markj [Fri, 19 Jun 2020 03:32:04 +0000 (03:32 +0000)]
Add a helper function for validating VA ranges.
Functions which take untrusted user ranges must validate against the
bounds of the map, and also check for wraparound. Instead of having the
same logic duplicated in a number of places, add a function to check.
Reviewed by: dougm, kib
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25328
mckusick [Fri, 19 Jun 2020 01:04:25 +0000 (01:04 +0000)]
The binary representation of the superblock (the fs structure) is written
out verbatim to the disk: see ffs_sbput() in sys/ufs/ffs/ffs_subr.c.
It contains a pointer to the fs_summary_info structure. This pointer
value inadvertently causes garbage to be stored. It is garbage because
the pointer to the fs_summary_info structure is the address the then
current stack or heap. Although a mere pointer does not reveal anything
useful (like a part of a private key) to an attacker, garbage output
deteriorates reproducibility.
This commit zeros out the pointer to the fs_summary_info structure
before writing the out the superblock.
mckusick [Fri, 19 Jun 2020 01:02:53 +0000 (01:02 +0000)]
Move the pointers stored in the superblock into a separate
fs_summary_info structure. This change was originally done
by the CheriBSD project as they need larger pointers that
do not fit in the existing superblock.
This cleanup of the superblock eases the task of the commit
that immediately follows this one.
karels [Thu, 18 Jun 2020 23:57:10 +0000 (23:57 +0000)]
Add support for bcm54213PE in brgphy.
This chip is used in the Rasperry Pi 4, and is supported by the if_genet
driver. Currently we use the ukphy mii driver, this patch switches over
to the brgphy mii driver instead. To support the rgmii-rxid phy mode,
which is now the default in the Linux dtb, we add support for clock
skewing.
These changes are taken from OpenBSD and NetBSD, except for the bailout
in brgphy_bcm54xx_clock_delay() in rgmii mode, which was found necessary
after testing.
Submitted by: Robert Crowston, crowston at protomail.com
Differential Revision: https://reviews.freebsd.org/D25251
kaktus [Thu, 18 Jun 2020 21:42:54 +0000 (21:42 +0000)]
hw.bus.info: rework handler
hw.bus.info was added in r68522 as a node, but there was never anything
connected "behind" it. Its only purpose is to return a struct u_businfo.
The only in-base consumer are devinfo(3)/devinfo(8).
Rewrite the handler as SYSCTL_PROC and mark it as MPSAFE and read-only
as there never was a writable path.
kib [Thu, 18 Jun 2020 20:49:56 +0000 (20:49 +0000)]
Fix execution of linux binary from multithreaded non-Linux process.
If multithreaded non-Linux process execs Linux binary, then non-Linux
threads different from the one that execing are cleared by
single-threading at boundary, and then terminating them in
post_execve(). Since at that time the process is already switched to
linux ABI, linuxolator is involved in the thread clearing on boundary,
but cannot find the emul data.
Handle it by pre-creating emuldata for all threads in the execing process.
Also remove a code in linux_proc_exec() handler that cleared emul data
for other threads when execing from multithreaded Linux process. It is
excessive.
PR: 247020
Reported by: Martin FIlla <freebsd@sysctl.cz>
Reported by: Henrique L. Amorim, Independent Security Researcher
Reported by: Rodrigo Rubira Branco (BSDaemon), Amazon Web Services
Reviewed by: markj
Tested by: trasz
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25293
dim [Thu, 18 Jun 2020 20:41:43 +0000 (20:41 +0000)]
Merge commit 0cecafd647cc from llvm git (by Alina Sbirlea):
[BasicAA] Make BasicAA a cfg pass.
Summary:
Part of the changes in D44564 made BasicAA not CFG only due to it
using PhiAnalysisValues which may have values invalidated. Subsequent
patches (rL340613) appear to have addressed this limitation.
BasicAA should not be invalidated by non-CFG-altering passes. A
concrete example is MemCpyOpt which preserves CFG, but we are testing
it invalidates BasicAA.
This fixes an issue with clang's -fintegrated-cc1 feature, which could
make it output slightly different assembly code, depending on the way it
was invoked.
In r361755 we attempted to work around it by disabling the integrated
cc1 stage, but it did not solve the root cause for all situations.
Extensive testing and bisecting showed that the above change finally
makes the output deterministic, even if -fintegrated-cc1 is on.
markj [Thu, 18 Jun 2020 19:32:34 +0000 (19:32 +0000)]
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
mav [Thu, 18 Jun 2020 19:16:03 +0000 (19:16 +0000)]
Make polled request timeout less invasive.
Instead of panic after one second of polling, make the normal timeout
handler to activate, reset the controller and abort the outstanding
requests. If all of it won't happen within 10 seconds then something
in the driver is likely stuck bad and panic is the only way out.
In particular this fixed device hot unplug during execution of those
polled commands, allowing clean device detach instead of panic.
0mp [Thu, 18 Jun 2020 11:18:26 +0000 (11:18 +0000)]
Clean up and improve manual page for fuser(1)
- Mention option's arguments in the list of options (so that now we mention
"-N system" instead of just "-N").
- Stylize signals and other constants like O_APPEND with Dv.
- Sort options.
- Change indentation width for readability.
- Fix a couple of typos.
- Sort symbols list.
- Use Sy instead of Cm for symbols. They are not command modifiers.
- Use Ex -std in the EXIT STATUS section for consistency with other manual
pages.
- Use Ql instead of Dq Li for inline code examples as Li has recently been
deprecated by mdoc.
0mp [Thu, 18 Jun 2020 10:52:51 +0000 (10:52 +0000)]
Improve periodic(8) manual page presentation
- Update synopsis to present all available arguments.
- Consistently call the argument specifying an arbitrary directory a
"directory".
- Do not put macros into -width argument to Bl. They do not expand there.
- Stylize command modifiers like "daily" with Cm instead of Pa. While
technically periodic(8) operates on directories with such names, it is
confusing from the perspective of the manual page reader as Pa and Ar are
stylized the same way. Also, I cannot recall a single manual page where
Pa would be used to describe the syntax of command-line arguments.
avg [Thu, 18 Jun 2020 06:12:06 +0000 (06:12 +0000)]
hdac_intr_handler: keep working until global interrupt status clears
It is plausible that the hardware interrupts a host only when GIS goes
from zero to one. GIS is formed by OR-ing multiple hardware statuses,
so it's possible that a previously cleared status gets set again while
another status has not been cleared yet. Thus, there will be no new
interrupt as GIS always stayed set. If we don't re-examine GIS then we
can leave it set and never get another interrupt again.
Without this change I frequently saw a problem where snd_hda would stop
working. Setting dev.hdac.1.polling=1 would bring it back to life and
afterwards I could set polling back to zero. Sometimes the problem
started right after a boot, sometimes it happened after resuming from
S3, frequently it would occur when sound output and input are active
concurrently (such as during conferencing). I looked at HDAC_INTSTS
while the sound was not working and I saw that both HDAC_INTSTS_GIS and
HDAC_INTSTS_CIS were set, but there were no interrupts.
I have collected some statistics over a period of several days about how
many loops (calls to hdac_one_intr) the new code did for a single
interrupt:
+--------+--------------+
|Loops |Times Happened|
+--------+--------------+
|0 |301 |
|1 |12857746 |
|2 |280 |
|3 |2 |
|4+ |0 |
+--------+--------------+
I believe that previously the sound would get stuck each time we had to loop
more than once.
The tested hardware is:
hdac1: <AMD (0x15e3) HDA Controller> mem 0xfe680000-0xfe687fff at device 0.6 on pci4
hdacc1: <Realtek ALC269 HDA CODEC> at cad 0 on hdac1
No objections: mav
MFC after: 5 weeks
Differential Revision: https://reviews.freebsd.org/D25128
chs [Wed, 17 Jun 2020 23:39:52 +0000 (23:39 +0000)]
Move all of the functions in ffs_subr.c that are only used by the ufs kernel
module from that file into ffs_vfsops.c. This fixes the build for kernel
configs that don't include FFS.
0mp [Wed, 17 Jun 2020 21:21:57 +0000 (21:21 +0000)]
Clean up fstat.1
- Sort options in the list & indent for readability.
- Pet linters
- Use "\(em" instead of "--"
- Remove Tn macros
- Use Ql instead of Dq Li
- Add arguments to the -M, -N, -p, and -u options in their descriptions.
- Use Sy instead of Li for field names. Li is deprecated, and Ql makes no
sense here.
- Replace a literal block with a list for the table of special names
related to FD.
- Use Ql instead of ``X''.
- Add a dot after etc.
- Reference fuser(1).
bz [Wed, 17 Jun 2020 21:04:38 +0000 (21:04 +0000)]
When converting the static arrays to mallocarray() in r356621 I missed
one place where we now need to multiply the size of the struct with the
number of entries. This lead to problems when restarting user space
daemons, as the cleanup was never properly done, resulting in MRT_ADD_VIF
EADDRINUSE.
Properly zero all array elements to avoid this problem.
bz [Wed, 17 Jun 2020 20:58:37 +0000 (20:58 +0000)]
The call into ifa_ifwithaddr() needs to be epoch protected; ortherwise
we'll panic on an assertion.
While here, leave a comment that the ifp was never protected and stable
(as glebius pointed out) and this needs to be fixed properly.
Discovered while working on: PR 246629
Reviewed by: glebius
MFC after: 4 days
Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
andrew [Wed, 17 Jun 2020 19:56:17 +0000 (19:56 +0000)]
Clean up the pci host generic driver
- Support Prefetchable Memory.
- Use the correct rman when allocating memory and ioports.
- Translate PCI addresses in bus_alloc_resource to allow physical
addresses that are different than pci addresses.
Reviewed by: Robert Crowston <crowston_protonmail.com>
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D25121
br [Wed, 17 Jun 2020 15:54:51 +0000 (15:54 +0000)]
Complete the ACPI support for ARM Coresight:
o Parse the ACPI DSD (Device Specific Data) graph property and record
device connections.
o Split-out FDT support to a separate file.
o Get the corresponding (FDT/ACPI) Coresight platform data in
the device drivers.
thj [Wed, 17 Jun 2020 13:27:13 +0000 (13:27 +0000)]
Add header definition for RFC4340, Datagram Congestion Control Protocol
Add a header definition for DCCP as defined in RFC4340. This header definition
is required to perform validation when receiving and forwarding DCCP packets.
We do not currently support DCCP.
hselasky [Wed, 17 Jun 2020 11:14:54 +0000 (11:14 +0000)]
Fix HW TLS offload regression issue after r359919, in mlx5en(4).
Changes in the mbuf layout regarding HW TLS, resulted in wrong detection
of starting mbuf. Use a boolean variable to handle this and pass m_adj()
the top mbuf, so that the packet header is adjusted correctly.
tsoome [Wed, 17 Jun 2020 08:08:57 +0000 (08:08 +0000)]
loader: vidc_init should also erase the screen
Inject \e[J to erase the initial loader screen. We have two options,
find where out cursor is and use BIOS scroll for data from boot2 or erase the
display and start from origin. Erasing the screen is easier and we also
get the screen buffer initialized.
kib [Tue, 16 Jun 2020 21:29:02 +0000 (21:29 +0000)]
rtld: Allow to load ET_DYN && DF_1_PIE when tracing.
This makes old ldd to still work on newer tagged PIE binaries.
Also move debug line for hashes before both decisions to not load are
done, so that the end of digest_dynamic() processing and reason to not
load or load is seen in debug trace.
Noted by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
jmallett [Tue, 16 Jun 2020 19:21:28 +0000 (19:21 +0000)]
Improve unit parsing of mpsutil.
Previously, it used atoi(3) to parse the unit parameter, which would silently
yield a unit of 0 in the presence of an invalid unit number. As most users of
mpsutil(8) are likely to have at least a unit 0, this is could have confusing
results.
This behaviour was particularly unintuitive if one incorrectly passed an
adapter device name, or a device path, instead of a unit number. In addition
to using strtoumax(3) instead of atoi(3) to parse unit numbers, support
stripping a device name (e.g. mps1) or path (e.g. /dev/mps2) to just its unit
number.
rrs [Tue, 16 Jun 2020 18:16:45 +0000 (18:16 +0000)]
iSo in doing final checks on OCA firmware with all the latest tweaks the dup-ack checking
packet drill script was failing with a number of unexpected acks. So it turns
out if you have the default recvwin set up to 1Meg (like OCA's do) and you
have no window scaling (like the dupack checking code) then we have another
case where we are always trying to update the rwnd and sending an
ack when we should not.
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D25298
eugen [Tue, 16 Jun 2020 17:45:23 +0000 (17:45 +0000)]
newsyslog(8): make configuration parser more robust.
Currently newsyslog supports <include> directive that is used
in our default /etc/newsyslog.conf in the following form:
<include> /usr/local/etc/newsyslog.conf.d/*
While this is suitable for ports installing their own rules
for logs rotation, this also makes newsyslog break entire
processing of all files if it encounters single line it cannot parse.
This includes lines referring to nonexistent username/group for log
ownership, so newsyslog stops calling errx() function in the parser.
With this fix, newsyslog uses warnx() instead of errx() in such cases
to print a warning, recover gracefully and continue with execution.
Among other cases, this unbreaks initial creation of log files
having flag "C" at boot time (newsyslog -CN). This is most important
for systems having RAM-based /var file system like nanobsd(8)-based
that rely on newsyslog to bring system log files into existence.
rrs [Tue, 16 Jun 2020 12:26:23 +0000 (12:26 +0000)]
So it turns out rack has a shortcoming in dup-ack counting. It counts the dupacks but
then does not properly respond to them. This is because a few missing bits are not present.
BBR actually does properly respond (though it also sends a TLP which is interesting and
maybe something to fix)..
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D25294
rmacklem [Tue, 16 Jun 2020 02:31:22 +0000 (02:31 +0000)]
Expose UID_xxx and GID_xxx definitions to userspace.
This patch moves the UID_xxx and GID_xxx definitions out of the
#ifdef _KERNEL section, so that userspace programs like mountd
can use them.
There are a couple of userspace programs that do define UID_ROOT,
but they do not include sys/conf.h. Since they are defined as
the same value, maybe they should be changed to include sys/conf.h.
U-APSD (unscheduled automatic power save delivery) is a power save method
that's a bit better than legacy PS-POLL - stations can mark frames with
an extra flag that tells the AP to leak out more frames after it sends
its own frames rather than needing to send a PS-POLL to get another frame
from the AP.
Now, this code just handles the negotiation bits; it doesn't actually
implement U-APSD. That's up to drivers, and nothing in the tree yet
implements this. I /may/ implement this for ath(4) if I eventually care
enough but right now I plan on just implementing it for firmware offload
based NICs that handle this in the NIC.
I'll commit the ifconfig bit after this and I may have some follow-up
commits as this gets used more by me in local testing.
This should be a glorious no-op for everyone else. If things change
for anyone that isn't fixed by a complete recompile then please reach out
to me.
trasz [Mon, 15 Jun 2020 20:12:10 +0000 (20:12 +0000)]
Make Linux uname(2) return x86_64 to 32-bit apps. This helps Steam.
PR: kern/240432
Analyzed by by: Alex S <iwtcex@gmail.com>
Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25248
vmaffione [Mon, 15 Jun 2020 19:46:34 +0000 (19:46 +0000)]
if_vtnet: let vtnet_rx_vq_intr() and vtnet_rxq_tq_intr() share code
Since the two functions are similar, introduce a common function
(vtnet_rx_vq_process()) to share common code.
This also improves locking, by ensuring vrxs_rescheduled is accessed
under the RXQ lock, and taskqueue_enqueue() is not called under the
lock (therefore avoiding a spurious duplicate lock warning).
jhb [Mon, 15 Jun 2020 19:38:48 +0000 (19:38 +0000)]
Remove the sed hack for ABI tag notes.
The ELF notes compiled in C were placed in a section with the wrong type
(SHT_PROGBITS instead of SHT_NOTE). Previously, sed was used on the
generated assembly to rewrite the section type. Instead, write the notes
in assembly which permits setting the correct section type directly.
While here, move inline assembly entry points out of C and into assembly
for aarch64, arm, and riscv.
jhb [Mon, 15 Jun 2020 18:57:43 +0000 (18:57 +0000)]
Simplify MACHINE_ARCH to be a single string.
Big endian and armv4 mean that we are now down to only two supported
variants. A future change will use MACHINE_ARCH in assembly which
does not support C-style string concatentation and thus needs
MACHINE_ARCH defined as a single string.
jrtc27 [Sun, 14 Jun 2020 22:39:34 +0000 (22:39 +0000)]
vtnet: Fix regression introduced in r361944
For legacy devices that don't support MrgRxBuf (such as bhyve pre-r358180),
r361944 failed to update the receive handler to account for the additional
padding introduced by the unused num_buffers field that is now always present
in struct vtnet_rx_header. Thus, calculate the padding dynamically based on
vtnet_hdr_size.