ian [Sun, 22 Dec 2019 22:33:22 +0000 (22:33 +0000)]
In gptboot, don't assume a partition number is a single digit, 1-9. GPT
partitions can have 128 partitions, so parse contiguous digits and then
validate that the number is between 1-128 inclusive.
I'm not sure 128 is a hard limit in the GPT standard, but it's the common
number in use, and it's a better upper limit than 9.
markj [Sun, 22 Dec 2019 21:56:47 +0000 (21:56 +0000)]
lagg: Clean up handling of the rr_limit option.
- Don't allow an unprivileged user to set the stride. [1]
- Only set the stride under the softc lock.
- Rename the internal fields to accurately reflect their use. Keep
ro_bkt to avoid changing the user API.
- Simplify the implementation. The port index is just sc_seq / stride.
- Document rr_limit in ifconfig.8.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> [1]
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22857
dougm [Sun, 22 Dec 2019 21:53:05 +0000 (21:53 +0000)]
Fix typo using RB_INITIALIZER.
The macro RB_INITIALIZER ignores its argument, but is documented to
require "&head" as argument to initialize "head". So using
"_vm_phys_fictitious_tree" as the argument to initialize
"vm_phys_fictitious_tree" is an inconsequential error, corrected here.
jeff [Sun, 22 Dec 2019 20:35:50 +0000 (20:35 +0000)]
Fix a bug introduced in r356002. Prior versions of this patchset had
vm_page_remove() rather than !vm_page_wired() as the condition for free.
When this changed back to wired the busy lock was leaked.
dim [Sun, 22 Dec 2019 11:58:44 +0000 (11:58 +0000)]
Merge commit f97936fab from llvm git (by Eric Fiselier):
[libc++] Cleanup and enable multiple warnings.
Too many warnings are being disabled too quickly. Warnings are
important to keeping libc++ correct. This patch re-enables two
warnings: -Wconstant-evaluated and -Wdeprecated-copy.
In future, all warnings disabled for the test suite should require an
attached bug. The bug should state the plan for re-enabling that
warning, or a strong case why it should remain disabled.
jeff [Sun, 22 Dec 2019 06:56:44 +0000 (06:56 +0000)]
Make page busy state deterministic on free. Pages must be xbusy when
removed from objects including calls to free. Pages must not be xbusy
when freed and not on an object. Strengthen assertions to match these
expectations. In practice very little code had to change busy handling
to meet these rules but we can now make stronger guarantees to busy
holders and avoid conditionally dropping busy in free.
Refine vm_page_remove() and vm_page_replace() semantics now that we have
stronger guarantees about busy state. This removes redundant and
potentially problematic code that has proliferated.
cem [Sun, 22 Dec 2019 06:25:20 +0000 (06:25 +0000)]
Add vmgenc(4) driver for ACPI VM generation counter
The VM generation counter is a 128-bit value exposed by the BIOS via ACPI.
The value changes to another unique identifier whenever a VM is duplicated.
Additionally, ACPI provides notification events when such events occur.
The driver decodes the pointer to the UUID, exports the value to userspace
via OPAQUE sysctl blob, and forwards the ACPI notifications in the form of
an EVENTHANDLER invocation as well as userspace devctl events.
See design paper: https://go.microsoft.com/fwlink/p/?LinkID=260709
cem [Sun, 22 Dec 2019 03:19:17 +0000 (03:19 +0000)]
fstyp(8): Show exFAT volume labels with -l flag
exfat is fundamentally the same design as fat32. The superblock differs
marginally, and there are some additional optional features irrelevant to
fstype(8); the structure of dirents has changed slightly to enable, among
other things, larger files; the directory entries are no longer DOS 8.3
ASCII or local 8-bit encoding, but instead explicitly UCS-2-LE.
(As a result, this change uses iconv to convert a found exfat volume label
to the user's locale.)
Locating the volume label is identical to FAT32: locate the root directory
and walk through dirents until you find a volume label. Like FAT32, follow
the FAT chain between root directory clusters as necessary.
PR: 242225
Reported by: Victor Sudakov <vas AT sibptus.ru>
rmacklem [Sun, 22 Dec 2019 00:12:22 +0000 (00:12 +0000)]
Update nfsstat to list the NFSv4.2 procedures and operations.
r355677 added NFSv4.2 support to the NFS client and server. It also updated
the nfsstats structure to keep counts for the new procedures (client) and
operations (server) added for NFSv4.2.
This patch updates the "-E" option of nfsstat so that it lists counts for
these new procedures and operations.
markj [Sat, 21 Dec 2019 19:04:05 +0000 (19:04 +0000)]
Fix VPO_UNMANAGED handling in vm_page_reclaim_run() after r353540.
When allocating a replacement page we must clear VPO_UNMANAGED since we
only ever reclaim pages from managed objects. vm_page_replace() does
not handle this for us.
Sprinkle some assertions to help catch this sort of issue.
Reported by: pho
Reviewed by: alc, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D22868
GCC-9.1 reports following error when trying to compile file
src/malloc_io.c and with CFLAGS='-Werror' :
src/malloc_io.c: In function ‘malloc_vsnprintf’:
src/malloc_io.c:369:2: error: case label value exceeds maximum value for type [-Werror]
369 | case '?' | 0x80: \
| ^~~~
src/malloc_io.c:581:5: note: in expansion of macro ‘GET_ARG_NUMERIC’
581 | GET_ARG_NUMERIC(val, 'p');
| ^~~~~~~~~~~~~~~
...
<snip>
cc1: all warnings being treated as errors
make: *** [Makefile:388: src/malloc_io.sym.o] Error 1
The warning is reported as by default the type 'char' is 'signed char'
and or-ing 0x80 will turn the case label char negative which will be
beyond the printable ascii range (0 - 127).
The patch fixes this by explicitly casting the 'len' variable as
unsigned char' inside the 'switch' statement so that value of
expression " '?' | 0x80 " falls within the legal values of the
variable 'len'.
rlibby [Sat, 21 Dec 2019 02:44:26 +0000 (02:44 +0000)]
libdevdctl: g++9 avoid Wdeprecated-copy
g++9 now warns about having defined an assignment operator but using the
default copy constructor, or vice versa. Avoid the issue in libdevdctl
by just using the default assignment operator too.
rlibby [Sat, 21 Dec 2019 02:43:20 +0000 (02:43 +0000)]
gcc: quiet Wattribute for no_sanitize("address")
This is an unfortunate instance where the __has_attribute check does
not function usefully. Gcc does have the attribute, but for gcc it only
applies to functions, not variables, and trying to apply it to a
variable generates Wattribute. So far we only apply the attribute to
variables. Only enable the attribute for clang, for now.
Reviewed by: Anton Rang <rang at acm.org>
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D22875
rmacklem [Fri, 20 Dec 2019 21:45:20 +0000 (21:45 +0000)]
Update the man page to reflect the addition of NFSv4.2 (r355677).
Update all the references to NFSv4.1, so that they apply to NFSv4.1 and
NFSv4.2. Also, change the MDS->DS mounts to use NFSv4.2, so that both
versions of the protocol can be used against the server with pNFS enabled.
rmacklem [Fri, 20 Dec 2019 21:41:33 +0000 (21:41 +0000)]
Update the man page to reflect the addition of NFSv4.2 (r355677).
Include references to NFSv4.2 and Flexible File layout, plus clarify
when vfs.nfsd.flexlinuxhack needs to be set for Linux pNFS clients.
Also update the man page to reflect the addition of SpaceUsed to the
attributes stored in the extended attribute on the MDS (r354158).
cem [Fri, 20 Dec 2019 21:11:00 +0000 (21:11 +0000)]
random(4): Flip default Fortuna generator over to Chacha20
The implementation was landed in r344913 and has had some bake time (at
least on my personal systems). There is some discussion of the motivation
for defaulting to this cipher as a PRF in the commit log for r344913.
As documented in that commit, administrators can retain the prior (AES-ICM)
mode of operation by setting the 'kern.random.use_chacha20_cipher' tunable
to 0 in loader.conf(5).
dim [Fri, 20 Dec 2019 20:46:11 +0000 (20:46 +0000)]
Copy llvm vendor/*/dist-release_90 to vendor/llvm-project/release-9.x
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo". That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.
dim [Fri, 20 Dec 2019 19:53:05 +0000 (19:53 +0000)]
Move all sources from the llvm project into contrib/llvm-project.
This uses the new layout of the upstream repository, which was recently
migrated to GitHub, and converted into a "monorepo". That is, most of
the earlier separate sub-projects with their own branches and tags were
consolidated into one top-level directory, and are now branched and
tagged together.
Updating the vendor area to match this layout is next.
kevans [Fri, 20 Dec 2019 17:15:09 +0000 (17:15 +0000)]
vt: store a pointer to the keyboard instead of index
This effectively reverts r355935, but is functionally equivalent. We gain no
benefit from storing the index and repeatedly fetching the keyboard with
`kbd_get_keyboard` when we need it. We'll be notified when it's going away
so we can clean up the pointer.
All existing references were trivially converted. Only once instance
actually needed the index.
kevans [Fri, 20 Dec 2019 16:22:14 +0000 (16:22 +0000)]
Kill off dummy kbd drivers
As far as I can tell, these are an artifact of times when linker sets
couldn't be empty, otherwise the kernel build would fail due to unresolved
symbols. hselasky fixed this in r268138, and I've audited the kbd portions
to make sure nothing would blow up due to the empty linker set and
successfully compiled+ran a kernel with no keyboard support at all.
Kill them off now since they're no longer required.
kevans [Fri, 20 Dec 2019 16:20:38 +0000 (16:20 +0000)]
vt: fix post-boot keyboard attachment
With absolutely no keyboards attached and no kbdmux in kernel, we descend
down this error path. 0 is a valid keyboard index, so leaving
vd->vd_keyboard at 0 when there's no keyboard found is objectively wrong as
later attachment of a keyboard will fail -- it gets index 0, and vt thinks
it's already using that keyboard.
This is decidedly the corniest of corner cases, but it's easy enough to get
correct that we should do so.
Tested in a kernel without atkbdc, atkbd, psm, kbdmux, ukbd, hyperv then
loading ukbd post-boot and attaching a usb keyboard.
cem [Fri, 20 Dec 2019 08:31:23 +0000 (08:31 +0000)]
random(4): Fortuna: Enable concurrent generation by default for 13
Flip the knob added in r349154 to "enabled." The commit message from that
revision and associated code comment describe the rationale, implementation,
and motivation for the new default in detail. I have dog-fooded this
configuration on my own systems for six months, for what that's worth.
For end-users: the result is just as secure. The benefit is a faster, more
responsive system when processes produce significant demand on random(4).
As mentioned in the earlier commit, the prior behavior may be restored by
setting the kern.random.fortuna.concurrent_read="0" knob in loader.conf(5).
This scales the random generation side of random(4) somewhat, although there
is still a global mutex being shared by all cores and rand_harvestq; the
situation is generally much better than it was before on small CPU systems,
but do not expect miracles on 256-core systems running 256-thread full-rate
random(4) read. Work is ongoing to address both the generation-side (in
more depth) and the harvest-side scaling problems.
philip [Fri, 20 Dec 2019 03:38:21 +0000 (03:38 +0000)]
riscv/sifive: add SiFive FU540 PRCI driver
The SiFive FU540 Power Reset Clocking Interrupt block contains a PLL
that turns the input crystal (33.3MHz) into a 1-1.5GHz clock.
This clock in turn is divided by two to produce the tlclk, which is fed
into devices such as the SPI and I2C controllers.
Register a new clock device for the PRCI so that those devices can
read the correct clock through the clk framework.
bdragon [Thu, 19 Dec 2019 22:35:16 +0000 (22:35 +0000)]
[PowerPC] Only move linker sets to .data on ELFv1
In r268055, powerpc64 was special cased regarding linker sets to not mark
the function pointer as 'const'.
This appears to have been done to ensure the compiler generates the function
descriptors correctly. When non-const, the function descriptors will end up
in the .data.rel.local section, and the linker set symbols will get
relocations pointing to them there.
Since function pointers on ELFv2 are "just" pointers like other platforms,
we can leave them const like they are on every other platform.
markj [Thu, 19 Dec 2019 19:34:25 +0000 (19:34 +0000)]
Fix SIGINFO stack collection to ignore threads with swapped-out stacks.
We by definition cannot trace the stack of such a thread. Also remove a
redundant stack_zero() call in the SIGINFO handler, the stack structure
is cleared by the MD stack_capture().
dougm [Thu, 19 Dec 2019 16:39:52 +0000 (16:39 +0000)]
Including <sys/tmpfs.h> into non-kernel software leads to a
compilation error because, without _KERNEL defined, the macro
TMPFS_VALIDATE_DIR is invoked, but never defined. User-level software
that includes sys/tmpfs.h must define _KERNEL to make the definition
of TMPFS_VALIDATE_DIR visible.
This change puts all the inline functions that, directly or
indirectly, invoke MPASS into the scope of the _KERNEL block, allowing
many user-space includers of <sys/tmpfs.h> to stop defining _KERNEL.
andrew [Thu, 19 Dec 2019 08:52:16 +0000 (08:52 +0000)]
Stop speculation past an eret instruction
On arm64 the eret instruction is used to return from an exception handler.
Some implementations may speculate past this instruction into the next
function. As the user may control many registers in these functions add
a synchronisation barrier sequence after the eret instruction to stop these
CPUs from speculating out of the exception handler.
mp [Wed, 18 Dec 2019 23:00:56 +0000 (23:00 +0000)]
Remove VMware MSI-X from the PCI blacklist.
First reported against ESXi 5.0, PCI passthrough was not working due to
MSI-X issues. However, this issue was fixed via patch releases against
ESXi 5.5 and 6.0 in 2016. Given ESXi 5.5 and earlier have been EOL, this
patch removes the VMware MSI-X blacklist entries in the quirk table.
melifaro [Wed, 18 Dec 2019 22:10:56 +0000 (22:10 +0000)]
Remove useless code from in6_rmx.c
The code in questions walks IPv6 tree every 60 seconds and looks into
the routes with non-zero expiration time (typically, redirected routes).
For each such route it sets RTF_PROBEMTU flag at the expiration time.
No other part of the kernel checks for RTF_PROBEMTU flag.
RTF_PROBEMTU was defined 21 years ago, 30 Jun 1999, as RTF_PROTO1.
RTF_PROTO1 is a de-facto standard indication of a route installed
by a routing daemon for a last decade.
alc [Wed, 18 Dec 2019 18:21:39 +0000 (18:21 +0000)]
When pmap_enter_{l2,pde}() are called to create a kernel mapping, they are
incrementing (and decrementing) the ref_count on kernel page table pages.
They should not do this. Kernel page table pages are expected to have a
fixed ref_count. Address this problem by refactoring pmap_alloc{_l2,pde}()
and their callers. This also eliminates some duplicated code from the
callers.
Correctly implement PMAP_ENTER_NOREPLACE in pmap_enter_{l2,pde}() on kernel
mappings.
Reduce code duplication by defining a function, pmap_abort_ptp(), for
handling a common error case.
Handle a possible page table page leak in pmap_copy(). Suppose that we are
determining whether to copy a superpage mapping. If we abort because there
is already a mapping in the destination pmap at the current address, then
simply decrementing the page table page's ref_count is correct, because the
page table page must have a ref_count > 1. However, if we abort because we
failed to allocate a PV entry, this might be a just allocated page table
page that has a ref_count = 1, so we should call pmap_abort_ptp().
Simplify error handling in pmap_enter_quick_locked().
imp [Wed, 18 Dec 2019 16:01:15 +0000 (16:01 +0000)]
Drop a sleepable lock when we plan on sleeping
g_io_speedup waits for the completion of the speedup request before proceeding
using biowait(), but check_clear_deps is called with the softdeps lock held
(which is non-sleepable). It's safe to drop this lock around the call to
speedup, so do that.
cem [Wed, 18 Dec 2019 06:22:28 +0000 (06:22 +0000)]
acpi(4): Add _CID to PNP info string
While a given ACPI device may have 0-N compatibility IDs, in practice most
seem to have 0 or 1. If one is present, emit it as part of the PNP info
string associated with a device. This could enable MODULE_PNP_INFO-based
automatic kldload for ACPI drivers associated with a given _CID (but without
a good _HID or _UID identifier).
kevans [Wed, 18 Dec 2019 02:29:27 +0000 (02:29 +0000)]
bcm2835_vcbus: add legacy compat mappings
I've opted for just duplicating the two entries needed for this, rather than
writing any other mechanism for maintaining two root compat entries to map
to one config, for simplicity. We'll eventually declare these legacy DTB
unsupported, but let's not do that yet while there's no real burden.
kevans [Tue, 17 Dec 2019 23:01:37 +0000 (23:01 +0000)]
arm: add SOC_BRCM_BCM2837 option, include it in GENERIC
We use armv7/GENERIC for the RPI2 images. The original RPI2 is actually a
32-bit BCM2836, but v1.2 was upgraded to the 64-bit BCM2837. The project
continues to provide the RPI2 image as armv7, as it's the lowest common
denominator of the two. Historically, we've just kind of implicitly
acknowledged this by including some bcm2837 bits on a SOC_BCM2836 kernel
config -- this worked until r354875 added code that actually cared.
Acknowledge formally that BCM2837 is valid in arm32.
This name is inconsistent with the other BCM* SOC on !arm64 for two reasons:
1. It's a pre-existing option on arm64, and
2. the naming convention on arm/ should've arguably changed to include BRCM
#1 seems to be a convincing enough argument to maintain the existing name
for it.
jhb [Tue, 17 Dec 2019 22:58:07 +0000 (22:58 +0000)]
Update the crypto(4) and crypto(9) manpages.
There are probably bits that are still wrong, but this fixes some
things at least:
- Add named arguments to the functions in crypto(9).
- Add missing algorithms.
- Don't mention arguments that don't exist in crypto_register.
- Add CIOGSESSION2.
- Remove CIOCNFSESSION.
- Clarify some stale language that assumed an fd had only one sesson.
- Note that you have to use CRIOGET and add a note in BUGS lamenting
that one has to use CRIOGET.
- Various other cleanups.
imp [Tue, 17 Dec 2019 21:53:22 +0000 (21:53 +0000)]
Revert r355833
While it works on nda, it fails on ada and/or da for at least zfs with a modify
after free issue on a trim BIO. Revert while I rework it to fix those devices.
markj [Tue, 17 Dec 2019 21:34:38 +0000 (21:34 +0000)]
an(4): Require privileges for all SIOCGAIRONET requests.
SIOCGAIRONET allows userspace to query an(4) for various device
properties and configuration, which appears to potentially include
sensitive information such as WEP keys (an(4) seems to predate WPA).
Also avoid races by copying in the request structure to a temporary
buffer before locking and modifying the device softc.
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
rrs [Tue, 17 Dec 2019 16:08:07 +0000 (16:08 +0000)]
This commit is a bit of a re-arrange of deck chairs. It
gets both rack and bbr ready for the completion of the STATs
framework in FreeBSD. For now if you don't have both NF_stats and
stats on it disables them. As soon as the rest of the stats framework
lands we can remove that restriction and then just uses stats when
defined.
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D22479
ian [Tue, 17 Dec 2019 15:56:48 +0000 (15:56 +0000)]
Update owc_gpiobus (one-wire over gpio) to the modern gpio_pin interface.
It used to be required that a device be a child of gpiobus(4) to manipulate
gpio pins. That requirement didn't work well for FDT-based systems with many
cross-hierarchy users of gpio, so a more modern framework was created that
removed the old hierarchy requirement.
These changes adapt the owc_gpiobus driver to use the newer gpio_pin_*
functions to acquire, release, and manipulate gpio pins. This allows a
single driver to work for both hinted-attachment and fdt-based systems, and
removes the requirement that any one-wire fdt nodes must appear at the root
of the devicetree.