7 +422,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: 20180508: The nxge(4) driver has been removed. This driver was for PCI-X 10g - cards made by s2io/Neterion. The company was aquired by Exar and + cards made by s2io/Neterion. The company was acquired by Exar and no longer sells or supports Ethernet products. If you have device nxge in your kernel config file it must be removed. @@ -508,7 +513,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: 20180212: FreeBSD boot loader enhanced with Lua scripting. It's purely opt-in for now by building WITH_LOADER_LUA and WITHOUT_FORTH in /etc/src.conf. - Co-existance for the transition period will come shortly. Booting is a + Co-existence for the transition period will come shortly. Booting is a complex environment and test coverage for Lua-enabled loaders has been thin, so it would be prudent to assume it might not work and make provisions for backup boot methods. Modified: projects/runtime-coverage-v2/contrib/netbsd-tests/lib/libc/sys/t_mlock.c ============================================================================== --- projects/runtime-coverage-v2/contrib/netbsd-tests/lib/libc/sys/t_mlock.c Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/contrib/netbsd-tests/lib/libc/sys/t_mlock.c Tue May 14 03:52:06 2019 (r347560) @@ -51,7 +51,7 @@ __RCSID("$NetBSD: t_mlock.c,v 1.6 2016/08/09 12:02:44 #define _KMEMUSER #include <machine/vmparam.h> -void set_vm_max_wired(int); +void set_vm_max_wired(u_long); void restore_vm_max_wired(void); #endif Modified: projects/runtime-coverage-v2/etc/Makefile ============================================================================== --- projects/runtime-coverage-v2/etc/Makefile Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/etc/Makefile Tue May 14 03:52:06 2019 (r347560) @@ -18,10 +18,15 @@ BIN1= \ group \ login.access \ rc.bsdextended \ + rc.firewall \ termcap.small # NB: keep these sorted by MK_* knobs +.if ${MK_SENDMAIL} != "no" +BIN1+= rc.sendmail +.endif + .if ${MK_SENDMAIL} == "no" ETCMAIL=mailer.conf aliases .else @@ -58,20 +63,10 @@ distribution: @echo "set DESTDIR before running \"make ${.TARGET}\"" @false .endif -.if ${MK_SENDMAIL} != "no" cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 -T "tags=package=sendmail"\ - rc.sendmail ${DESTDIR}/etc; -.endif -.if ${MK_IPFW} != "no" - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 -T "tags=package=ipfw"\ - rc.firewall ${DESTDIR}/etc; -.endif - cd ${.CURDIR}; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 -T "tags=package=runtime"\ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${BIN1} ${DESTDIR}/etc; \ - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 -T "tags=package=runtime"\ + ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \ master.passwd ${DESTDIR}/etc; .if ${MK_TCSH} == "no" Modified: projects/runtime-coverage-v2/lib/libc/sys/mlock.2 ============================================================================== --- projects/runtime-coverage-v2/lib/libc/sys/mlock.2 Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libc/sys/mlock.2 Tue May 14 03:52:06 2019 (r347560) @@ -28,7 +28,7 @@ .\" @(#)mlock.2 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd March 20, 2018 +.Dd May 13, 2019 .Dt MLOCK 2 .Os .Sh NAME @@ -97,13 +97,13 @@ resource limit and the system-wide .Dq wired pages limit -.Va vm.max_wired . -.Va vm.max_wired +.Va vm.max_user_wired . +.Va vm.max_user_wired applies to the system as a whole, so the amount available to a single process at any given time is the difference between -.Va vm.max_wired +.Va vm.max_user_wired and -.Va vm.stats.vm.v_wire_count . +.Va vm.stats.vm.v_user_wire_count . .Pp If .Va security.bsd.unprivileged_mlock @@ -124,13 +124,11 @@ will fail if: is set to 0 and the caller is not the super-user. .It Bq Er EINVAL The address range given wraps around zero. -.It Bq Er EAGAIN -Locking the indicated range would exceed the system limit for locked memory. .It Bq Er ENOMEM Some portion of the indicated address range is not allocated. There was an error faulting/mapping a page. -Locking the indicated range would exceed the per-process limit for locked -memory. +Locking the indicated range would exceed the per-process or system-wide limits +for locked memory. .El The .Fn munlock @@ -171,11 +169,11 @@ system calls first appeared in Allocating too much wired memory can lead to a memory-allocation deadlock which requires a reboot to recover from. .Pp -The per-process resource limit is a limit on the amount of virtual -memory locked, while the system-wide limit is for the number of locked -physical pages. -Hence a process with two distinct locked mappings of the same physical page -counts as 2 pages against the per-process limit and as only a single page -in the system limit. +The per-process and system-wide resource limits of locked memory apply +to the amount of virtual memory locked, not the amount of locked physical +pages. +Hence two distinct locked mappings of the same physical page counts as +2 pages aginst the system limit, and also against the per-process limit +if both mappings belong to the same physical map. .Pp The per-process resource limit is not currently supported. Modified: projects/runtime-coverage-v2/lib/libc/sys/mlockall.2 ============================================================================== --- projects/runtime-coverage-v2/lib/libc/sys/mlockall.2 Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libc/sys/mlockall.2 Tue May 14 03:52:06 2019 (r347560) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 25, 2012 +.Dd May 13, 2019 .Dt MLOCKALL 2 .Os .Sh NAME @@ -69,7 +69,7 @@ limited in how much they can lock down. A single process can lock the minimum of a system-wide .Dq wired pages limit -.Va vm.max_wired +.Va vm.max_user_wired and the per-process .Dv RLIMIT_MEMLOCK resource limit. @@ -138,9 +138,9 @@ and functions first appeared in .Fx 5.1 . .Sh BUGS -The per-process resource limit is a limit on the amount of virtual -memory locked, while the system-wide limit is for the number of locked -physical pages. -Hence a process with two distinct locked mappings of the same physical page -counts as 2 pages against the per-process limit and as only a single page -in the system limit. +The per-process and system-wide resource limits of locked memory apply +to the amount of virtual memory locked, not the amount of locked physical +pages. +Hence two distinct locked mappings of the same physical page counts as +2 pages aginst the system limit, and also against the per-process limit +if both mappings belong to the same physical map. Modified: projects/runtime-coverage-v2/lib/libc/tests/sys/mlock_helper.c ============================================================================== --- projects/runtime-coverage-v2/lib/libc/tests/sys/mlock_helper.c Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libc/tests/sys/mlock_helper.c Tue May 14 03:52:06 2019 (r347560) @@ -39,16 +39,16 @@ __FBSDID("$FreeBSD$"); #include <limits.h> #include <stdio.h> -#define VM_MAX_WIRED "vm.max_wired" +#define VM_MAX_WIRED "vm.max_user_wired" static void -vm_max_wired_sysctl(int *old_value, int *new_value) +vm_max_wired_sysctl(u_long *old_value, u_long *new_value) { size_t old_len; - size_t new_len = (new_value == NULL ? 0 : sizeof(int)); + size_t new_len = (new_value == NULL ? 0 : sizeof(*new_value)); if (old_value == NULL) - printf("Setting the new value to %d\n", *new_value); + printf("Setting the new value to %lu\n", *new_value); else { ATF_REQUIRE_MSG(sysctlbyname(VM_MAX_WIRED, NULL, &old_len, new_value, new_len) == 0, @@ -60,14 +60,14 @@ vm_max_wired_sysctl(int *old_value, int *new_value) "sysctlbyname(%s) failed: %s", VM_MAX_WIRED, strerror(errno)); if (old_value != NULL) - printf("Saved the old value (%d)\n", *old_value); + printf("Saved the old value (%lu)\n", *old_value); } void -set_vm_max_wired(int new_value) +set_vm_max_wired(u_long new_value) { FILE *fp; - int old_value; + u_long old_value; fp = fopen(VM_MAX_WIRED, "w"); if (fp == NULL) { @@ -78,7 +78,7 @@ set_vm_max_wired(int new_value) vm_max_wired_sysctl(&old_value, NULL); - ATF_REQUIRE_MSG(fprintf(fp, "%d", old_value) > 0, + ATF_REQUIRE_MSG(fprintf(fp, "%lu", old_value) > 0, "saving %s failed", VM_MAX_WIRED); fclose(fp); @@ -90,7 +90,7 @@ void restore_vm_max_wired(void) { FILE *fp; - int saved_max_wired; + u_long saved_max_wired; fp = fopen(VM_MAX_WIRED, "r"); if (fp == NULL) { @@ -98,14 +98,14 @@ restore_vm_max_wired(void) return; } - if (fscanf(fp, "%d", &saved_max_wired) != 1) { + if (fscanf(fp, "%lu", &saved_max_wired) != 1) { perror("fscanf failed\n"); fclose(fp); return; } fclose(fp); - printf("old value in %s: %d\n", VM_MAX_WIRED, saved_max_wired); + printf("old value in %s: %lu\n", VM_MAX_WIRED, saved_max_wired); if (saved_max_wired == 0) /* This will cripple the test host */ return; Modified: projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/Makefile ============================================================================== --- projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/Makefile Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/Makefile Tue May 14 03:52:06 2019 (r347560) @@ -6,7 +6,7 @@ SHLIBDIR?= /lib/casper PACKAGE=libcasper -SHLIB_MAJOR= 1 +SHLIB_MAJOR= 2 INCSDIR?= ${INCLUDEDIR}/casper .if ${MK_CASPER} != "no" @@ -25,8 +25,12 @@ HAS_TESTS= SUBDIR.${MK_TESTS}+= tests MAN+= cap_sysctl.3 - -MLINKS+=cap_sysctl.3 libcap_sysctl.3 -MLINKS+=cap_sysctl.3 cap_sysctlbyname.3 +MLINKS+=cap_sysctl.3 libcap_sysctl.3 \ + cap_sysctl.3 cap_sysctlbyname.3 \ + cap_sysctl.3 cap_nametomib.3 \ + cap_sysctl.3 cap_sysctl_limit_init.3 \ + cap_sysctl.3 cap_sysctl_limit_mib.3 \ + cap_sysctl.3 cap_sysctl_limit_name.3 \ + cap_sysctl.3 cap_sysctl_limit.3 .include <bsd.lib.mk> Modified: projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.3 ============================================================================== --- projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.3 Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.3 Tue May 14 03:52:06 2019 (r347560) @@ -24,72 +24,113 @@ .\" .\" $FreeBSD$ .\" -.Dd March 18, 2018 +.Dd May 13, 2019 .Dt CAP_SYSCTL 3 .Os .Sh NAME -.Nm cap_sysctlbyname +.Nm cap_sysctl .Nd "library for getting or setting system information in capability mode" .Sh LIBRARY .Lb libcap_sysctl .Sh SYNOPSIS -.In sys/nv.h .In libcasper.h .In casper/cap_sysctl.h .Ft int -.Fn cap_sysctlbyname "cap_channel_t *chan" " const char *name" " void *oldp" " size_t *oldlenp" " const void *newp" " size_t newlen" +.Fn cap_sysctl "cap_channel_t *chan" "const int *name" "u_int namelen" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" +.Ft int +.Fn cap_sysctlbyname "cap_channel_t *chan" "const char *name" "void *oldp" "size_t *oldlenp" "const void *newp" "size_t newlen" +.Ft int +.Fn cap_sysctlnametomib "cap_channel_t *chan" "const char *name" "int *mibp" "size_t *sizep" +.Ft void * +.Fn cap_sysctl_limit_init "cap_channel_t *chan" +.Ft void * +.Fn cap_sysctl_limit_name "void *limit" "const char *name" "int flags" +.Ft void * +.Fn cap_sysctl_limit_mib "void *limit" "int *mibp" "u_int miblen" "int flags" +.Ft int +.Fn cap_sysctl_limit "void *limit" .Sh DESCRIPTION -The function +The +.Fn cap_sysctl , .Fn cap_sysctlbyname -is equivalent to +and +.Fn cap_sysctlnametomib +functions are equivalent to +.Xr sysctl 3 , .Xr sysctlbyname 3 -except that the connection to the -.Nm system.sysctl -service needs to be provided. +and +.Xr sysctlnametomib 3 , +except that they are implemented by the +.Ql system.sysctl +.Xr libcasper 3 +service and require a corresponding +.Xr libcasper 3 +capability. .Sh LIMITS -The service can be limited using -.Xr cap_limit_set 3 -function. +By default, the +.Nm +capability provides unrestricted access to the sysctl namespace. +Applications typically only require access to a small number of sysctl +variables; the +.Fn cap_sysctl_limit +interface can be used to restrict the sysctls that can be accessed using +the +.Nm +capability. +.Fn cap_sysctl_limit_init +returns an opaque limit handle used to store a list of permitted sysctls +and access rights. +Rights are encoded using the following flags: +.Pp +.Bd -literal -offset indent -compact +CAP_SYSCTL_READ allow reads of the sysctl variable +CAP_SYSCTL_WRITE allow writes of the sysctl variable +CAP_SYSCTL_RDWR allow reads and writes of the sysctl variable +CAP_RECURSIVE permit access to any child of the sysctl variable +.Ed +.Pp The -.Xr nvlist 9 -for that function can contain the following values and types: -.Bl -ohang -offset indent -.It ( NV_TYPE_NUMBER ) -The name of the element with type number will be treated as the limited sysctl. -The value of the element will describe the access rights for given sysctl. -There are four different rights +.Fn cap_sysctl_limit_name +function adds the sysctl identified by +.Ar name +to the limit list, and +.Fn cap_sysctl_limit_mib +function adds the sysctl identified by +.Ar mibp +to the limit list. +The access rights for the sysctl are specified in the +.Ar flags +parameter; at least one of .Dv CAP_SYSCTL_READ , -.Dv CAP_SYSCTL_WRITE , -.Dv CAP_SYSCTL_RDWR , +.Dv CAP_SYSCTL_WRITE and -.Dv CAP_SYSCTL_RECURSIVE . -The -.Dv CAP_SYSCTL_READ -flag allows to fetch the value of a given sysctl. -The -.Dv CAP_SYSCTL_WIRTE -flag allows to override the value of a given sysctl. -The .Dv CAP_SYSCTL_RDWR -is combination of the -.Dv CAP_SYSCTL_WIRTE -and -.Dv CAP_SYSCTL_READ -and allows to read and write the value of a given sysctl. -The -.Dv CAP_SYSCTL_RECURSIVE -allows access to all children of a given sysctl. -This right must be combined with at least one other right. +must be specified. +.Fn cap_sysctl_limit +applies a set of sysctl limits to the capability, denying access to sysctl +variables not belonging to the set. +.Pp +Once a set of limits is applied, subsequent calls to +.Fn cap_sysctl_limit +will fail unless the new set is a subset of the current set. +.Pp +.Fn cap_sysctlnametomib +will succeed so long as the named sysctl variable is present in the limit set, +regardless of its access rights. +When a sysctl variable name is added to a limit set, its MIB identifier is +automatically added to the set. .Sh EXAMPLES -The following example first opens a capability to casper and then uses this +The following example first opens a capability to casper, uses this capability to create the .Nm system.sysctl -casper service and uses it to get the value of +casper service, and then uses the +.Nm +capability to get the value of .Dv kern.trap_enotcap . .Bd -literal cap_channel_t *capcas, *capsysctl; const char *name = "kern.trap_enotcap"; -nvlist_t *limits; +void *limit; int value; size_t size; @@ -111,11 +152,11 @@ if (capsysctl == NULL) cap_close(capcas); /* Create limit for one MIB with read access only. */ -limits = nvlist_create(0); -nvlist_add_number(limits, name, CAP_SYSCTL_READ); +limit = cap_sysctl_limit_init(capsysctl); +(void)cap_sysctl_limit_name(limit, name, CAP_SYSCTL_READ); /* Limit system.sysctl. */ -if (cap_limit_set(capsysctl, limits) < 0) +if (cap_sysctl_limit(limit) < 0) err(1, "Unable to set limits"); /* Fetch value. */ @@ -129,7 +170,9 @@ cap_close(capsysctl); .Sh SEE ALSO .Xr cap_enter 2 , .Xr err 3 , +.Xr sysctl 3 , .Xr sysctlbyname 3 , +.Xr sysctlnametomib 3 , .Xr capsicum 4 , .Xr nv 9 .Sh AUTHORS Modified: projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.c ============================================================================== --- projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.c Tue May 14 03:08:37 2019 (r347559) +++ projects/runtime-coverage-v2/lib/libcasper/services/cap_sysctl/cap_sysctl.c Tue May 14 03:52:06 2019 (r347560) @@ -1,12 +1,15 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * - * Copyright (c) 2013 The FreeBSD Foundation + * Copyright (c) 2013, 2018 The FreeBSD Foundation * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * + * Portions of this software were developed by Mark Johnston + * under sponsorship from the FreeBSD Foundation. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -32,9 +35,11 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); -#include <sys/types.h> -#include <sys/sysctl.h> +#include <sys/param.h> +#include <sys/cnv.h> +#include <sys/dnv.h> #include <sys/nv.h> +#include <sys/sysctl.h> #include <assert.h> #include <errno.h> @@ -46,24 +51,117 @@ __FBSDID("$FreeBSD$"); #include "cap_sysctl.h" +/* + * Limit interface. + */ + +struct cap_sysctl_limit { + cap_channel_t *chan; + nvlist_t *nv; +}; + +cap_sysctl_limit_t * +cap_sysctl_limit_init(cap_channel_t *chan) +{ + cap_sysctl_limit_t *limit; + int error; + + limit = malloc(sizeof(*limit)); + if (limit != NULL) { + limit->chan = chan; + limit->nv = nvlist_create(NV_FLAG_NO_UNIQUE); + if (limit->nv == NULL) { + error = errno; + free(limit); + limit = NULL; + errno = error; + } + } + return (limit); +} + +cap_sysctl_limit_t * +cap_sysctl_limit_name(cap_sysctl_limit_t *limit, const char *name, int flags) +{ + nvlist_t *lnv; + size_t mibsz; + int error, mib[CTL_MAXNAME]; + + lnv = nvlist_create(0); + if (lnv == NULL) { + error = errno; + if (limit->nv != NULL) + nvlist_destroy(limit->nv); + free(limit); + errno = error; + return (NULL); + } + nvlist_add_string(lnv, "name", name); + nvlist_add_number(lnv, "operation", flags); + + mibsz = nitems(mib); + error = cap_sysctlnametomib(limit->chan, name, mib, &mibsz); + if (error == 0) + nvlist_add_binary(lnv, "mib", mib, mibsz * sizeof(int)); + + nvlist_move_nvlist(limit->nv, "limit", lnv); + return (limit); +} + +cap_sysctl_limit_t * +cap_sysctl_limit_mib(cap_sysctl_limit_t *limit, int *mibp, u_int miblen, + int flags) +{ + nvlist_t *lnv; + int error; + + lnv = nvlist_create(0); + if (lnv == NULL) { + error = errno; + if (limit->nv != NULL) + nvlist_destroy(limit->nv); + free(limit); + errno = error; + return (NULL); + } + nvlist_add_binary(lnv, "mib", mibp, miblen * sizeof(int)); + nvlist_add_number(lnv, "operation", flags); + nvlist_add_nvlist(limit->nv, "limit", lnv); + return (limit); +} + int -cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp, - size_t *oldlenp, const void *newp, size_t newlen) +cap_sysctl_limit(cap_sysctl_limit_t *limit) { - nvlist_t *nvl; + cap_channel_t *chan; + nvlist_t *lnv; + + chan = limit->chan; + lnv = limit->nv; + free(limit); + + /* cap_limit_set(3) will always free the nvlist. */ + return (cap_limit_set(chan, lnv)); +} + +/* + * Service interface. + */ + +static int +do_sysctl(cap_channel_t *chan, nvlist_t *nvl, void *oldp, size_t *oldlenp, + const void *newp, size_t newlen) +{ const uint8_t *retoldp; - uint8_t operation; size_t oldlen; + int error; + uint8_t operation; operation = 0; - if (oldp != NULL) + if (oldlenp != NULL) operation |= CAP_SYSCTL_READ; if (newp != NULL) operation |= CAP_SYSCTL_WRITE; - - nvl = nvlist_create(0); - nvlist_add_string(nvl, "cmd", "sysctl"); - nvlist_add_string(nvl, "name", name); nvlist_add_number(nvl, "operation", (uint64_t)operation); if (oldp == NULL && oldlenp != NULL) nvlist_add_null(nvl, "justsize"); @@ -71,12 +169,14 @@ cap_sysctlbyname(cap_channel_t *chan, const char *name nvlist_add_number(nvl, "oldlen", (uint64_t)*oldlenp); if (newp != NULL) nvlist_add_binary(nvl, "newp", newp, newlen); + nvl = cap_xfer_nvlist(chan, nvl); if (nvl == NULL) return (-1); - if (nvlist_get_number(nvl, "error") != 0) { - errno = (int)nvlist_get_number(nvl, "error"); + error = (int)dnvlist_get_number(nvl, "error", 0); + if (error != 0) { nvlist_destroy(nvl); + errno = error; return (-1); } @@ -88,21 +188,87 @@ cap_sysctlbyname(cap_channel_t *chan, const char *name if (oldlenp != NULL) *oldlenp = oldlen; } + nvlist_destroy(nvl); return (0); } +int +cap_sysctl(cap_channel_t *chan, const int *name, u_int namelen, void *oldp, + size_t *oldlenp, const void *newp, size_t newlen) +{ + nvlist_t *req; + + req = nvlist_create(0); + nvlist_add_string(req, "cmd", "sysctl"); + nvlist_add_binary(req, "mib", name, (size_t)namelen * sizeof(int)); + return (do_sysctl(chan, req, oldp, oldlenp, newp, newlen)); +} + +int +cap_sysctlbyname(cap_channel_t *chan, const char *name, void *oldp, + size_t *oldlenp, const void *newp, size_t newlen) +{ + nvlist_t *req; + + req = nvlist_create(0); + nvlist_add_string(req, "cmd", "sysctlbyname"); + nvlist_add_string(req, "name", name); + return (do_sysctl(chan, req, oldp, oldlenp, newp, newlen)); +} + +int +cap_sysctlnametomib(cap_channel_t *chan, const char *name, int *mibp, + size_t *sizep) +{ + nvlist_t *req; + const void *mib; + size_t mibsz; + int error; + + req = nvlist_create(0); + nvlist_add_string(req, "cmd", "sysctlnametomib"); + nvlist_add_string(req, "name", name); + nvlist_add_number(req, "operation", 0); + nvlist_add_number(req, "size", (uint64_t)*sizep); + + req = cap_xfer_nvlist(chan, req); + if (req == NULL) + return (-1); + error = (int)dnvlist_get_number(req, "error", 0); + if (error != 0) { + nvlist_destroy(req); + errno = error; + return (-1); + } + + mib = nvlist_get_binary(req, "mib", &mibsz); + *sizep = mibsz / sizeof(int); + + memcpy(mibp, mib, mibsz); + + nvlist_destroy(req); + + return (0); +} + /* - * Service functions. + * Service implementation. */ + +/* + * Validate a sysctl description. This must consist of an nvlist with either a + * binary "mib" field or a string "name", and an operation. + */ static int -sysctl_check_one(const nvlist_t *nvl, bool islimit) +sysctl_valid(const nvlist_t *nvl, bool limit) { const char *name; void *cookie; int type; - unsigned int fields; + size_t size; + unsigned int field, fields; /* NULL nvl is of course invalid. */ if (nvl == NULL) @@ -111,84 +277,120 @@ sysctl_check_one(const nvlist_t *nvl, bool islimit) return (nvlist_error(nvl)); #define HAS_NAME 0x01 -#define HAS_OPERATION 0x02 +#define HAS_MIB 0x02 +#define HAS_ID (HAS_NAME | HAS_MIB) +#define HAS_OPERATION 0x04 fields = 0; cookie = NULL; while ((name = nvlist_next(nvl, &type, &cookie)) != NULL) { - /* We accept only one 'name' and one 'operation' in nvl. */ - if (strcmp(name, "name") == 0) { - if (type != NV_TYPE_STRING) + if ((strcmp(name, "name") == 0 && type == NV_TYPE_STRING) || + (strcmp(name, "mib") == 0 && type == NV_TYPE_BINARY)) { + if (strcmp(name, "mib") == 0) { + /* A MIB must be an array of integers. */ + (void)cnvlist_get_binary(cookie, &size); + if (size % sizeof(int) != 0) + return (EINVAL); + field = HAS_MIB; + } else + field = HAS_NAME; + + /* + * A limit may contain both a name and a MIB identifier. + */ + if ((fields & field) != 0 || + (!limit && (fields & HAS_ID) != 0)) return (EINVAL); - /* Only one 'name' can be present. */ - if ((fields & HAS_NAME) != 0) - return (EINVAL); - fields |= HAS_NAME; + fields |= field; } else if (strcmp(name, "operation") == 0) { - uint64_t operation; + uint64_t mask, operation; if (type != NV_TYPE_NUMBER) return (EINVAL); + + operation = cnvlist_get_number(cookie); + /* - * We accept only CAP_SYSCTL_READ and - * CAP_SYSCTL_WRITE flags. + * Requests can only include the RDWR flags; limits may + * also include the RECURSIVE flag. */ - operation = nvlist_get_number(nvl, name); - if ((operation & ~(CAP_SYSCTL_RDWR)) != 0) + mask = limit ? (CAP_SYSCTL_RDWR | + CAP_SYSCTL_RECURSIVE) : CAP_SYSCTL_RDWR; + if ((operation & ~limit) != 0 || + (operation & CAP_SYSCTL_RDWR) == 0) return (EINVAL); - /* ...but there has to be at least one of them. */ - if ((operation & (CAP_SYSCTL_RDWR)) == 0) - return (EINVAL); /* Only one 'operation' can be present. */ if ((fields & HAS_OPERATION) != 0) return (EINVAL); fields |= HAS_OPERATION; - } else if (islimit) { - /* If this is limit, there can be no other fields. */ + } else if (limit) return (EINVAL); - } } - /* Both fields has to be there. */ - if (fields != (HAS_NAME | HAS_OPERATION)) + if ((fields & HAS_OPERATION) == 0 || (fields & HAS_ID) == 0) return (EINVAL); -#undef HAS_OPERATION -#undef HAS_NAME +#undef HAS_OPERATION +#undef HAS_ID +#undef HAS_MIB +#undef HAS_NAME return (0); } static bool -sysctl_allowed(const nvlist_t *limits, const char *chname, uint64_t choperation) +sysctl_allowed(const nvlist_t *limits, const nvlist_t *req) { - uint64_t operation; - const char *name; + const nvlist_t *limit; + uint64_t op, reqop; + const char *lname, *name, *reqname; void *cookie; + size_t lsize, reqsize; + const int *lmib, *reqmib; int type; if (limits == NULL) return (true); + reqmib = dnvlist_get_binary(req, "mib", &reqsize, NULL, 0); + reqname = dnvlist_get_string(req, "name", NULL); + reqop = nvlist_get_number(req, "operation"); + cookie = NULL; while ((name = nvlist_next(limits, &type, &cookie)) != NULL) { - assert(type == NV_TYPE_NUMBER); + assert(type == NV_TYPE_NVLIST); - operation = nvlist_get_number(limits, name); - if ((operation & choperation) != choperation) + limit = cnvlist_get_nvlist(cookie); + op = nvlist_get_number(limit, "operation"); + if ((reqop & op) != reqop) continue; - if ((operation & CAP_SYSCTL_RECURSIVE) == 0) { - if (strcmp(name, chname) != 0) + if (reqname != NULL) { + lname = dnvlist_get_string(limit, "name", NULL); + if (lname == NULL) continue; - } else { - size_t namelen; + if ((op & CAP_SYSCTL_RECURSIVE) == 0) { + if (strcmp(lname, reqname) != 0) + continue; + } else { + size_t namelen; - namelen = strlen(name); - if (strncmp(name, chname, namelen) != 0) + namelen = strlen(lname); + if (strncmp(lname, reqname, namelen) != 0) + continue; + if (reqname[namelen] != '.' && + reqname[namelen] != '\0') + continue; + } + } else { + lmib = dnvlist_get_binary(limit, "mib", &lsize, NULL, 0); + if (lmib == NULL) continue; - if (chname[namelen] != '.' && chname[namelen] != '\0') + if (lsize > reqsize || ((op & CAP_SYSCTL_RECURSIVE) == 0 && + lsize < reqsize)) continue; + if (memcmp(lmib, reqmib, lsize) != 0) + continue; } return (true); @@ -200,21 +402,20 @@ sysctl_allowed(const nvlist_t *limits, const char *chn static int sysctl_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits) { + const nvlist_t *nvl; const char *name; void *cookie; - uint64_t operation; - int type; + int error, type; cookie = NULL; while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) { - if (type != NV_TYPE_NUMBER) + if (strcmp(name, "limit") != 0 || type != NV_TYPE_NVLIST) return (EINVAL); - operation = nvlist_get_number(newlimits, name); - if ((operation & ~(CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE)) != 0) - return (EINVAL); - if ((operation & (CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE)) == 0) - return (EINVAL); - if (!sysctl_allowed(oldlimits, name, operation)) + nvl = cnvlist_get_nvlist(cookie); + error = sysctl_valid(nvl, true); + if (error != 0) + return (error); + if (!sysctl_allowed(oldlimits, nvl)) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905140352.x4E3q7iq048225>