Doug Rabson [Thu, 17 Nov 2022 10:48:20 +0000 (10:48 +0000)]
imgact_binmisc: Optionally pre-open the interpreter vnode
This allows the use of chroot and/or jail environments which depend on
interpreters registed with imgact_binmisc to use emulator binaries from
the host to emulate programs inside the chroot.
Ed Maste [Mon, 2 Mar 2020 17:31:52 +0000 (12:31 -0500)]
Add deprecation notices to ce,cp sync serial drivers
And the related sconfig utility. Sync serial (e.g. E1/T1) interfaces
are obsolete, and nobody responded to several inquires on the mailing
lists about use of these drivers.
Relnotes: Yes
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23928
John Baldwin [Wed, 26 Oct 2022 21:22:56 +0000 (14:22 -0700)]
vmm: Fix AP startup with old userspace binaries.
Older binaries that do not request IPI exits to userspace do not
start user threads for other vCPUs until a STARTUP IPI triggers a
VM_EXITCODE_SPINUP_AP exit to userland. This means that those vcpus
are not yet active (in terms of vm_active_cpus) when the INIT and
STARTUP IPIs are delivered to the vCPUs.
The changes in commit 0bda8d3e9f7a changed the INIT and STARTUP IPIs
to reuse the existing vlapic_calcdest() function. This function
silently ignores IPIs sent to inactive vCPUs. As a result, when using
an old bhyve binary, the INIT and STARTUP IPIs sent to wakeup APs were
ignored.
To fix, restructure the compat code for the INIT and STARTUP IPIs to
ignore the results of vlapic_calcdest() and manually parse the APIC ID
and resulting vcpuid. As part of this, make the compat code always
conditonal on the ipi_exit capability being disabled.
Corvin Köhne [Wed, 12 Oct 2022 09:19:32 +0000 (11:19 +0200)]
vmm: validate icr value
Not all combinations of icr values are allowed. Neither Intel nor AMD
document what happens when an invalid value is written to the icr.
Ignore the IPI. So, the guest will note that the IPI wasn't delivered.
Corvin Köhne [Mon, 10 Oct 2022 12:56:00 +0000 (14:56 +0200)]
vmm: increase vlapic version
Mac os panics on apic versions lower than 0x14.
See https://opensource.apple.com/source/xnu/xnu-7195.81.3/osfmk/i386/lapic_native.c.auto.html
Additionally, an upcoming commit will validate the icr values written by
the guest. Older intel processors allow some different combinations than
the newer ones. AMD documents that only the newer combinations are
allowed. So, bumping the version allows us to avoid a differentiation
between AMD and Intel.
Intel documents that newer processors than the P6 are using the new
combinations. Sadly, Intel does not document which apic version belongs
to those processors. Linux identifies newer apics by a version larger or
equal to 0x14. Intel and AMD allow apic version between 0x10 and 0x15.
So, using 0x14 seems to be fine.
Mark Johnston [Wed, 14 Dec 2022 14:32:17 +0000 (09:32 -0500)]
sys/conf: Remove an unneeded flag variable
After commit fac6dee9eb58 ("Remove tests for obsolete compilers in the
build system"), we always set -fdebug-prefix-map, so there's no point in
defining and testing _MAP_DEBUG_PREFIX. No functional change intended.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Doug Moore [Mon, 19 Dec 2022 22:03:13 +0000 (16:03 -0600)]
rb_tree: fix stable/13 linux/rbtree.h post ABI fix
Rearranging the left, right, and parent pointers for backward
compatibility with stable/13 in d8a88ec381498f5942403088d28ee325b92e9a78 is incomplete because it does
not change linux/rbtree.h so that it too knows how rb_left and
rb_right are redefined. So complete it.
Mark Johnston [Sun, 11 Dec 2022 16:40:12 +0000 (11:40 -0500)]
bridge: Fix a potential memory leak in bridge_enqueue()
A comment at the beginning of the function notes that we may be
transmitting multiple fragments as distinct packets. So, the function
loops over all fragments, transmitting each mbuf chain. If if_transmit
fails, we need to free all of the fragments, but m_freem() only frees an
mbuf chain - it doesn't follow m_nextpkt.
Change the error handler to free each untransmitted packet fragment, and
count each fragment as a separate error since we increment OPACKETS once
per fragment when transmission is successful.
Mark Johnston [Sun, 11 Dec 2022 16:27:22 +0000 (11:27 -0500)]
libdtrace: Change the binding of USDT probe symbols to STB_WEAK
Otherwise, if multiple object files contain references to the same
probe, newish lld will refuse to link them by default, raising a
duplicate global symbol definition error. Previously, duplicate global
symbols with identical absolute st_values were permitted by both lld and
GNU ld.
Since dtrace has no use for probe function symbols after the relocation
performed by dtrace -G, make the symbols weak as well, following a
suggestion from MaskRay.
Reported by: dim
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Rick Macklem [Sun, 13 Nov 2022 20:16:06 +0000 (12:16 -0800)]
rpcb_clnt.c: Do not force use of UDP
Without this patch, the code in the rpcbind client forces
the use of UDP. A comment notes that some rpcbind servers
only support UDP. This makes NFSv3 mounts to Azure servers
impossible, since they require use of TCP for rpcbind.
Since the comment is very old (imported from NetBSD in 2001)
and I do not believe any UDP only rpcbind servers will
still exist, this patch comments out the code that forces
use of UDP, so that NFSv3 mounts to Azure servers can work.
For an NFSv3 mount, the "udp" mount option will still
make mount_nfs use UDP for rpcbind so that can be used
as a workaround for any old NFSv3 server that only
supports rpcbind over UDP (if any such server still exists).
I asked if doing this change is appropriate on freebsd-fs@
and I only got one reply (off list) that supported doing
the change.
Ed Maste [Thu, 17 Nov 2022 19:22:33 +0000 (14:22 -0500)]
pkgbase: do not record dependency on non-existent liby package
liby-dev provides (only) liby.a. liby has no headers or man pages, and
there is no liby package. Add a special case to record no dependency on
the package that does not exist.
PR: 266923
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37429
Doug Moore [Fri, 16 Dec 2022 09:15:28 +0000 (03:15 -0600)]
rb_tree: restore binary compat w/ 13
A change to RB_COLOR_INSERT, when merged into stable/13, broke binary
compatibility. For 13, call the new function RB_DO_COLOR_INSERT, and
restore the old function with the original name and parameters. Define
RB_COLOR_INSERT in tree.h, and remove changes to the linux rbtree
header.
Another change altered the order of pointers in the RB_ENTRY struct.
For 13, restore the original order.
Reported by: manu
Reviewed by: hselasky
Tested by: manu
Differential Revision: https://reviews.freebsd.org/D37716
Mark Johnston [Fri, 18 Nov 2022 19:04:19 +0000 (14:04 -0500)]
bhyve: Disable thread safety analysis
The warnings that arise are bogus and have to be muted with
__no_lock_analysis in most cases. As a step towards enabling the
default warning level for bhyve, just disable them.
Mark Johnston [Fri, 18 Nov 2022 19:06:44 +0000 (14:06 -0500)]
bhyve: Address an unused parameter warning in the smbios code
The compiler was warning that the "size" parameter to
smbios_generic_initializer() was unused. This parameter is apparently
used to populate the "maximum structure size" field in the SMBIOS entry
point, but we were always setting it to zero.
Implement it instead in the main loop of the smbios table builder.
Corvin Köhne [Wed, 30 Nov 2022 14:46:19 +0000 (15:46 +0100)]
bhyve: build SPCR ACPI table
OVMF ships some static ACPI tables. This worked in the past but won't
work in the future when we support devices like tpms. They require a TPM
ACPI table. So, we have to dynamically create ACPI tables depending on
the bhyve configuration.
Bhyve has much more information about the system than OVMF. Therefore,
it's easier for bhyve to build up some ACPI tables. For that reason, it
would be much better to use the ACPI tables provided by bhyve instead of
building some tables by OVMF.
At the moment, OVMF always creates a SPCR table. Maybe someone depends
on it. So, we have to build it by bhyve too before we can patch OVMF to
install the tables provided by bhyve.
Cy Schubert [Fri, 9 Dec 2022 14:06:04 +0000 (06:06 -0800)]
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.
Cy Schubert [Thu, 8 Dec 2022 23:22:43 +0000 (15:22 -0800)]
heimdal: Properly ix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
This properly fixes PR/268062 without regressions.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
Eugene Grosbein [Mon, 28 Nov 2022 14:22:39 +0000 (21:22 +0700)]
MFC: pw(8): fix combination of modes -N and -w random
The command "pw usermod nobody -Nw random" (or useradd)
generates random password and prints it in encrypted form
but skips choosen random string that makes not much sense
and contradicts the manual page pw.8
Fix it by showing random password in plain text with -N and
without it equally. Add yet another example of how to generate
pw-style random password.
Wanpeng Qian [Sun, 20 Nov 2022 03:06:36 +0000 (19:06 -0800)]
nvmecontrol: Fix IEEE OUI Identifier output
Current sequence of IEEE OUI Identifier output is wrong.
For Intel, current output is e4 d2 5c, specification is 5CD2E4h
For Samsung, current output is 38 25 00, specification is 002538h
also check with Linux nvme-cli.
Add VM_EXITCODE_IPI to permit returning unhandled IPIs to userland.
INIT and STARTUP IPIs are now returned to userland. Due to backward
compatibility reasons, a new capability is added for enabling
VM_EXITCODE_IPI.
vcpus could be restarted by the guest by sending an INIT SIPI SIPI
sequence to a vcpu. That's not supported by bhyve yet but it will be
supported in a future commit. So, create the vcpu threads only once on
startup to make restarting a vcpu easier.
- Clear CR2, EFER, and R8-15 to zero.
- Reset DR6 and DR7 to their documented reset values.
- Reset interrupt shadow state.
- Document the reason CR0 is reset to a value that doesn't match its
documented value.
On physical systems the ram isn't initialized on boot. So, coreboot uses
the cache as ram in this boot phase. When exiting cache as ram, coreboot
calls INVD for making the cache consistent.
In a virtual environment ram is always initialized and the cache is
always consistent. So, we can safely ignore this call.
Tom Jones [Mon, 10 Oct 2022 13:46:25 +0000 (14:46 +0100)]
acpi: Tell SMM we will handle CPPC notifications
Buggy SMM implementations can hang while processing CPPC notifications.
This leads to some laptops (notably Thinkpads) hanging when the
hwpstate_intel driver is loaded.
Tell the SMM that we will handle CPPC notifications as described in:
Rebecca Cran [Sun, 28 Nov 2021 16:34:33 +0000 (09:34 -0700)]
bhyve: Support a _VARS.fd file for bootrom
OVMF creates two separate .fd files, a _CODE.fd file containing
the UEFI code, and a _VARS.fd file containing a template of an
empty UEFI variable store.
OVMF decides to write variables to the memory range just below the
boot rom code if it detects a CFI flash device. So here we add
just the barest facsimile of CFI command handling to bootrom.c
that is needed to placate OVMF.
Submitted by: D Scott Phillips <d.scott.phillips@intel.com>
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D19976
MFC After: 1 week
Corvin Köhne [Fri, 3 Jun 2022 14:20:45 +0000 (16:20 +0200)]
linuxkpi/dmi: don't match exactly on DMI_MATCH
Linux has two defines to check dmi data. DMI_MATCH checks if the dmi
string includes substr. DMI_EXACT_MATCH checks if the dmi string exactly
matches substr. Compat layer should have the same behaviour.
The new definition of dmi_strmatch shouldn't break any driver. A driver
would break if it uses the highest bit of the slot field. Nevertheless,
linux uses the same definition and FreeBSD uses dmi_field values as slot
which are lower than 128.
Martin Matuska [Tue, 6 Dec 2022 18:40:45 +0000 (19:40 +0100)]
zfs: merge openzfs/zfs@21bd76613 (zfs-2.1-release) into stable/13
OpenZFS release 2.1.7
Notable upstream pull requeset merges:
#13680 Add options to zfs redundant_metadata property
#13782 Fix setting the large_block feature after receiving a snapshot
#13839 quota: extend quota for dataset
#13938 Bring per_txg_dirty_frees_percent back to 30
#13939 Fix panic in dsl_process_sub_livelist for EINTR
#13973 Fix memory leaks in dmu_send()/dmu_send_obj()
#13978 PAM: Fix unchecked return value from zfs_key_config_load()
#13998 zvol_wait logic may terminate prematurely
#14001 FreeBSD: Fix a pair of bugs in zfs_fhtovp()
#14003 Stop ganging due to past vdev write errors
#14050 Fix draid2+2s metadata error on simultaneous 2 drive failures
#14062 zed: Avoid core dump if wholedisk property does not exist
#14077 Propagate extent_bytes change to autotrim thread
#14079 FreeBSD: vn_flush_cached_data: observe vnode locking contract
#14093 Fix ARC target collapse when zfs_arc_meta_limit_percent=100
#14119 Deny receiving into encrypted datasets if the keys are not
loaded
#14120 Fix arc_p aggressive increase
#14129 zed: Prevent special vdev to be replaced by hot spare
#14133 Expose zfs_vdev_open_timeout_ms as a tunable
#14135 FreeBSD: Fix out of bounds read in zfs_ioctl_ozfs_to_legacy()
#14161 Handle and detect #13709's unlock regression
#14197 Don't leak packed recieved proprties
#14204 Lua: Fix bad bitshift in lua_strx2number()
Kyle Evans [Fri, 11 Nov 2022 19:50:29 +0000 (13:50 -0600)]
arm64: add a spin-table implementation for Apple Silicon
The M1 has no EL3, so we're limited to a spin-table implementation if we
want to eventually use bhyve on it. Implement spin-table now, but note
that we still prefer PSCI where possible.
When calling shutdown, shutdown sends a signal to init and exits. This
causes a race condition for the waitpid function. If the signal wins the
race, wpid will be set to -1 and init calls death_single. If shutdown
wins the race, wpid will be set to the pid of the shutdown process and
the requested_transition will be ignored.
Cy Schubert [Thu, 1 Dec 2022 00:11:18 +0000 (16:11 -0800)]
heimdal: Fix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
Mitchell Horne [Fri, 28 Oct 2022 16:28:08 +0000 (13:28 -0300)]
riscv: improve parsing of riscv,isa property strings
This code was originally written under the assumption that the ISA
string would only contain single-letter extensions. The RISC-V
specification has extended its description of the format quite a bit,
allowing for much longer ISA strings containing multi-letter extension
names.
Newer versions of QEMU (7.1.0) will append to the riscv,isa property
indicating the presence of multi-letter standard extensions such as
Zfencei. This triggers a KASSERT about the expected length of the
string, preventing boot.
Increase the size of the isa array significantly, and teach the code
to parse (skip over) multi-letter extensions, and optional extension
version numbers. We currently ignore them completely, but this will
change in the future as we start supporting supervisor-level extensions.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36601
Mitchell Horne [Fri, 11 Nov 2022 18:21:29 +0000 (14:21 -0400)]
ddb(4): misc updates
- Describe optional 'addr' argument to many show commands
- Remove obsolete commands (show cbstat)
- 'show jails' was renamed to 'show prison'
- Remove superfluous commentary about sleepqueues
- Fix an xref to gdb(4)
- Fix issues reported by mandoc -Tlint
- Plus a couple other inaccuracies/inconsistencies
Reviewed by: pauamma, markj, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation (in part)
Differential Revision: https://reviews.freebsd.org/D37332
Mitchell Horne [Tue, 1 Nov 2022 15:15:18 +0000 (12:15 -0300)]
hier(7): remove text describing /usr/src layout
It poses a maintenance burden, since much of the information is
duplicated in the src tree's README.md file. Readers who are interested
enough in learning about the structure of the src tree can download it,
or browse the README online. Have hier(7) just point them there instead.
Corvin Köhne [Wed, 16 Nov 2022 08:15:12 +0000 (09:15 +0100)]
bhyve: make basl_table_add_* functions public
The code will be more readable if we use struct definitions from ACPI-CA
to build ACPI tables. We can fill out the struct and append it to the
basl_table by using basl_table_append_bytes. After that, we have to
declare which checksums, length and pointers should be patched by basl.
That's done by the add_* functions.
Mike Karels [Wed, 2 Nov 2022 15:59:09 +0000 (10:59 -0500)]
fetch: support EAI_ADDRFAMILY error, correct two error messages
With the change to return EAI_ADDRFAMILY from getaddrinfo(), fetch
would print "Unknown resolver error" for that error. Add that error
and its string to libfetch's table, using an #ifdef just in case.
Correct error strings for EAI_NODATA (although it is currently unused)
and EAI_NONAME. Should maybe rework the code to use gai_strerror(3),
but that doesn't map directly, and the current strings are shortened.
Reviewed in https://reviews.freebsd.org/D37139 with related changes.
Mike Karels [Wed, 2 Nov 2022 15:57:59 +0000 (10:57 -0500)]
getaddrinfo: distinguish missing addrs from unresolvable names
Rework getaddrinfo(3) to return different error values for unresolvable
names (same as before, EAI_NONAME) and those without a requested addr
(EAI_ADDRFAMILY) when using DNS. This is implemented via an added
error in the nsswitch layer, NS_ADDRFAMILY, which is used only by
getaddrinfo(). The error is passed through nsdispatch(3), but that
routine has no changes to handle this error. The error originates in
the getaddrinfo DNS layer called via nsdispatch(), and is processed
by the search layer that calls nsdispatch().
While here, add a little style to returns near those that were
modified.
Reviewed in https://reviews.freebsd.org/D37139 with related changes.
gai_strerror.c still has messages for EAI_ADDRFAMILY and EAI_NODATA,
but not the man page. Re-add to the man page, and update comments
in the source. Document the errors that are not in RFC 3493 or
POSIX.
Reviewed in https://reviews.freebsd.org/D37139 with related changes.