Gleb Smirnoff [Fri, 3 Feb 2023 19:33:36 +0000 (11:33 -0800)]
tcp: bring comment for tcp_connect() up to date
We no longer use in_pcbbind() since 25102351509. The comment about
truncating old TIME-WAIT describes a code that had been removed back
in 2004 in c94c54e4df9a.
Gleb Smirnoff [Fri, 3 Feb 2023 19:33:36 +0000 (11:33 -0800)]
inpcb: use family specific sockaddr argument for connect functions
Do the cast from sockaddr to either IPv4 or IPv6 sockaddr in the
protocol's pr_connect method and from there on go down the call
stack with family specific argument.
Gleb Smirnoff [Fri, 3 Feb 2023 19:33:36 +0000 (11:33 -0800)]
netinet6: require network epoch for in6_pcbconnect()
This removes recursive epoch entry in the syncache case. Fixes
unprotected access to V_in6_ifaddrhead in in6_pcbladdr(), as
well as access to prison IP address lists. It also matches what
IPv4 in_pcbconnect() does.
Mark Johnston [Fri, 3 Feb 2023 15:54:23 +0000 (10:54 -0500)]
pvclock: Export a vDSO page even without rdtscp available
When the cycle counter is "stable", i.e., synchronized across vCPUs by
the hypervisor, userspace can use a serialized rdtsc instead of relying
on rdtscp, just like the kernel timecounter does. This can be useful
for performance in guests where the hypervisor hides rdtscp for some
reason.
To avoid breaking compatibility with older userspace which expects
rdtscp to be usable when pvclock exports timekeeping info, hide this
feature behind a sysctl.
Reviewed by: kib
Tested by: Shrikanth R Kamath <kshrikanth@juniper.net>
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D38342
Mark Johnston [Fri, 3 Feb 2023 15:53:20 +0000 (10:53 -0500)]
libc: Fall back to rdtsc when using pvclock and rdtscp is not available
In preparation for a follow-up revision wherein kvmclock may export
timekeeping info to userspace even in the absence of AMDID_RDTSCP, fall
back to using rdtsc when rdtscp isn't available. This mimics
pvclock_read_time_info() in the kernel.
Reviewed by: kib
Tested by: Shrikanth R Kamath <kshrikanth@juniper.net>
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D38341
Warner Losh [Fri, 3 Feb 2023 15:41:11 +0000 (08:41 -0700)]
kboot: Keep track of what's used in the segment
Keep track of how much is used in the segment as we allocate it to the
application. Set memsz to 0 first, and increment it as used. Adjust the
bufsz before we call kexec so the kernel copies the right amount (it's
an error for bufsz to be bigger than memsz, so we set them == when we
retrieve the segment). Make sure we round to the page size, otherwise
kexec_load gets cranky.
Warner Losh [Fri, 3 Feb 2023 15:41:03 +0000 (08:41 -0700)]
kboot: Allocate a really big first segment
Allocate a huge segment for the first kexec_load segments. We limit the
lessor of:
allocation to the size of the remaining memory segment
45% of available memory
95% of the memory we can allocate
This allows us to have really large RAM disks. We likely need to limit
this to the amount we actually used, though, since this can be a lot of
memory.
We have to do this complicated calculation for a few reasons: First, we
need 2 copies of the loaded kernel in the memory: The kernel can copy
everything to a temporary buffer. Next, malloc (via mmap) is limited to
a certain amount due to over commit, so we have to not allocate all we
can (only most of what we can).
Warner Losh [Fri, 3 Feb 2023 15:40:45 +0000 (08:40 -0700)]
kboot: Try to read UEFI memory from physical memory on aarch64
Try to open /dev/mem to read in the UEFI memory map. If we can't, then
we'll read it in the trampoline.
Retain reading in /proc/iomem to find reserved areas in Linux. We need
to know them for good places to put the kernel. These are not reflected
in the UEFI memory map. However, we should not adjust the UEFI memory
map since these reserved areas of the Linux kernel are free to be used
once we enter the kexec trampoline...
Warner Losh [Fri, 3 Feb 2023 15:40:30 +0000 (08:40 -0700)]
kboot: Don't need an arch pointer to get segments
There's no need for an arch pointer to get segments. We can call the
routine directly since we don't need this code to be called from
different context where a pointer is needed.
Sponsored by: Netflix
Reviewed by: kevans, andrew
Differential Revision: https://reviews.freebsd.org/D38266
Warner Losh [Fri, 3 Feb 2023 15:40:22 +0000 (08:40 -0700)]
kboot: MI fixups to enable aarch64 booting
A number of bug fixes to loading kernels and modules on aarch64 and amd64.
Fix offset calcuations.
Add a number of debugs, commented out for now (will GC them in the future)
With this, and the MD aarch64 commands, we can linux boot in qemu and on
real hardware.
Warner Losh [Fri, 3 Feb 2023 15:40:13 +0000 (08:40 -0700)]
kboot: Improve amd64 booting
Copy more of the necessary state for FreeBSD to boot:
o Copy EFI memory tables
o Create custom page tables needed for the kernel to find itself
o Simplify the passing of args to the trampoline by putting them
on the stack rather than in dedicated memory.
This is only partially successful... we get only part way through the
amd64 startup code before dying. However, it's much further than before
the changes.
Warner Losh [Fri, 3 Feb 2023 15:40:04 +0000 (08:40 -0700)]
kboot: aarch64 trampoline implementation
Update exec.c (copyied from efi/loader/arch/arm64/exec.c) to allow
execution of aarch64 kernels. This includes a new trampoline code that
handles copying the UEFI memory map, if available from the Linux FDT
provided PA. This is a complete implementation now, able to boot from
the LinuxBoot environment on an aarch64 server that only offers
LinuxBoot (though a workaround for the gicv3 inability to re-init is not
yet in FreeBSD). Many 'fit and finish' issues will be addressed in
subsequent commits.
Warner Losh [Fri, 3 Feb 2023 15:39:46 +0000 (08:39 -0700)]
kboot: aarch64 bi_loadsmap
Since aarch64 is different, it needs a different smap. We first see if
we have the PA of the table from the FDT info. If so, we copy that and
quit. Otherwise, we do the best we can in translating the /proc/iomap
into EFI Memory Table format.
Warner Losh [Fri, 3 Feb 2023 15:39:24 +0000 (08:39 -0700)]
kboot: Define bi_loadsmap for loading memory maps
Each architecture will soon be required to provide this to load memory
maps as metadata for the platforms that require it (or a stub function
for those that don't).
Warner Losh [Fri, 3 Feb 2023 15:39:16 +0000 (08:39 -0700)]
kboot: Call enumerate_memory_arch()
Now that all architectures provide this, enumerate the platform's memory
before we go to interact(). This needs to be done only once, but relies
on our ability to open host: files on some platforms, so it needs to be
done after devinit().
Warner Losh [Fri, 3 Feb 2023 15:39:06 +0000 (08:39 -0700)]
kboot: Update amd64 to use enumerate_memory_arch()
Move memory enumeration to the enumerate_memory_arch(), tweak the code a
bit to make that fit into that framework.
Also fix a bug in the name of the end location. The old code never found
memory (though amd64 doesn't yet work, this lead to using fallback
addresses that were good enough for QEMU...).
We have an odd situation with aarch64 memory enumeration. The fdt that
we can get has a PA of the UEFI memory map, as modified by the current
running Linux kernel so it can retain those pages it needs for EFI and
other services. We have to pass in this EFI tablem but don't have access
to it in the boot loader. We do in the trampoline code, so a forthcoming
commit will copy it there for the kernel to use. All for want of /dev/mem
in the target environment sometimes.
However, we also have to find a place to load the kernel, so we have to
fallback to /proc/iomem when we can't read the UEFI memory map directly
from /dev/mem. It will give us good enough results to do this task. This
table isn't quite suitable to be converted to the EFI table, so we use
both methods. We'll fall back to this method also if there's no EFI
table advertised in the fdt. There's no /sys file on aarch64 that has
this information, hence using the old-style /proc/iomem. We're unlikely
to work if there's no EFI, though.
Note: The underlying Linux mechanism is different than the amd64 method
which seems like it should be MI, but unimplemented on aarch64.
Warner Losh [Fri, 3 Feb 2023 15:38:29 +0000 (08:38 -0700)]
kboot: Add powerpc stub for enumerate_memory_arch()
Add stub for new MI interface for enumerating memory. Right now powerpc
looks in the FDT table at a later point in boot since we don't need to
pass a specific memory table to the kernel. Leave it like that for now,
but note plans for the future.
Warner Losh [Fri, 3 Feb 2023 15:38:14 +0000 (08:38 -0700)]
kboot: Add parsing of /proc/iomem into seg.c
We'll be using this code for most / all of the platforms since iomem is
the only interface that can tell us of the reserved to the linux kernel
areas that we cannot place the new kernel into, but that we are free to
use once we hit trampoline. aarch64 will use this shortly, and similar
code in amd64 will be refactored when I make that platform work.
Warner Losh [Fri, 3 Feb 2023 15:37:53 +0000 (08:37 -0700)]
kboot: Create segment handling code at main level
Create segment handling code up to the top level. Move it all into
seg.c, and make necessary adjustments for it being in a new file,
including inventing print_avail() and first_avail() to print the array
and find the first large enough memory hole. aarch64 will use this,
and I'll refactor the other platforms to use it as I make them work.
Warner Losh [Fri, 3 Feb 2023 15:37:45 +0000 (08:37 -0700)]
kboot: MI part of the memory enumeration code
enumerate_memory_arch is called once early in kboot's startup to allow
us to discover the memory layout, reserved areas, etc of the system
memory. Add the MI interface part of this.
Warner Losh [Fri, 3 Feb 2023 15:37:31 +0000 (08:37 -0700)]
kboot: Probe all disks and partitions for a kernel
Guess where to boot from when bootdev= isn't on the command line or
other config. Search all the disks and partitions for one that looks
like it could be a boot partition (same as we do when probing
zpools). Return the first one we find.
* Fix includes in utils.c, cf. style(9).
* Fix type mismatch: readlink(2) returns ssize_t, not int.
* It is not necessary to set errno to 0 as fts_read(3) already does it.
Toomas Soome [Thu, 2 Feb 2023 14:01:02 +0000 (16:01 +0200)]
efiserialio: use port settings (sio->Mode) for initial setup
Use serial port setup done by system firmware.
ARM64 Hyper-V does hung if we attempt to override the defaults,
therefore we should default to use settings from firmware.
Rick Macklem [Fri, 3 Feb 2023 00:20:58 +0000 (16:20 -0800)]
vfs_export: Add checks for correct prison when updating exports
mountd(8) basically does the following:
getmntinfo()
for each mount
delete_exports
using nmount(2) to do the creation/deletion of individual exports.
For prison0 (and for other prisons if enforce_statfs == 0) getmntinfo()
returns all mount points, including ones being used within other prisons.
This can cause confusion if the same file system is specified in the
exports(5) file for multiple prisons.
This patch adds a perminent identifier to each prison
and marks which prison did the exports in a field of
the mount structure called mnt_exjail. This field can
then be compared to the perminent identifier for the
prison that the thread's credentials is in.
Also required was a new function called prison_isalive_permid()
which returns if the prison is alive, so that the check can be
ignored for prisons that have been removed.
This prepares the system to allow mountd(8) to run in multiple
prisons, including prison0.
Future commits will complete the modifications to allow mountd(8)
to run in vnet prisons. Until then, these changes should not affect
semantics.
Warner Losh [Thu, 2 Feb 2023 21:08:15 +0000 (14:08 -0700)]
kboot: Remove kboot_loadaddr
Turns out that the loadaddr interface is not sufficiently expressive to
do the loading we need to do. Instead, we'll emulate some of its
features with inline math in copyin/copyout.
Warner Losh [Thu, 2 Feb 2023 20:11:57 +0000 (13:11 -0700)]
kboot: Parse memory usage
To properly size segments, we have to know how much memory we have in
the system, as well as how much this process can allocate. Due to our
inability to overcommit, we need to know how much memory is
available. commit_limit is the grand total allowed. committed_as is the
current memory used. mem_avail is what Linux tells us is available. Find
these from /proc/meminfo. We'll use them later to allocate the biggest
possible segment sizes, but for now print the raw numbers.
Warner Losh [Thu, 2 Feb 2023 20:06:24 +0000 (13:06 -0700)]
kboot: For hostfs, return better errors from read, where possible.
Translate the Linux error return from read to a FreeBSD errno. We use a
simplified translation: 1-34 are the same between the systems, so any of
those will be returned directly. All other errno map to EINVAL. This
will suffice for some code that reads /dev/mem in producing the right
diagnostic.
A fully generalized version is much harder. Linux has a number of errno
that don't translate well and has architecture dependent
encodings. Avoid this mess with a simple macro for now. Add comment
explaining why we use the simple method we do.
Sponsored by: Netflix
Reviewed by: kevans, andrew
Differential Revision: https://reviews.freebsd.org/D38265
Warner Losh [Thu, 2 Feb 2023 20:03:28 +0000 (13:03 -0700)]
kboot: Trim initial allocation to 64MB
We only need 64MB to read off ZFS pools. Since Linux doesn't do
ovecommit by default, the extra 64MB is 64MB less we can allocate for
things like RAM disks.
Sponsored by: Netflix
Reviewed by: kevans, andrew
Differential Revision: https://reviews.freebsd.org/D38268
Cy Schubert [Thu, 2 Feb 2023 00:49:08 +0000 (16:49 -0800)]
ipfilter: Fix use after free on packet with broken lengths
Under the scenario with a packet with length of 67 bytes, a header length
using the default of 20 bytes and a TCP data offset (th_off) of 48 will
cause m_pullup() to fail to make sure bytes are arragned contiguously.
m_pullup() will free the mbuf chain and return a null. ipfilter stores
the resultant mbuf address (or the resulting NULL) in its fr_info_t
structure. Unfortuntely the eroneous packet is not flagged for drop.
This results in a kernel page fault at line 410 of sys/netinet/ip_fastfwd.c
as it tries to use a now previously freed, by m_pullup(), mbuf.
timeout(1) is used by /etc/rc.d/zfskeys. Unfortunately, having
timeout(1) installed in /usr/bin causes problems when /usr is an
encrypted ZFS partition.
Implementing timeout(1) in sh(1) is not trivial. A more elegant solution
is to move timeout(1) to /bin so that it is available to early services
in the boot process.
John Baldwin [Thu, 2 Feb 2023 17:23:02 +0000 (09:23 -0800)]
rescue: Fix link order of SSL libraries and fetch.
ld.bfd requires libraries to be linked in order. libssl requires
libcrypto. libfetch requires libssl. To fix the latter, move fetch
up above tar rather than listing the ssl libraries twice.
Reviewed by: delphij
Fixes: ea34aa4780e5 rescue: Add fetch(1) to the rescue tool.
Differential Revision: https://reviews.freebsd.org/D38304
Andrew Turner [Wed, 25 Jan 2023 17:47:39 +0000 (17:47 +0000)]
Read the arm64 far early in el0 exceptions
When handling userspace exceptions on arm64 we need to dereference the
current thread pointer. If this is being promoted/demoted there is a
small window where it will cause another exception to be hit. As this
second exception will set the fault address register we will read the
incorrect value in the userspace exception handler.
Fix this be always reading the fault address before dereferencing the
current thread pointer.
Andrew Turner [Thu, 2 Feb 2023 16:26:25 +0000 (16:26 +0000)]
Limit where we disable the Arm generic timer
Only disable the Arm generic timer on arm64 when entering the kernel
through EL2. There is no guarantee it will be enabled if we are running
under a hypervisor.
Andrew Turner [Mon, 19 Dec 2022 14:19:26 +0000 (14:19 +0000)]
Check for the IORT before adding the ITS driver
Before adding the ITS interrupt controller driver to handle MSI/MSI-X
interrupts check if it is present in the IO Remapping Table (IORT).
If not don't attach as devices expect to use this table to find the
correct MSI interrupt controller.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D37772
Andrew Gallatin [Thu, 2 Feb 2023 15:02:44 +0000 (10:02 -0500)]
ixgbe: Do not count L3/L4 checksum errors as input errors
NIC input errors have traditionally indicated problems at the link
level (crc errors, runts, etc). People tend to build monitoring
infrastructure around such errors in order to monitor for bad network
hardware. When L3/L4 checksum errors are included in the category of
input errors, it breaks such monitoring, as these errors can originate
anywhere on the internet, and do not necessarily indicate faulty
local network hardware.
Dmitry Chagin [Thu, 2 Feb 2023 14:58:07 +0000 (17:58 +0300)]
linux(4): Deduplicate linux_fixup_elf().
Use native routines to fixup initial process stack. On Arm64 linux_elf_fixup() is
noop, as it do the stack fixup (room for argc) in the linux_copyout_strings().
Dmitry Chagin [Thu, 2 Feb 2023 14:58:06 +0000 (17:58 +0300)]
linux(4): Use COMPAT_LINUX32 enstead of __ELF_WORD_SIZE.
COMPAT_LINUX32 option is defined for case when building 32-bit Linuxulator
for the 64-bit host. Usage of __ELF_WORD_SIZE is wrong here as it is equal to 32
on i386 too.
* The allocated buffer is only used in the fallback case, so move it
there. The argument for passing it in from the caller was that if
malloc(3) were to fail, we'd want it to fail before we started
copying anything, but firstly, it was already not in the right place
to ensure that, and secondly, malloc(3) never fails (except in very
contrived circumstances, such as an unreasonable RLIMIT_AS or
RLIMIT_DATA).
* Remove the mmap(2) option. It is almost never beneficial,
especially when the alternative is copy_file_range(2), and it adds
needless complexity and indentation.
Rick Macklem [Thu, 2 Feb 2023 00:02:20 +0000 (16:02 -0800)]
prison_check_nfsd: Add check for enforce_statfs != 0
Since mountd(8) will not be able to do exports
when running in a vnet prison if enforce_statfs is
set to 0, add a check for this to prison_check_nfsd().
When __thr_pshared_offpage() is called for allocation, it must not use
the cached offpage for the key. Instead, the cached offpage must be
unmapped and removed from the cache, if any.
It is legitimate for the user code to unmap the shared lock object without
destroying it, and then mapping something over the freed VA to carry
another shared lock. In this case the cached offpage must be un-cached.
PR: 269277
Reported by: rau8344@gmail.com
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D38345
Gleb Smirnoff [Wed, 1 Feb 2023 21:03:10 +0000 (13:03 -0800)]
sockets: in sousrsend() pass down the error to aio(4)
This somewhat undermines the initial goal of sousrsend() to have all
the special error handling for a write on a socket in a single place.
The aio(4) needs to see EWOULDBLOCK to re-schedule the job. Because
aio(4) handles return from soreceive() and sousrsend() with the same
code, we can't check for (error == 0 && done < job_nbytes). Keeping
this exclusion for aio(4) seems a lesser evil.