John Baldwin [Tue, 7 Jan 2020 21:56:28 +0000 (21:56 +0000)]
Don't fail universe kernel stage for TARGET_ARCHes without a kernel config.
This fixes a regression in r356418 where the entire universe would
fail early due to an undefined make target when a given TARGET_ARCH
had no associated kernel configs. This is true for all of the
hard-float mips TARGET_ARCHes currently.
Pointy hat to: me
Reviewed by: emaste
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D23071
Mark Johnston [Tue, 7 Jan 2020 21:56:20 +0000 (21:56 +0000)]
Use a deterministic hash for USDT symbol names.
Previously libdtrace used ftok(3), which hashes the inode number of the
input object file. To increase reproducibility of builds that embed
USDT probes, include a hash of the object file path in the symbol name
instead.
Reported and tested by: bdrewery
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Mark Johnston [Tue, 7 Jan 2020 21:44:27 +0000 (21:44 +0000)]
libjail: Handle an error from reallocarray() when trimming the buffer.
There is no API guarantee that realloc() will not fail when the buffer
is shrinking. Handle it by simply returning the untrimmed buffer.
While this is unlikely to ever happen in practice, it seems worth
handling just to silence static analyzer warnings.
PR: 243106
Submitted by: Hans Christian Woithe <chwoithe@yahoo.com>
MFC after: 1 week
Alexander Motin [Tue, 7 Jan 2020 21:17:11 +0000 (21:17 +0000)]
Add Host Memory Buffer support to nvme(4).
This allows cheapest DRAM-less NVMe SSDs to use some of host RAM (about
1MB per 1GB on the devices I have) for its metadata cache, significantly
improving random I/O performance. Device reports minimal and preferable
size of the buffer. The code limits it to 1% of physical RAM by default.
If the buffer can not be allocated or below minimal size, the device will
just have to work without it.
MFC after: 2 weeks
Relnotes: yes
Sponsored by: iXsystems, Inc.
Kyle Evans [Tue, 7 Jan 2020 19:49:31 +0000 (19:49 +0000)]
Remove gcclibs libssp build glue
r356356 started providing libssp based on ^/lib/libc/secure and disconnected
this version from the build. This one did formally provide runtime support
for _FORTIFY_SOURCE, but FreeBSD lacks the build support that would have
been needed to take advantage of it.
Ed Maste [Tue, 7 Jan 2020 17:57:08 +0000 (17:57 +0000)]
Do not define TCPOUTFLAGS in rack_bbr_common
tcp_outflags isn't used in this source file and compilation failed with
external GCC on sparc64. I'm not sure why only that case failed (perhaps
inconsistent -Werror config) but it is a legitimate issue to fix.
John Baldwin [Tue, 7 Jan 2020 17:07:58 +0000 (17:07 +0000)]
Various cleanups to cryptocheck.
- Rename 'blkcipher' to 'cipher'. Some of the ciphers being tested
are stream ciphers.
- Rename 'authenc' to 'eta' as it is only testing ETA chained
operations and not other combination modes.
- Add a notion of an OCF session and some helper routines to try to
reduce duplicated code. This also uses a single session for both
encrypt and decrypt operations during a single test.
- Add tests to ensure that AEAD algorithms fail decryption with
EBADMSG when given a corrupted tag.
- Remove the transitional hack for COP_F_CIPHER_FIRST.
- Update block comment to mention plain hashes.
Reviewed by: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D22940
Mark Johnston [Tue, 7 Jan 2020 16:07:30 +0000 (16:07 +0000)]
Decrease logging severity when adding a device or reading config table.
In PR 243056 a user reports some spam from smartpqi(4). In particular,
the driver warns about an unrecognized PQI_CONF_TABLE_SECTION_SOFT_RESET
section (not yet defined in the driver, but handled in Linux), but this
doesn't cause any problems. The Linux driver also does not warn about
unrecognized sections.
Also do not log a warning when a device is added, since this is routine.
Lower severity to DISC, to match pqisrc_remove_device().
PR: 243056
Reviewed by: sbruno
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23023
Ryan Stone [Tue, 7 Jan 2020 16:03:11 +0000 (16:03 +0000)]
rtld: Fix segfault in direct exec mode
When rtld is directly executed with arguments, it has to move the
program arguments, environment and elf aux data up a few slots to
remove its own arguments before the process being executed sees
them. When copying the environment, rtld was incorrectly testing
whether the location about to be written to currently contained
NULL, when was supposed to check whether it had just copied the
NULL terminator of the environment string. This had the result
that the ELF aux data was mostly treated as environment variables,
and rtld would quickly crash when it tried to access required
ELF aux data that it didn't think was present.
Mark Johnston [Tue, 7 Jan 2020 15:59:31 +0000 (15:59 +0000)]
Define a unified pmap structure for i386.
The overloading of struct pmap for PAE and non-PAE pmaps results in
three distinct layouts for the structure, which is embedded in
struct vmspace. This causes a large number of duplicate structure
definitions in the i386 kernel's CTF type graph.
Since most pmap fields are the same in the two pmaps, simply provide
side-by-side variants of the fields that are distinct, using fixed-size
types.
PR: 242689
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22896
Mateusz Guzik [Tue, 7 Jan 2020 15:56:24 +0000 (15:56 +0000)]
vfs: reimplement deferred inactive to use a dedicated flag (VI_DEFINACT)
The previous behavior of leaving VI_OWEINACT vnodes on the active list without
a hold count is eliminated. Hold count is kept and inactive processing gets
explicitly deferred by setting the VI_DEFINACT flag. The syncer is then
responsible for vdrop.
Reviewed by: kib (previous version)
Tested by: pho (in a larger patch, previous version)
Differential Revision: https://reviews.freebsd.org/D23036
Pawel Biernacki [Mon, 6 Jan 2020 19:47:59 +0000 (19:47 +0000)]
kern_sysctl: make sysctl.debug work as intended
r136999 introduced SYSTCL_DEBUG but apparently "opt_sysctl.h" was never
included making the option ignored.
r322954 introduced sysctl.reuse_test with OID number equal to 0, effectively
shadowing the very special sysctl.debug one. Use OID_AUTO as it doesn't need
any special treatment.
Kyle Evans [Mon, 6 Jan 2020 18:25:58 +0000 (18:25 +0000)]
Refine fusefs test workaround for mips+llvm
This re-enables building the googletest suite by default on mips and instead
specifically doesn't build fusefs tests for mips+clang builds. clang will
easily spent >= 1.5 hours compiling a single file due to a bug in
optimization (see LLVM PR 43263), so turn these off for now while that's
hashed out.
GCC builds are unaffected and build the fusefs tests as-is. Clang builds
only happen by early adopters attempting to hash out the remaining issues.
The comment has been updated to reflect its new position and use less strong
wording about imposing on people.
Kyle Evans [Mon, 6 Jan 2020 18:15:55 +0000 (18:15 +0000)]
Update libssp paths in various Makefile.depend* files
I've been advised that the model that uses these are fairly resilient, but
we do know the proper path to use (or remove, in the case of ^/targets/...),
so go ahead and update them to reflect that.
John Baldwin [Mon, 6 Jan 2020 18:02:02 +0000 (18:02 +0000)]
Simplify arguments to signal handlers on mips.
- Use ksi_addr directly as si_addr in the siginfo instead of the
'badvaddr' register.
- Remove a duplicate assignment of si_code.
- Use ksi_addr as the 4th argument to the old-style handler instead of
'badvaddr'.
John Baldwin [Mon, 6 Jan 2020 17:34:17 +0000 (17:34 +0000)]
Only build kernels for enabled TARGET_ARCHes in make universe/tinderbox.
Previously, all of the kernels for a given TARGET were built if that
target was enabled. This was implemented by having each kernel built
via a universe_kernconf_<KERNEL> target that was depended on by a
universe_kernconfs target. However, this meant that if one did a
build with a limited set of TARGET_ARCH values for a given TARGET,
kernels could be built for which we hadn't built a world or toolchain.
For example, 'make TARGETS=mips TARGET_ARCHES_mips=mips64' would build
mips32 kernels.
Fix this by adding an extra layer of indirection in the kernel make
targets. universe_kernconf_<KERNEL> is now a dependency of a new
universe_kernconfs_<TARGET_ARCH>. universe_kernconfs in turn depends
on a list of universe_kernconfs_<target_arch> values, but only the
values enabled in TARGET_ARCHES_<TARGET>.
Jeff Roberson [Mon, 6 Jan 2020 02:51:19 +0000 (02:51 +0000)]
Fix uma boot pages calculations on NUMA machines that also don't have
MD_UMA_SMALL_ALLOC. This is unusual but not impossible. Fix the alignemnt
of zones while here. This was already correct because uz_cpu strongly
aligned the zone structure but the specified alignment did not match
reality and involved redundant defines.
Bjoern A. Zeeb [Sun, 5 Jan 2020 19:14:16 +0000 (19:14 +0000)]
netgraph/ng_bridge: Reestablish old ABI
In order to be able to merge r353026 bring back support for the old
cookie API for a transition period in 12.x releases (and possibly 13)
before the old API can be removed again entirely.
Ed Maste [Sun, 5 Jan 2020 18:01:15 +0000 (18:01 +0000)]
src.opts.mk: disable BINUTILS_BOOTSTRAP on all mips* and sparc64
Extend r356379 to include 32-bit mips and sparc64. Using a decade-old
binutils linker with a contemporary compiler (either Clang or GCC) is
a combination unlikely to be used by anyone else, and it's not going
to be a good use of our time investigating and addressing any issues
that arise. Expect that all architectures newly migrated to external
GCC will also use external binutils.
Ed Maste [Sun, 5 Jan 2020 16:59:24 +0000 (16:59 +0000)]
src.opts.mk: disable BINUTILS_BOOTSTRAP on mips64*
After GCC was disabled by default in r356367, mips and sparc64 started
relying external GCC. However, the in-tree Binutils ld 2.17.50 is not
compatible with GCC for some mips64 targets, so turn off
BINUTILS_BOOTSTRAP and rely on external binutils (linker) as well.
Kyle Evans [Sun, 5 Jan 2020 04:06:40 +0000 (04:06 +0000)]
shm: correct KPI mistake introduced around memfd_create
When file sealing and shm_open2 were introduced, we should have grown a new
kern_shm_open2 helper that did the brunt of the work with the new interface
while kern_shm_open remains the same. Instead, more complexity was
introduced to kern_shm_open to handle the additional features and consumers
had to keep changing in somewhat awkward ways, and a kern_shm_open2 was
added to wrap kern_shm_open.
Backpedal on this and correct the situation- kern_shm_open returns to the
interface it had prior to file sealing being introduced, and neither
function needs an initial_seals argument anymore as it's handled in
kern_shm_open2 based on the shmflags.
Kyle Evans [Sun, 5 Jan 2020 03:15:16 +0000 (03:15 +0000)]
shmfd/mmap: restrict maxprot with MAP_SHARED + F_SEAL_WRITE
If a write seal is set on a shared mapping, we must exclude VM_PROT_WRITE as
the fd is effectively read-only. This was discovered by running
devel/linux-ltp, which mmap's with acceptable protections specified then
attempts to raise to PROT_READ|PROT_WRITE with mprotect(2), which we
allowed.
Ed Maste [Sun, 5 Jan 2020 02:47:56 +0000 (02:47 +0000)]
Do not build GCC 4.2.1 by default for any CPU architecture
By default set to NO:
GCC
GCC_BOOTSTRAP
GNUCXX
As described by imp@ on the freebsd-arch mailing list Aug 13, 2019 with
Subject: Gcc 4.2.1 to be removed before FreeBSD 13, a firm timeline
https://lists.freebsd.org/pipermail/freebsd-arch/2019-August/019674.html
Reviewed by: jhb, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23026
Kyle Evans [Sat, 4 Jan 2020 23:39:58 +0000 (23:39 +0000)]
kern_mmap: add a variant that allows caller to inspect fp
Linux mmap rejects mmap() on a write-only file with EACCES.
linux_mmap_common currently does a fun dance to grab the fp associated with
the passed in fd, validates it, then drops the reference and calls into
kern_mmap(). Doing so is perhaps both fragile and premature; there's still
plenty of chance for the request to get rejected with a more appropriate
error, and it's prone to a race where the file we ultimately mmap has
changed after it drops its referenced.
This change alleviates the need to do this by providing a kern_mmap variant
that allows the caller to inspect the fp just before calling into the fileop
layer. The callback takes flags, prot, and maxprot as one could imagine
scenarios where any of these, in conjunction with the file itself, may
influence a caller's decision.
The file type check in the linux compat layer has been removed; EINVAL is
seemingly not an appropriate response to the file not being a vnode or
device. The fileop layer will reject the operation with ENODEV if it's not
supported, which more closely matches the common linux description of
mmap(2) return values.
If we discover that we're allowing an mmap() on a file type that Linux
normally wouldn't, we should restrict those explicitly.
Kyle Evans [Sat, 4 Jan 2020 22:05:00 +0000 (22:05 +0000)]
libssp: fix FORTIFY_SOURCE stub declarations
The LSB 4.1 that I referenced omitted the varargs, and I failed to catch it.
The __vsnprintf_chk error was from just downright misreading the page. GCC6
caught all of these, but I had only tested GCC4.2.
Kyle Evans [Sat, 4 Jan 2020 20:19:25 +0000 (20:19 +0000)]
Provide libssp based on libc
For libssp.so, rebuild stack_protector.c with FORTIFY_SOURCE stubs that just
abort built into it.
For libssp_nonshared.a, steal stack_protector_compat.c from
^/lib/libc/secure and massage it to maintain that __stack_chk_fail_local
is a hidden symbol.
libssp is now built unconditionally regardless of {WITH,WITHOUT}_SSP in the
build environment, and the gcclibs version has been disconnected from the
build in favor of this one.
PR: 242950 (exp-run)
Reviewed by: kib, emaste, pfg, Oliver Pinter (earlier version)
Also discussed with: kan
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D22943
Kyle Evans [Sat, 4 Jan 2020 20:07:11 +0000 (20:07 +0000)]
ssp: knock out some trivial warnings that come up with WARNS=6
A future commit will rebuild this as part of libssp. The exact warnings are
fairly trivially fixed:
- No previous declaration for __stack_chk_guard
- idx is the wrong type, nitems yields a size_t
- Casting away volatile on the tmp_stack_chk_guard directly is a no-no.
Alan Cox [Sat, 4 Jan 2020 19:50:25 +0000 (19:50 +0000)]
When a copy-on-write fault occurs, pmap_enter() is called on to replace the
mapping to the old read-only page with a mapping to the new read-write page.
To destroy the old mapping, pmap_enter() must destroy its page table and PV
entries and invalidate its TLB entry. This change simply invalidates that
TLB entry a little earlier, specifically, on amd64 and arm64, before the PV
list lock is held.
Jeff Roberson [Sat, 4 Jan 2020 19:29:25 +0000 (19:29 +0000)]
Fix an assertion introduced in r356348. On architectures without
UMA_MD_SMALL_ALLOC vmem has a more complicated startup sequence that
violated the new assert. Resolve this by rewriting the COLD asserts to
look at the per-cpu allocation counts for evidence of api activity.
Jeff Roberson [Sat, 4 Jan 2020 18:48:13 +0000 (18:48 +0000)]
UMA NUMA flag day. UMA_ZONE_NUMA was a source of confusion. Make the names
more consistent with other NUMA features as UMA_ZONE_FIRSTTOUCH and
UMA_ZONE_ROUNDROBIN. The system will now pick a select a default depending
on kernel configuration. API users need only specify one if they want to
override the default.
Remove the UMA_XDOMAIN and UMA_FIRSTTOUCH kernel options and key only off
of NUMA. XDOMAIN is now fast enough in all cases to enable whenever NUMA
is.
Jeff Roberson [Sat, 4 Jan 2020 07:56:28 +0000 (07:56 +0000)]
Sort cross-domain frees into per-domain buckets before inserting these
onto their respective bucket lists. This is a several order of magnitude
improvement in contention on the keg lock under heavy free traffic while
requiring only an additional bucket per-domain worth of memory.
Jeff Roberson [Sat, 4 Jan 2020 03:30:08 +0000 (03:30 +0000)]
Use per-domain keg locks. This provides both a lock and separate space
accounting for each NUMA domain. Independent keg domain locks are important
with cross-domain frees. Hashed zones are non-numa and use a single keg
lock to protect the hash table.
Jeff Roberson [Sat, 4 Jan 2020 03:15:34 +0000 (03:15 +0000)]
Use a separate lock for the zone and keg. This provides concurrency
between populating buckets from the slab layer and fetching full buckets
from the zone layer. Eliminate some nonsense locking patterns where
we lock to fetch a single variable.
Jeff Roberson [Sat, 4 Jan 2020 03:04:46 +0000 (03:04 +0000)]
Use atomics for the zone limit and sleeper count. This relies on the
sleepq to serialize sleepers. This patch retains the existing sleep/wakeup
paradigm to limit 'thundering herd' wakeups. It resolves a missing wakeup
in one case but otherwise should be bug for bug compatible. In particular,
there are still various races surrounding adjusting the limit via sysctl
that are now documented.
John Baldwin [Fri, 3 Jan 2020 23:31:38 +0000 (23:31 +0000)]
Set correct lib32 MACHINE_ARCH for mips64el*.
Use "mipsel" instead of "mips" as the 32-bit MACHINE_ARCH when
building lib32 for little-endian 64-bit MIPS targets. This fixes an
error where some objects were compiled as LE and others compiled as BE
causing a link error for rtld32.
Dimitry Andric [Fri, 3 Jan 2020 20:29:54 +0000 (20:29 +0000)]
Merge commit 189b7393d from llvm git (by John Baldwin):
[lld][RISCV] Use an e_flags of 0 if there are only binary input files.
Summary:
If none of the input files are ELF object files (for example, when
generating an object file from a single binary input file via "-b
binary"), use a fallback value for the ELF header flags instead of
crashing with an assertion failure.
Dimitry Andric [Fri, 3 Jan 2020 20:28:06 +0000 (20:28 +0000)]
Merge commit d7be3eab5 from llvm git (by Luís Marques):
[RISCV] Handle fcopysign(f32, f64) and fcopysign(f64, f32)
Summary: Adds tablegen patterns to explicitly handle fcopysign where
the magnitude and sign arguments have different types, due to the
sign value casts being removed the by DAGCombiner. Support for RV32IF
follows in a separate commit. Adds tests for all relevant scenarios
except RV32IF.
Dimitry Andric [Fri, 3 Jan 2020 20:19:17 +0000 (20:19 +0000)]
Merge commit c6b09bff5 from llvm git (by Luís Marques):
[RISCV] Fix wrong CFI directives
Summary: Removes CFI CFA directives that could incorrectly propagate
beyond the basic block they were inteded for. Specifically it removes
the epilogue CFI directives. See the branch_and_tail_call test for an
example of the issue. Should fix the stack unwinding issues caused by
the incorrect directives.
Dimitry Andric [Fri, 3 Jan 2020 20:11:40 +0000 (20:11 +0000)]
Merge commit da7b129b1 from llvm git (by James Clarke):
[RISCV] Don't force Local Exec TLS for non-PIC
Summary:
Forcing Local Exec TLS requires the use of copy relocations. Copy
relocations need special handling in the runtime linker when being
used against TLS symbols, which is present in glibc, but not in
FreeBSD nor musl, and so cannot be relied upon. Moreover, copy
relocations are a hack that embed the size of an object in the ABI
when it otherwise wouldn't be, and break protected symbols (which are
expected to be DSO local), whilst also wasting space, thus they
should be avoided whenever possible. As discussed in D70398, RISC-V
should move away from forcing Local Exec, and instead use Initial
Exec like other targets, with possible linker relaxation to follow.
The RISC-V GCC maintainers also intend to adopt this
more-conventional behaviour (see
https://github.com/riscv/riscv-elf-psabi-doc/issues/122).
The reason seems to be that in RISCVAsmBackend::shouldForceRelocation
we only consider the fragment but in RISCVMCExpr::evaluatePCRelLo we
consider the section. This usually works but there are cases where
the section may still be the same but the fragment may be another
one. In that case we end forcing a %pcrel_lo relocation without any
%pcrel_hi.
This patch makes RISCVAsmBackend::shouldForceRelocation use the
section, if any, to determine if the relocation must be forced or
not.