Ian Lepore [Wed, 25 Dec 2019 17:26:51 +0000 (17:26 +0000)]
For riscv kernel builds, add -N to LDFLAGS instead of replacing the
SYSTEM_LD variable. This avoids duplicating the contents of SYSTEM_LD
from kern.pre.mk just to add the -N flag to it. If the basic linker command
ever needs to be changed, this will be one less place that has to be found
and fixed.
Some testing by kp@ indicates that the -N flag may not be needed at all,
so a comment to that effect is also added, and the -N flag may be removed
in a followup commit.
Kyle Evans [Wed, 25 Dec 2019 15:55:45 +0000 (15:55 +0000)]
atkbdc: use proper pointer type for KBDC
Proper locking for atkbdc will likely replace the kbdc_lock mechanism
entirely with a mutex in atkbdc_softc, so that other consumers can also
properly ensure locking protocol is followed (e.g. psm.c:doinitialize).
The first step to doing this neatly is making KBDC less opaque so that
others don't have to jump through weird casting hoops to address the mutex.
No functional change intended; this diff effectively just removes a bunch of
casting. A future change may remove the KBDC typedef entirely and just opt
for using `atkbdc_softc_c *` directly, but this was decidedly a good
intermediate step to make these changes simple to audit.
Rick Macklem [Wed, 25 Dec 2019 01:15:38 +0000 (01:15 +0000)]
Fix nfsmount() so that it will return NFSERR_MINORVERMISMATCH.
If nfsrpc_getdirpath() returns NFSERR_MINORVERMISMATCH, it would erroneously
get mapped to EIO. This was not particularily harmful, but would make it
hard for sysadmins to diagnose why an NFSv4 mount is failing.
mount_nfs.c still needs to be fixed so that it does not report
NFSERR_MINORVERMISMATCH as an unknown error 10021.
Kirk McKusick [Tue, 24 Dec 2019 23:03:12 +0000 (23:03 +0000)]
When running fsck_ffs manually, do not ask:
USE JOURNAL? [yn]
when the journal timestamp does not match the filesystem mount time
as we are just going to print an error and fall through to a full fsck.
Instead, just run a full fsck.
Requested by: Bjoern A. Zeeb (bz)
MFC after: 7 days
Brandon Bergren [Tue, 24 Dec 2019 20:13:29 +0000 (20:13 +0000)]
[PowerPC] Define powerpc IFUNC kernel/userspace ABI.
This is a prerequisite for anything IFUNC in the ELFv2 / clang switch.
Since probing cpu info on powerpc is a privileged operation, define that we
pass AT_HWCAP / AT_HWCAP2 through as cpu_features and cpu_features2 to ifunc
resolvers.
This is particularly important when dealing with non-PLT GNU IFUNC, which is
not allowed to PLT call from resolvers and therefore can't access global
variables.
The naming convention "cpu_features"/"cpu_features2" is an existing FreeBSD
PowerPC convention and matches the way we treat these variables in
machine/cpu.h.
The underlying variables are u_long, however, as per the commit message for
r332868, only the low 32 bits are ever used, so the underlying flags are
compatible across all of PowerPC.
The resolver prototype is defined to reserve the maximum number of
register-passed parameters the various PowerPC ABIs allow. This leaves
plenty of room for growth without needing to resort to passing via the
stack in the future.
Brandon Bergren [Tue, 24 Dec 2019 16:52:10 +0000 (16:52 +0000)]
Unbreak build. It seems that mips and amd64 still pull in link_elf.c, so
we need to have elf_cpu_parse_dynamic() everywhere after all to avoid
an undefined symbol.
Conrad Meyer [Tue, 24 Dec 2019 16:19:33 +0000 (16:19 +0000)]
sleep(9), sleepqueue(9): const'ify wchan pointers
_sleep(9), wakeup(9), sleepqueue(9), et al do not dereference or modify the
channel pointers provided in any way; they are merely used as intptrs into a
dictionary structure to match waiters with wakers. Correctly annotate this
such that _sleep() and wakeup() may be used on const pointers without
invoking ugly patterns like __DECONST(). Plumb const through all of the
underlying sleepqueue bits.
Brandon Bergren [Tue, 24 Dec 2019 16:13:15 +0000 (16:13 +0000)]
[PowerPC] powerpc32 rtld IFUNC handling code
As PowerPC is moving to clang, we can finally start taking advantage of
IFUNC.
Implement the MD parts of IFUNC handling for rtld.
Currently, it is necessary to look for R_PPC_IRELATIVE in the PLT in
addition to RELA. This is an ABI violation, but LLD9 has some .iplt bugs
that require this as a workaround.
Brandon Bergren [Tue, 24 Dec 2019 16:07:35 +0000 (16:07 +0000)]
[PowerPC] powerpc64 rtld IFUNC handling code
As PowerPC is moving to clang, we can finally start taking advantage of
IFUNC.
Implement the MD parts of IFUNC handling for rtld.
Currently, it is necessary to look for R_PPC_IRELATIVE in the PLT in
addition to RELA. This is an ABI violation, but LLD9 has some .iplt bugs
that require this as a workaround.
Justin Hibbits [Tue, 24 Dec 2019 16:03:33 +0000 (16:03 +0000)]
[PowerPC64] Use ld.bfd to build LIB32 and STAND - when using llvm
Summary:
This patch is to support ongoing work for replacing "GCC/BFD" by "CLANG/LLD" on
target PowerPC64 [1], by proposing a way to specify and/or locate a secondary
ld.bfd linker.
This is necessary as LLD currently doesn't support PowerPC 32 bits, so we keep
using BFD for the 32 bit stuff on PowePC64(LIB32 compatibility and
STAND/slof/loader.)
- creates LD_BFD variable pointing to ld.bfd
- use LD_BFD as linker for LIB32/compat
- Default behavior for other platforms aren't changed.
Brandon Bergren [Tue, 24 Dec 2019 15:56:24 +0000 (15:56 +0000)]
[PowerPC] Implement Secure-PLT jump table processing for ppc32.
Due to clang and LLD's tendency to use a PLT for builtins, and as they
don't have full support for EABI, we sometimes have to deal with a PLT in
.ko files in a clang-built kernel.
As such, augment the in-kernel linker to support jump table processing.
As there is no particular reason to support lazy binding in kernel modules,
only implement Secure-PLT immediate binding.
As part of these changes, add elf_cpu_parse_dynamic() to the MD API of the
in-kernel linker (except on platforms that use raw object files.)
The new function will allow MD code to act on MD tags in _DYNAMIC.
Use this new function in the PowerPC MD code to ensure BSS-PLT modules using
PLT will be rejected during insertion, and to poison the runtime resolver to
ensure we get a clear panic reason if a call is made to the resolver.
Scott Long [Tue, 24 Dec 2019 14:48:46 +0000 (14:48 +0000)]
Introduce the concept of busdma tag templates. A template can be allocated
off the stack, initialized to default values, and then filled in with
driver-specific values, all without having to worry about the numerous
other fields in the tag. The resulting template is then passed into
busdma and the normal opaque tag object created. See the man page for
details on how to initialize a template.
Templates do not support tag filters. Filters have been broken for many
years, and only existed for an ancient make/model of hardware that had a
quirky DMA engine. Instead of breaking the ABI/API and changing the
arugment signature of bus_dma_tag_create() to remove the filter arguments,
templates allow us to ignore them, and also significantly reduce the
complexity of creating and managing tags.
Conrad Meyer [Tue, 24 Dec 2019 06:08:29 +0000 (06:08 +0000)]
kern_synch: Fix some UB
It is UB to evaluate pointer comparisons when pointers do not point within
the same object. Instead, convert the pointers to numbers and compare the
numbers.
Conrad Meyer [Tue, 24 Dec 2019 01:47:08 +0000 (01:47 +0000)]
gpart(8): ms-basic-data is used for exFAT on GPT
Be explicit about it; the first mention of exFAT is for the MBR type 'ntfs',
and the reader must work back from there to the GPT type and infer that a
reference to MBR ntfs type means ms-basic-data is canonical for exFAT.
(It'd also be great if gpart had convenient aliases that did the right
thing for the partition scheme, such as 'ntfs' => ms-basic-data on GPT
schemes or 'exfat' => 'ntfs' in MBR schemes. The tool is also bad about
providing user-meaningful reasons for EINVAL failures.)
Kyle Evans [Mon, 23 Dec 2019 21:46:48 +0000 (21:46 +0000)]
terasic_mtl: kill off final dummy keyboard driver
The rest were removed in r355936, which speculated that the cause of this
phenomenon was due to an inability to have an empty linker set. The comment
included with this one shows that this was, in fact, not the reason.
Regardless, syscons no longer seems to have an issue with not having any
keyboard drivers and in-fact ignores the keyboard probe anyways.
Kyle Evans [Mon, 23 Dec 2019 21:41:04 +0000 (21:41 +0000)]
sc: fix arm/mips/sparc64 MD bits
r356043 missed a couple of references in machdep parts... arguably, these
lines could probably be dropped as the softc is likely still zero'd at this
point.
Kyle Evans [Mon, 23 Dec 2019 21:32:07 +0000 (21:32 +0000)]
syscons: drop keyboard index from softc
Analysis seems to reveal that sc->keyboard >= 0 implies sc->kbd != NULL and
there's no such scenario where sc->kbd is set (and theoretically used to
rebuild sc->keyboard) with the keyboard unavailable.
Drop the index softc. The index is only explicitly needed in few places, in
which case we can just as easily grab it from sc->kbd. There's no need for
keeping sc->kbd and sc->keyboard in sync when it can be readily accomplished
with just the former.
Alexander Motin [Mon, 23 Dec 2019 20:41:55 +0000 (20:41 +0000)]
Make pass(4) handle misaligned buffers of MAXPHYS size.
Since we are already using malloc()+copyin()/copyout() for smaller data
blocks, and since new asynchronous API does it always, I see no reason
to keep this ugly artificial size/alignment limitation in old API.
Tape applications suffer enough from the MAXPHYS limitations by itself,
and additional alignment requirement, often halving effectively usable
block size, does not help.
It would be good to use unmapped I/O here instead, but it require some
HBA drivers polishing first to support non-BIO unmapped buffers.
Do not use waitable allocation of pbuf when creating cluster for write.
Previously just ensuring that we do not sleep when clustering for
md(4) vnode was enough. Now, with the switch of the pbuf allocator to
uma and completely broken per-subsystem pbuf limits, it might cause
unbounded sleep even for non-md(4) vnodes.
Reported and tested by: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D22899
Ian Lepore [Sun, 22 Dec 2019 22:33:22 +0000 (22:33 +0000)]
In gptboot, don't assume a partition number is a single digit, 1-9. GPT
partitions can have 128 partitions, so parse contiguous digits and then
validate that the number is between 1-128 inclusive.
I'm not sure 128 is a hard limit in the GPT standard, but it's the common
number in use, and it's a better upper limit than 9.
Mark Johnston [Sun, 22 Dec 2019 21:56:47 +0000 (21:56 +0000)]
lagg: Clean up handling of the rr_limit option.
- Don't allow an unprivileged user to set the stride. [1]
- Only set the stride under the softc lock.
- Rename the internal fields to accurately reflect their use. Keep
ro_bkt to avoid changing the user API.
- Simplify the implementation. The port index is just sc_seq / stride.
- Document rr_limit in ifconfig.8.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> [1]
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22857
Doug Moore [Sun, 22 Dec 2019 21:53:05 +0000 (21:53 +0000)]
Fix typo using RB_INITIALIZER.
The macro RB_INITIALIZER ignores its argument, but is documented to
require "&head" as argument to initialize "head". So using
"_vm_phys_fictitious_tree" as the argument to initialize
"vm_phys_fictitious_tree" is an inconsequential error, corrected here.
Jeff Roberson [Sun, 22 Dec 2019 20:35:50 +0000 (20:35 +0000)]
Fix a bug introduced in r356002. Prior versions of this patchset had
vm_page_remove() rather than !vm_page_wired() as the condition for free.
When this changed back to wired the busy lock was leaked.
Dimitry Andric [Sun, 22 Dec 2019 11:58:44 +0000 (11:58 +0000)]
Merge commit f97936fab from llvm git (by Eric Fiselier):
[libc++] Cleanup and enable multiple warnings.
Too many warnings are being disabled too quickly. Warnings are
important to keeping libc++ correct. This patch re-enables two
warnings: -Wconstant-evaluated and -Wdeprecated-copy.
In future, all warnings disabled for the test suite should require an
attached bug. The bug should state the plan for re-enabling that
warning, or a strong case why it should remain disabled.
Jeff Roberson [Sun, 22 Dec 2019 06:56:44 +0000 (06:56 +0000)]
Make page busy state deterministic on free. Pages must be xbusy when
removed from objects including calls to free. Pages must not be xbusy
when freed and not on an object. Strengthen assertions to match these
expectations. In practice very little code had to change busy handling
to meet these rules but we can now make stronger guarantees to busy
holders and avoid conditionally dropping busy in free.
Refine vm_page_remove() and vm_page_replace() semantics now that we have
stronger guarantees about busy state. This removes redundant and
potentially problematic code that has proliferated.
Conrad Meyer [Sun, 22 Dec 2019 06:25:20 +0000 (06:25 +0000)]
Add vmgenc(4) driver for ACPI VM generation counter
The VM generation counter is a 128-bit value exposed by the BIOS via ACPI.
The value changes to another unique identifier whenever a VM is duplicated.
Additionally, ACPI provides notification events when such events occur.
The driver decodes the pointer to the UUID, exports the value to userspace
via OPAQUE sysctl blob, and forwards the ACPI notifications in the form of
an EVENTHANDLER invocation as well as userspace devctl events.
See design paper: https://go.microsoft.com/fwlink/p/?LinkID=260709
Conrad Meyer [Sun, 22 Dec 2019 03:19:17 +0000 (03:19 +0000)]
fstyp(8): Show exFAT volume labels with -l flag
exfat is fundamentally the same design as fat32. The superblock differs
marginally, and there are some additional optional features irrelevant to
fstype(8); the structure of dirents has changed slightly to enable, among
other things, larger files; the directory entries are no longer DOS 8.3
ASCII or local 8-bit encoding, but instead explicitly UCS-2-LE.
(As a result, this change uses iconv to convert a found exfat volume label
to the user's locale.)
Locating the volume label is identical to FAT32: locate the root directory
and walk through dirents until you find a volume label. Like FAT32, follow
the FAT chain between root directory clusters as necessary.
PR: 242225
Reported by: Victor Sudakov <vas AT sibptus.ru>
Rick Macklem [Sun, 22 Dec 2019 00:12:22 +0000 (00:12 +0000)]
Update nfsstat to list the NFSv4.2 procedures and operations.
r355677 added NFSv4.2 support to the NFS client and server. It also updated
the nfsstats structure to keep counts for the new procedures (client) and
operations (server) added for NFSv4.2.
This patch updates the "-E" option of nfsstat so that it lists counts for
these new procedures and operations.
Mark Johnston [Sat, 21 Dec 2019 19:04:05 +0000 (19:04 +0000)]
Fix VPO_UNMANAGED handling in vm_page_reclaim_run() after r353540.
When allocating a replacement page we must clear VPO_UNMANAGED since we
only ever reclaim pages from managed objects. vm_page_replace() does
not handle this for us.
Sprinkle some assertions to help catch this sort of issue.
Reported by: pho
Reviewed by: alc, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22868
GCC-9.1 reports following error when trying to compile file
src/malloc_io.c and with CFLAGS='-Werror' :
src/malloc_io.c: In function ‘malloc_vsnprintf’:
src/malloc_io.c:369:2: error: case label value exceeds maximum value for type [-Werror]
369 | case '?' | 0x80: \
| ^~~~
src/malloc_io.c:581:5: note: in expansion of macro ‘GET_ARG_NUMERIC’
581 | GET_ARG_NUMERIC(val, 'p');
| ^~~~~~~~~~~~~~~
...
<snip>
cc1: all warnings being treated as errors
make: *** [Makefile:388: src/malloc_io.sym.o] Error 1
The warning is reported as by default the type 'char' is 'signed char'
and or-ing 0x80 will turn the case label char negative which will be
beyond the printable ascii range (0 - 127).
The patch fixes this by explicitly casting the 'len' variable as
unsigned char' inside the 'switch' statement so that value of
expression " '?' | 0x80 " falls within the legal values of the
variable 'len'.
Ryan Libby [Sat, 21 Dec 2019 02:44:26 +0000 (02:44 +0000)]
libdevdctl: g++9 avoid Wdeprecated-copy
g++9 now warns about having defined an assignment operator but using the
default copy constructor, or vice versa. Avoid the issue in libdevdctl
by just using the default assignment operator too.
Ryan Libby [Sat, 21 Dec 2019 02:43:20 +0000 (02:43 +0000)]
gcc: quiet Wattribute for no_sanitize("address")
This is an unfortunate instance where the __has_attribute check does
not function usefully. Gcc does have the attribute, but for gcc it only
applies to functions, not variables, and trying to apply it to a
variable generates Wattribute. So far we only apply the attribute to
variables. Only enable the attribute for clang, for now.
Reviewed by: Anton Rang <rang at acm.org>
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D22875
Rick Macklem [Fri, 20 Dec 2019 21:45:20 +0000 (21:45 +0000)]
Update the man page to reflect the addition of NFSv4.2 (r355677).
Update all the references to NFSv4.1, so that they apply to NFSv4.1 and
NFSv4.2. Also, change the MDS->DS mounts to use NFSv4.2, so that both
versions of the protocol can be used against the server with pNFS enabled.
Rick Macklem [Fri, 20 Dec 2019 21:41:33 +0000 (21:41 +0000)]
Update the man page to reflect the addition of NFSv4.2 (r355677).
Include references to NFSv4.2 and Flexible File layout, plus clarify
when vfs.nfsd.flexlinuxhack needs to be set for Linux pNFS clients.
Also update the man page to reflect the addition of SpaceUsed to the
attributes stored in the extended attribute on the MDS (r354158).
Conrad Meyer [Fri, 20 Dec 2019 21:11:00 +0000 (21:11 +0000)]
random(4): Flip default Fortuna generator over to Chacha20
The implementation was landed in r344913 and has had some bake time (at
least on my personal systems). There is some discussion of the motivation
for defaulting to this cipher as a PRF in the commit log for r344913.
As documented in that commit, administrators can retain the prior (AES-ICM)
mode of operation by setting the 'kern.random.use_chacha20_cipher' tunable
to 0 in loader.conf(5).
Dimitry Andric [Fri, 20 Dec 2019 20:46:11 +0000 (20:46 +0000)]
Copy llvm vendor/*/dist-release_90 to vendor/llvm-project/release-9.x
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo". That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.
Dimitry Andric [Fri, 20 Dec 2019 20:44:58 +0000 (20:44 +0000)]
Copy llvm vendor/*/dist to vendor/llvm-project/master
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo". That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.
Dimitry Andric [Fri, 20 Dec 2019 19:53:05 +0000 (19:53 +0000)]
Move all sources from the llvm project into contrib/llvm-project.
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo". That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.
Updating the vendor area to match this layout is next.
Kyle Evans [Fri, 20 Dec 2019 17:15:09 +0000 (17:15 +0000)]
vt: store a pointer to the keyboard instead of index
This effectively reverts r355935, but is functionally equivalent. We gain no
benefit from storing the index and repeatedly fetching the keyboard with
`kbd_get_keyboard` when we need it. We'll be notified when it's going away
so we can clean up the pointer.
All existing references were trivially converted. Only once instance
actually needed the index.
Kyle Evans [Fri, 20 Dec 2019 16:22:14 +0000 (16:22 +0000)]
Kill off dummy kbd drivers
As far as I can tell, these are an artifact of times when linker sets
couldn't be empty, otherwise the kernel build would fail due to unresolved
symbols. hselasky fixed this in r268138, and I've audited the kbd portions
to make sure nothing would blow up due to the empty linker set and
successfully compiled+ran a kernel with no keyboard support at all.
Kill them off now since they're no longer required.
Kyle Evans [Fri, 20 Dec 2019 16:20:38 +0000 (16:20 +0000)]
vt: fix post-boot keyboard attachment
With absolutely no keyboards attached and no kbdmux in kernel, we descend
down this error path. 0 is a valid keyboard index, so leaving
vd->vd_keyboard at 0 when there's no keyboard found is objectively wrong as
later attachment of a keyboard will fail -- it gets index 0, and vt thinks
it's already using that keyboard.
This is decidedly the corniest of corner cases, but it's easy enough to get
correct that we should do so.
Tested in a kernel without atkbdc, atkbd, psm, kbdmux, ukbd, hyperv then
loading ukbd post-boot and attaching a usb keyboard.
Conrad Meyer [Fri, 20 Dec 2019 08:31:23 +0000 (08:31 +0000)]
random(4): Fortuna: Enable concurrent generation by default for 13
Flip the knob added in r349154 to "enabled." The commit message from that
revision and associated code comment describe the rationale, implementation,
and motivation for the new default in detail. I have dog-fooded this
configuration on my own systems for six months, for what that's worth.
For end-users: the result is just as secure. The benefit is a faster, more
responsive system when processes produce significant demand on random(4).
As mentioned in the earlier commit, the prior behavior may be restored by
setting the kern.random.fortuna.concurrent_read="0" knob in loader.conf(5).
This scales the random generation side of random(4) somewhat, although there
is still a global mutex being shared by all cores and rand_harvestq; the
situation is generally much better than it was before on small CPU systems,
but do not expect miracles on 256-core systems running 256-thread full-rate
random(4) read. Work is ongoing to address both the generation-side (in
more depth) and the harvest-side scaling problems.
Philip Paeps [Fri, 20 Dec 2019 03:38:21 +0000 (03:38 +0000)]
riscv/sifive: add SiFive FU540 PRCI driver
The SiFive FU540 Power Reset Clocking Interrupt block contains a PLL
that turns the input crystal (33.3MHz) into a 1-1.5GHz clock.
This clock in turn is divided by two to produce the tlclk, which is fed
into devices such as the SPI and I2C controllers.
Register a new clock device for the PRCI so that those devices can
read the correct clock through the clk framework.
Brandon Bergren [Thu, 19 Dec 2019 22:35:16 +0000 (22:35 +0000)]
[PowerPC] Only move linker sets to .data on ELFv1
In r268055, powerpc64 was special cased regarding linker sets to not mark
the function pointer as 'const'.
This appears to have been done to ensure the compiler generates the function
descriptors correctly. When non-const, the function descriptors will end up
in the .data.rel.local section, and the linker set symbols will get
relocations pointing to them there.
Since function pointers on ELFv2 are "just" pointers like other platforms,
we can leave them const like they are on every other platform.