jhb [Wed, 17 Feb 2016 01:45:34 +0000 (01:45 +0000)]
MFC 295418,295419:
Fix hangs or panics when misbehaved kernel threads return from their
main function.
295418:
Mark proc0 as a kernel process via the P_KTHREAD flag.
All other kernel processes have this flag set and all threads in proc0
(including thread0) have the similar TDP_KTHREAD flag set.
295419:
Call kthread_exit() rather than kproc_exit() for a premature kthread exit.
Kernel threads (and processes) are supposed to call kthread_exit() (or
kproc_exit()) to terminate. However, the kernel includes a fallback in
fork_exit() to force a kthread exit if a kernel thread's "main" routine
returns. This fallback was added back when the kernel only had processes
and was not updated to call kthread_exit() instead of kproc_exit() when
threads were added to the kernel.
This mistake was particularly exciting when the errant thread belonged to
proc0. Due to the missing P_KTHREAD flag the fallback did not kick in
and instead tried to return to userland via whatever garbage was in the
trapframe. With P_KTHREAD set it tried to terminate proc0 resulting in
other amusements.
dim [Tue, 19 Jan 2016 18:35:22 +0000 (18:35 +0000)]
MFC r294102:
MFV r294101: 6527 Possible access beyond end of string in zpool comment
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Gordon Ross <gwr@nexenta.com>
This fixes erroneous double increments of the 'check' variable in a loop
in spa_prop_validate(). I ran into this in the clang380-import branch,
where clang 3.8.0 warns about it. (It is already fixed there.)
davidcs [Wed, 13 Jan 2016 00:29:59 +0000 (00:29 +0000)]
MFC r292638
Check for packet_length is greater than 60 bytes as well as packet_length is
greater than len_on_bd, before invoking the routine to handle jumbo over SGL
(bxe_service_rxsgl()).
Add counters for number of jumbo_over_SGL packets (rx_bxe_service_rxsgl) and
erroneous jumbo_over_SGL packets (rx_erroneous_jumbo_sge_pkts)
edwin [Thu, 12 Nov 2015 03:29:36 +0000 (03:29 +0000)]
MFC of 290697,tzdata8:
Update to tzdata2015g:
Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson.
hselasky [Mon, 9 Nov 2015 11:29:54 +0000 (11:29 +0000)]
MFC r290441:
Fix for unaligned IP-header.
The mbuf length fields must be set before m_adj() is called else
m_adj() will not always adjust the mbuf and an unaligned read
exception can trigger inside the network stack. This can happen on
platforms where unaligned reads are not supported. Adjust a length
check to include the 2-byte ethernet alignment while at it.
avatar [Wed, 7 Oct 2015 09:39:45 +0000 (09:39 +0000)]
MFC r238980:
Just like the other file systems found in /sys/fs, g_vfs_open()
should be paried with g_vfs_close(). Though g_vfs_close() is a wrapper
around g_wither_geom_close(), r206130 added the following test in
g_vfs_open():
if (bo->bo_private != vp)
return (EBUSY);
Which will cause a 'Device busy' error inside reiserfs_mountfs() if
the same file system is re-mounted again after umount or mounting failure:
(case 1, /dev/ad4s3 is not a valid REISERFS partition)
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Invalid argument
# mount -t msdosfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Device busy
(case 2, /dev/ad4s3 is a valid REISERFS partition)
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
# umount /mnt
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Device busy
On the other hand, g_vfs_close() 'fixed' the above cases by doing an
extra step to keep 'sc->sc_bo->bo_private' and 'cp->private' pointers
synchronised.
MFC r286887: Using the error return code documented in the comment.
Though there is no direct midi_uninit() caller amongst existing drivers
at this moment, a quick experiment indicates that EBUSY gives users more
precise error message once drivers start to honour this result. For example,
emu_midi_detach() should check the result of mpu401_uninit() and block
module unloading if there is any MIDI I/O in progress.
hselasky [Sat, 29 Aug 2015 06:28:48 +0000 (06:28 +0000)]
MFC r286799:
Fix race in USB PF which can happen if we stop tracing exactly when
the kernel is tapping an USB transfer. This leads to a NULL pointer
access. The solution is to only trace while the USB bus lock is
locked.
edwin [Fri, 14 Aug 2015 00:00:50 +0000 (00:00 +0000)]
MFC of 286750,tzdata8:
Update to tzdata2015f:
Changes affecting future time stamps
North Korea switches to +0830 on 2015-08-15. (Thanks to Steffen Thorsen.)
The abbreviation remains "KST". (Thanks to Robert Elz.)
Uruguay no longer observes DST. (Thanks to Steffen Thorsen and Pablo Camargo.)
Changes affecting past and future time stamps
Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. (Thanks to Roman Tudos.)
davidcs [Wed, 5 Aug 2015 02:08:42 +0000 (02:08 +0000)]
MFC r285973
- Avoid lock contention in the if_transmit callback by using trylock and
enqueueing the frames when it fails. This way there is some latency
removed from the transmitting path.
- If IFF_DRV_OACTIVE is set (and also if IFF_DRV_RUNNING is not) just
enqueue the desired frames and return successful transmit. This way we
avoid to return errors on transmit side and resulting in
possible out-of-order frames. Please note that IFF_DRV_OACTIVE is set
everytime we get the threshold ring hit, so this can be happening quite
often.
dim [Tue, 28 Jul 2015 09:19:04 +0000 (09:19 +0000)]
MFC r285340:
Fix swapped copyin(9) arguments in cxgb's iwch_arm_cq() function.
Detected by clang 3.7.0 with the warning:
sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c:309:18: error: variable
'rptr' is uninitialized when used here [-Werror,-Wuninitialized]
chp->cq.rptr = rptr;
^~~~
By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep
current FreeBSD 10 and earlier behavior of using compressed IPv6
addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and
later will use the new default of uncompressed IPv6 addresses.)
marius [Sun, 5 Jul 2015 20:16:51 +0000 (20:16 +0000)]
MFC: r281337
Don't enable RX and TX before their initial configuration is done, i. e.
after setting up interrupt moderation but before turning interrupts on.
This matches what Realtek's r8168 Linux driver does as of version 8.039.00
and fixes problems with certain incarnations of certain MAC revisions
like the interface requiring an extra up/down-cycle after boot to start
working or DMA configuration not being adhered to.
marius [Sun, 5 Jul 2015 19:34:45 +0000 (19:34 +0000)]
MFC: r281751
Refine the workaround for Intel HSD131 [1] added in r269052 (MFCed to
stable/8 in r269595):
- Use the full mask described by the erratum as with a sufficiently high
number of these false-positives, the overflow bit (bit 62) additionally
gets set [7].
- HSD131 has been brought into several other Haswell-derived CPUs including
to the next generation, i. e. Intel Broadwell. Thus, also skip reporting of
these benign errors by default on CPU models affected by HSM142, HSW131 and
BDM48 [2 - 5], describing the HSD131 silicon bug for additional models.
Also, Celeron 2955U with a CPU ID of 0x45 have been reported to be covered
by this fault [6], with the specification update concerned with HSM142 [2]
only referring to 0x3c and 0x46.
Submitted by: David Froehlich [7]
Approved by: re (kib)
davidcs [Tue, 30 Jun 2015 20:24:23 +0000 (20:24 +0000)]
MFC r284335
PHY LOCK acquires the hardware lock via bxe_acquire_phy_lock() and releases it via bxe_release_phy_lock(). It was simply acquiring a mutex earlier which can cause the PHY to use bogus values. Fixes intermittent link failures.
bxe_ioctl() completes all functions within its context as opposed to a taskqueue earlier.
bxe_handle_rx_mode_tq() no longer required. bxe_set_rx_mode() handles the functionality within its context
gshapiro [Thu, 25 Jun 2015 01:56:36 +0000 (01:56 +0000)]
MFC: An additional fix for the openssl Weak DH remediation:
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
The first fix committed last week changed the default to 1024 bits.
This commit fixes the case where the DHParameters option is set to a
file which doesn't exist, which is the case on newer versions of
FreeBSD which enable STARTTLS by default by auto-creating TLS
certificates.
gshapiro [Wed, 17 Jun 2015 03:22:18 +0000 (03:22 +0000)]
MFC: The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
This commit chages that default to 1024 bits. sendmail 8.15.2, when
released well use a default of 2048 bits.
jhb [Tue, 2 Jun 2015 15:12:33 +0000 (15:12 +0000)]
MFC 282417:
Various updates to the ftruncate(2) documentation:
- Note that ftruncate(2) can operate on shared memory objects and cross
reference shm_open(2).
- Note that ftruncate(2) does not change the file position pointer (aka
seek pointer) of the file descriptor.
- ftruncate(2) will fail with EINVAL for all sorts of other fd types than
just sockets, so instead note that it fails for all but regular files and
shared memory objects.
- Note that ftruncate(2) also appeared in 4.2BSD along with truncate(2).
(Or at least the manpage for both appeared in 4.2, I did not check the
kernel code itself to see if either predated 4.2.)
dim [Thu, 28 May 2015 06:45:13 +0000 (06:45 +0000)]
MFC r283254:
Ensure that the static structs emitted by the MODULE_DEPEND() and
MODULE_VERSION() macros don't end up as .comm symbols, when all the
version fields are zero.
Normally, such symbols will end up in .bss, but for kernel module
version objects, this can lead to "garbage" version numbers.
Fix this by instructing the compiler to always put these structs in the
.data segment instead.
hselasky [Wed, 27 May 2015 13:27:39 +0000 (13:27 +0000)]
MFC r283064:
Fix an off-by-one error by adding proper range checks when parsing the
HDA association descriptors. This fixes a crash during device probe
for some HDA PCI devices.
edwin [Mon, 18 May 2015 21:18:44 +0000 (21:18 +0000)]
MFC of 283079,tzdata8:
Update to tzdata2015d:
Release 2015d - 2015-04-24 08:09:46 -0700
Changes affecting future time stamps
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
edwin [Mon, 18 May 2015 02:10:19 +0000 (02:10 +0000)]
MFC of 283042,tzdata8:
Update to tzdata2015c:
Release 2015c - 2015-04-11 08:55:55 -0700
Changes affecting future time stamps
Egypt's spring-forward transition is at 24:00 on April's last Thursday,
not 00:00 on April's last Friday. 2015's transition will therefore be on
Thursday, April 30 at 24:00, not Friday, April 24 at 00:00. Similar fixes
apply to 2026, 2037, 2043, etc. (Thanks to Steffen Thorsen.)
MFC r280757: Remove request sorting from GEOM_MIRROR and GEOM_RAID.
When CPU is not busy, those queues are typically empty. When CPU is busy,
then one more extra sorting is the last thing it needs. If specific device
(HDD) really needs sorting, then it will be done later by CAM.
This supposed to fix livelock reported for mirror of two SSDs, when UFS
fires zillion of BIO_DELETE requests, that totally blocks I/O subsystem by
pointless sorting of requests and responses under single mutex lock.
MFC r281006
When an mbuf allocation fails in the receive path, the mbuf containing the received packet is not sent to the host network stack and is reused again on the receive ring. Remaining received packets in the ring are not processed in that invocation of bxe_rxeof() and defered to the task thread
When catopen(3) returns an error, it caches the result of that error from
r202992. The refcount on the cache entry is not initialized, so any attempt
to clean the cache will skip over this item since it likely has a >0 value.
hselasky [Wed, 25 Mar 2015 13:18:36 +0000 (13:18 +0000)]
MFC r280322 and r280429:
The synchronisation value returned by the so-called feedback endpoint
appears to be too inaccurate that it can be used to synchronize the
playback data stream. If there is a recording endpoint associated with
the playback endpoint, use that instead. That means if the isochronous
OUT endpoint is asynchronus the USB audio driver will automatically
start recording, if possible, to get exact information about the
needed sample rate adjustments. In no recording endpoint is present,
no rate adaption will be done.
While at it fix an issue where the hardware buffer pointers don't get
reset at the first device PCM trigger.
Make some variables 32-bit to avoid problems with multithreading.
Use the feedback value from the synchronization endpoint as fallback
when there is no recording channel.
hselasky [Wed, 25 Mar 2015 13:08:57 +0000 (13:08 +0000)]
MFC r280345:
Fix for out of order device destruction notifications when using the
delist_dev() function. In addition to this change:
- add a proper description of this function
- add a proper witness assert inside this function
- switch a nearby line to use the "cdp" pointer instead of cdev2priv()
edwin [Tue, 24 Mar 2015 06:11:20 +0000 (06:11 +0000)]
MFC of 280413,tzdata8:
Release 2015b - 2015-03-19 23:28:11 -0700
Changes affecting future time stamps
Mongolia will start observing DST again this year, from the last
Saturday in March at 02:00 to the last Saturday in September at 00:00.
(Thanks to Ganbold Tsagaankhuu.)
Palestine will start DST on March 28, not March 27. Also,
correct the fall 2014 transition from September 26 to October 24.
Adjust future predictions accordingly. (Thanks to Steffen Thorsen.)
Changes affecting past time stamps
The 1982 zone shift in Pacific/Easter has been corrected, fixing a 2015a
regression. (Thanks to Stuart Bishop for reporting the problem.)
Some more zones have been turned into links, when they differed
from existing zones only for older time stamps. As usual,
these changes affect UTC offsets in pre-1970 time stamps only.
Their old contents have been moved to the 'backzone' file.
The affected zones are: America/Antigua, America/Cayman,
Pacific/Midway, and Pacific/Saipan.
Changes affecting time zone abbreviations
Correct the 1992-2010 DST abbreviation in Volgograd from "MSK" to "MSD".
(Thanks to Hank W.)
delphij [Fri, 20 Mar 2015 07:11:20 +0000 (07:11 +0000)]
Fix issues with original SA-15:06.openssl commit:
- Revert a portion of ASN1 change per suggested by OpenBSD
and OpenSSL developers. The change was removed from the
formal OpenSSL release and does not solve security issue.
- Properly fix CVE-2015-0209 and CVE-2015-0288.
jhb [Fri, 13 Mar 2015 20:10:09 +0000 (20:10 +0000)]
MFC 278321:
Use direct hardware access for internal requests for KCS and SMIC. In
particular, updates to the watchdog should no longer sleep.
- Add a new IPMI_IO_LOCK for low-level I/O access. Use this for
kcs_polled_request() and smic_polled_request().
- Add a new backend callback "ipmi_driver_request" to handle a driver
request. The new callback performs the request sychronously for KCS
and SMIC. SSIF still defers the work to the worker thread since the
worker thread sleeps during request processing anyway.
- Allocate driver requests on the stack rather than using malloc().