hselasky [Thu, 8 Oct 2015 08:55:34 +0000 (08:55 +0000)]
MFC r287775:
Update TSO limits to include all headers.
To make driver programming easier the TSO limits are changed to
reflect the values used in the BUSDMA tag a network adapter driver is
using. The TCP/IP network stack will subtract space for all linklevel
and protocol level headers and ensure that the full mbuf chain passed
to the network adapter fits within the given limits. See r287775
for a more detailed description.
hselasky [Thu, 8 Oct 2015 08:06:23 +0000 (08:06 +0000)]
MFC r284915:
Make the system queue header file fully usable within C++ programs by
adding macros to define class lists.
This change is backwards compatible for all use within C and C++
programs. Only C++ programs will have added support to use the queue
macros within classes. Previously the queue macros could only be used
within structures.
The queue.3 manual page has been updated to describe the new
functionality and some alphabetic sorting has been done while
at it.
hselasky [Thu, 8 Oct 2015 07:19:57 +0000 (07:19 +0000)]
MFC r288180:
Implement support for reading USB quirks from the kernel environment.
Refer to the usb_quirk(4) manual page for more details on how to use
this new feature.
Submitted by: Maxime Soule <btik-fbsd@scoubidou.com>
PR: 203249
jhb [Wed, 7 Oct 2015 00:50:26 +0000 (00:50 +0000)]
MFC 287870:
Always clear TDB_USERWR before fetching system call arguments. The
TDB_USERWR flag may still be set after a debugger detaches from a
process via PT_DETACH. Previously the flag would never be cleared
forcing a double fetch of the system call arguments for each system
call. Note that the flag cannot be cleared at PT_DETACH time in case
one of the threads in the process is currently stopped in
syscallenter() and the debugger has modified the arguments for that
pending system call before detaching.
jhb [Wed, 7 Oct 2015 00:33:44 +0000 (00:33 +0000)]
MFC 287864:
When a process group leader exits, all of the processes in the group are
sent SIGHUP and SIGCONT if any of the processes are stopped. Currently this
behavior is triggered for any type of process stop including ptrace() stops
and transient stops for single threading during exit() and execve().
Thus, if a debugger is attached to a process in a group when the leader
exits, the entire group can be HUPed. Instead, only send the signals if a
process in the group is stopped due to SIGSTOP.
jhb [Tue, 6 Oct 2015 22:28:28 +0000 (22:28 +0000)]
MFC 287833:
Threads holding a read lock of a sleepable rm lock are not permitted
to sleep. The rmlock implementation enforces this by disabling
sleeping when a read lock is acquired. To simplify the implementation,
sleeping is disabled for most of the duration of rm_rlock. However,
it doesn't need to be disabled until the lock is acquired. If a
sleepable rm lock is contested, then rm_rlock may need to acquire the
backing sx lock. This tripped the overly-broad assertion. Fix by
relaxing the assertion around the call to sx_xlock().
jhb [Thu, 1 Oct 2015 21:54:43 +0000 (21:54 +0000)]
MFC 286256:
kgdb uses td_oncpu to determine if a thread is running and should use
a pcb from stoppcbs[] rather than the thread's PCB. However, exited threads
retained td_oncpu from the last time they ran, and newborn threads had their
CPU fields cleared to zero during fork and thread creation since they are
in the set of fields zeroed when threads are setup. To fix, explicitly
update the CPU fields for exiting threads in sched_throw() to reflect the
switch out and reset the CPU fields for new threads in sched_fork_thread()
to NOCPU.
The Sun RPC framework uses a netbuf structure to represent the
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Use strlcpy() in favor of strncpy() as it's defined to have a nul character
at the end of string buffer, and the code context do expects this to behave
correctly (e.g. strchr).
dim [Tue, 22 Sep 2015 22:07:42 +0000 (22:07 +0000)]
MFC r286699:
In gcc's libcpp, stop using the INTTYPE_MAXIMUM() macro, which relies on
undefined behavior. The code used this macro to avoid problems on some
broken systems which define SSIZE_MAX incorrectly, but this is not
needed on FreeBSD, obviously.
MFC r287238:
Set DMA alignment constraint of status, TX and RX LEs(List Elements
in Marvell terms) to 32768. 32768 looks overkill but it will
ensure correct DMAed update. This change addresses occasional
watchdog timeouts reported on 10.2-RELEASE.
MFC r287320:
- uri is expected to be nul-terminated (strchr used later),
so use strlcpy instead of strncpy.
- replace the other two cases of strncpy+\0 with strlcpy.
MFC r286887: Using the error return code documented in the comment.
Though there is no direct midi_uninit() caller amongst existing drivers
at this moment, a quick experiment indicates that EBUSY gives users more
precise error message once drivers start to honour this result. For example,
emu_midi_detach() should check the result of mpu401_uninit() and block
module unloading if there is any MIDI I/O in progress.
ed [Mon, 14 Sep 2015 09:31:00 +0000 (09:31 +0000)]
MFC r286798 and r286827:
Stop parsing digits if the value already exceeds UINT_MAX / 100.
There is no need for us to support parsing values that are larger than
the maximum terminal window size. In this case that would be the maximum
of unsigned short.
The problem with parsing larger values is that they can cause integer
overflows when adjusting the cursor position, leading to all sorts of
failing assertions.
MFC r286981 and r287098:
Don't truncate cursor arithmetic to 16 bits.
When updating the row number when the cursor position escape sequence is
issued, we should make sure to store the intermediate result in a 32-bit
integer. If we fail to do this, the cursor may be set above the origin
region, which is bad.
This could cause libteken to crash when INVARIANTS is enabled, due to
the strict set of assertions that libteken has.
MFC 287440:
Currently the Linux character device mmap handling only supports mmap
operations that map a single page that has an associated vm_page_t.
This does not permit mapping larger regions (such as a PCI memory
BAR) and it does not permit mapping addresses beyond the top of RAM
(such as a 64-bit BAR located above the top of RAM).
Instead of using a single OBJT_DEVICE object and passing the physaddr via
the offset as a hack, create a new sglist and OBJT_SG object for each
mmap request. The requested memory attribute is applied to the object
thus affecting all pages mapped by the request.
MFC 283281,283282,283562,286158:
Various fixes to orphan handling which also fix issues with following
forks. Unlike the changes in HEAD, this merge does not include the
changes to the ATF ptrace test since ATF is not present in 9.
283281:
Always set p_oppid when attaching to an existing process via procfs
tracing. This matches the behavior of ptrace(PT_ATTACH). Also,
the procfs detach request assumes p_oppid is always set.
283282:
Only reparent a traced process to its old parent if the tracing process is
not the old parent. Otherwise, proc_reap() will leave the zombie in place
resulting in the process' status being returned twice to its parent.
283562:
Do not allow a process to reap an orphan (a child currently being
traced by another process such as a debugger). The parent process does
need to check for matching orphan pids to avoid returning ECHILD if an
orphan has exited, but it should not return the exited status for the
child until after the debugger has detached from the orphan process
either explicitly or implicitly via wait().
286158:
Clear P_TRACED before reparenting a detached process back to its
original parent. Otherwise the debugee will be set as an orphan of
the debugger.
MFC 269656,270024,270443,270993:
Fix problems with orphan handling. Note that to preserve KBI, p_treeflag
has been added to the end of struct proc and is explicitly zero'd during
fork.
269656:
Correct the problems with the ptrace(2) making the debuggee an orphan.
One problem is inferior(9) looping due to the process tree becoming a
graph instead of tree if the parent is traced by child. Another issue
is due to the use of p_oppid to restore the original parent/child
relationship, because real parent could already exited and its pid
reused (noted by mjg).
Add the function proc_realparent(9), which calculates the parent for
given process. It uses the flag P_TREE_FIRST_ORPHAN to detect the head
element of the p_orphan list and than stepping back to its container
to find the parent process. If the parent has already exited, the
init(8) is returned.
Move the P_ORPHAN and the new helper flag from the p_flag* to new
p_treeflag field of struct proc, which is protected by proctree lock
instead of proc lock, since the orphans relationship is managed under
the proctree_lock already.
The remaining uses of p_oppid in ptrace(PT_DETACH) and process
reapping are replaced by proc_realparent(9).
270024:
Correct the order of arguments passed to LIST_INSERT_AFTER().
270443:
Properly reparent traced processes when the tracer dies.
Previously they were uncoditionally reparented to init. In effect
it was possible that tracee was never returned to original parent.
270993:
Fix up proc_realparent to always return correct process.
Prior to the change it would always return initproc for non-traced
processes.
MFC 281941:
Watchdog drivers need to support rearming the watchdog in contexts which
are not permitted to sleep. Only use the IPMI watchdog with backends
which poll driver-initiated requests to meet this requirement.
In practice this means that watchdogs will no longer be used on systems
that use the SSIF backend.
MFC 248705,253812,253813:
- Unlock IPMI sc while performing requests via KCS and SMIC interfaces.
- empirical testing showed that 3 seconds is just too slow for GET_DEVICE_ID
to return on newer Dell hardware. Bump to 6 second timeouts until someone
has a better idea on how to handle this
- Check for ipmi_attached in ipmi_isa_probe as a suggested alternative to
ipmi_isa_attach. This keeps unintended but harmless noise about "ipmi1"
from appearing in the boot up sequence.
hselasky [Sat, 29 Aug 2015 06:17:39 +0000 (06:17 +0000)]
MFC r286799:
Fix race in USB PF which can happen if we stop tracing exactly when
the kernel is tapping an USB transfer. This leads to a NULL pointer
access. The solution is to only trace while the USB bus lock is
locked.
delphij [Wed, 19 Aug 2015 18:33:25 +0000 (18:33 +0000)]
Instant-MFC r286933:
Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
edwin [Fri, 14 Aug 2015 00:00:24 +0000 (00:00 +0000)]
MFC of 286750,tzdata9:
Update to tzdata2015f:
Changes affecting future time stamps
North Korea switches to +0830 on 2015-08-15. (Thanks to Steffen Thorsen.)
The abbreviation remains "KST". (Thanks to Robert Elz.)
Uruguay no longer observes DST. (Thanks to Steffen Thorsen and Pablo Camargo.)
Changes affecting past and future time stamps
Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. (Thanks to Roman Tudos.)
pfg [Thu, 13 Aug 2015 01:04:26 +0000 (01:04 +0000)]
MFC r286074:
GCC: Add a new option "-fstack-protector-strong"
This includes additional functions to be protected: those that
have local array definitions, or have references to local frame
addresses. This is a new option in GCC-4.9 that was relicensed
by Han Shen from Google under GPLv2.
rmacklem [Mon, 10 Aug 2015 22:30:13 +0000 (22:30 +0000)]
MFC: r285260
Since the case where secflavor < 0 indicates the security flavor is
to be negotiated, it could be a Kerberized mount. As such, filling
in the "principal" argument using the canonized host name makes sense.
If it is negotiated as AUTH_SYS, the "principal" argument is meaningless
but harmless.
rmacklem [Mon, 10 Aug 2015 22:26:14 +0000 (22:26 +0000)]
MFC: r285113
If a "principal" argument isn't provided for a Kerberized NFS mount,
the kernel would generate a bogus one with a ":/<path>" suffix.
This would only occur for the case where there was no explicit
"principal" argument and the getaddrinfo() call in mount_nfs.c failed to a
return a cannonical name for the server.
This patch fixes this unusual case.
rmacklem [Sun, 9 Aug 2015 22:33:51 +0000 (22:33 +0000)]
MFC: r286046
This patch fixes a problem where, if the NFSv4 server has a previous
unconfirmed clientid structure for the same client on the last hash list,
this old entry would not be removed/deleted. I do not think this bug would have
caused serious problems, since the new entry would have been before the old one
on the list. This old entry would have eventually been scavenged/removed.
rmacklem [Sun, 9 Aug 2015 22:29:10 +0000 (22:29 +0000)]
MFC: r284531
Document that a forced dismount of an NFSv3 mount when the
NLM (rpc.lockd) is running can crash the system.
Unfortunately this is not easy to fix, but I have left
PR#200585 open.
rmacklem [Sun, 9 Aug 2015 22:07:52 +0000 (22:07 +0000)]
MFC: r283273
The NFS client wasn't handling getdirentries(2) requests for sizes
that are not an exact multiple of DIRBLKSIZ correctly. Fortunately
readdir(3) always uses an exact multiple of DIRBLKSIZ, so few applications
were affected. This patch fixes this problem by reducing the size
of the directory read to an exact multiple of DIRBLKSIZ.
pfg [Wed, 5 Aug 2015 18:55:26 +0000 (18:55 +0000)]
MFC r285720:
libusb: Fix minor warning.
Fix a warning triggered by the gcc + FORTIFY_SOURCE patches:
In function 'libusb20_parse_config_desc': lib/libusb/libusb20_desc.c:141:
warning: passing argument 1 of 'memcpy' discards qualifiers from pointer
target type
davidcs [Wed, 5 Aug 2015 02:19:38 +0000 (02:19 +0000)]
MFC r285973
- Avoid lock contention in the if_transmit callback by using trylock and
enqueueing the frames when it fails. This way there is some latency
removed from the transmitting path.
- If IFF_DRV_OACTIVE is set (and also if IFF_DRV_RUNNING is not) just
enqueue the desired frames and return successful transmit. This way we
avoid to return errors on transmit side and resulting in
possible out-of-order frames. Please note that IFF_DRV_OACTIVE is set
everytime we get the threshold ring hit, so this can be happening quite
often.