imp [Mon, 7 Jan 2019 06:19:51 +0000 (06:19 +0000)]
Fix a race between setting up the interrupt handler and it firing by
setting the data prior to setting up the interrupt. Now we only set
the cookie afterwards, and that (a) cannot be helpd and (b) isn't used
in the ISR.
imp [Mon, 7 Jan 2019 05:59:58 +0000 (05:59 +0000)]
Fix TI PCI1520 PCI Cardbus bridge, but others affected.
On system with Celeron 1.5GHz CPU, sometimes when a PCMCIA to Compact Flash
adapter containing a Compact Flash card is inserted in the cardbus slot the
system hangs. This problem has not been observed in systems with a 2.8GHz
XEON CPU or faster.
Analysis of the cbb driver shows functional interrupts are routed to PCI
BEFORE the interrupt handler for functional interrupts has been registered.
kib [Sun, 6 Jan 2019 23:59:04 +0000 (23:59 +0000)]
Clamp tuklib_physmem() return value to SIZE_T_MAX.
On 32bit platforms it is possible to have (much) more physical RAM
than is mappable into single address space. In this case liblzma
scales the value into a request to mmap more address space than it is
theoretically possible.
Reported and tested by: pho
Reviewed by: delphij
Discussed with: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Remove ipsd (IP Scan Detetor). It is unused and to my knowledge has
never been used on any platform that ipfilter has been on. However
it looks like it could be a useful utility, therefore there are plans
to make it a port one day. It lacks a man page as well.
avos [Sun, 6 Jan 2019 02:39:03 +0000 (02:39 +0000)]
powerd(8): allow to force a method of battery state query
This change allows to determine power source via sysctl or /dev/apm
when devd(8) is running (used by default).
Based on patch from PR; other changes on top of it:
- '-f' (force) -> '-s' (source) parameter renaming;
- allow 'apm' -> 'devd' transition when '-s devd' is set
(if APM is enabled);
- man page update.
Checked on amd64 with -s devd / sysctl and apm
(an extra build with forced USE_APM define set was done)
kevans [Sun, 6 Jan 2019 01:39:01 +0000 (01:39 +0000)]
rc.subr: Fix typo
Originally intended as 'in case in needs to be re-invoked', but it was later
decided (by myself) that 're-invoke itself' makes it more clear that the
script is expected to use this in a way.
Reported by: Jose Luis Duran (jlduran @ github)
X-MFC-With: r342792
kevans [Sat, 5 Jan 2019 21:23:25 +0000 (21:23 +0000)]
rc.subr: Provide rc_service variable for service scripts
Some rc scripts in ports (e.g. uwsgi, apache, openvpn) allow for
'application profiles' that usually require the rc script to be invoked
again for each active profile. Because there's no consistent way to
determine the path because it differs between manual/service(8) invocations
and /etc/rc invocations, this leads to patterns like these:
- www/uwsgi hardcodes the script path
- security/openvpn guesses either $_file or $0 based on $0 = /etc/rc
Instead of forcing rc scripts to guess, provide an rc_service variable to
the scripts that gets set appropriately both for direct execution or when a
script is being executed via run_rc_script (e.g. /etc/rc).
This is our analog of an OpenRC variable with the same name, different case
(RC_SERVICE).
markj [Sat, 5 Jan 2019 16:05:39 +0000 (16:05 +0000)]
Capsicumize rtsol(8) and rtsold(8).
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.
The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.
- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.
In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.
Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572
markj [Sat, 5 Jan 2019 15:28:20 +0000 (15:28 +0000)]
Add a bounds check to the tws(4) passthrough ioctl handler.
tws_passthru() was doing a copyin of a user-specified request
without validating its length, so a malicious request could overrun
the buffer. By default, the tws(4) device file is only accessible
as root.
admbug: 825
Reported by: Anonymous of the Shellphish Grill Team
Reviewed by: delphij
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18536
hselasky [Fri, 4 Jan 2019 21:09:38 +0000 (21:09 +0000)]
Reduce timeout for reading the USB HUB port status to 1000ms and try to filter
out dead USB HUB devices by implementing an error counter, so that the USB
enumeration thread does not spend all its time reading from non-responding
devices, blocking user-space access in the end.
kib [Fri, 4 Jan 2019 19:10:46 +0000 (19:10 +0000)]
Fix i386 LINT build after r342769.
It seems that libkern/mcount.c is the only consumer of vm/pmap.h that
does not include machine/atomic.h. Make it work by bringing
machine/atomic.h when pmap.h is used for kernel non-asm .c file.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
gallatin [Fri, 4 Jan 2019 18:38:27 +0000 (18:38 +0000)]
Limit git history searches in newvers.sh
newvers.sh takes upwards of 4-5 seconds to complete on trees checked
out from github, due to searching the entire history for non-existent
git-svn metadata. Similarly, if one does not check out notes, we
again search the entire history for notes. That makes newvers.sh very
slow for many github users.
To fix this in a fair way, limit the history search to the last 10K
commits: if you're more than 10K commits out of sync, then you've
forked the project, and our SVN rev is no longer very important to you.
Due to how git implements --grep in conjunction with -n, --grep has been
removed for performance reasons (git does not seem to limit its search
to the -n limit in this case, and takes just as long as it did with no
limit).
emaste [Fri, 4 Jan 2019 18:35:25 +0000 (18:35 +0000)]
Add explicit csu test dependency
lib/csu/tests/dynamiclib requires libh_csu.so be built first. I'm not
sure this is the most correct/best way to address this but it solves
the issue in my testing.
cem [Fri, 4 Jan 2019 18:31:17 +0000 (18:31 +0000)]
Expose threads-per-core and physical core count information
With new sysctls (to the best of our ability do detect them). Restructured
smp.4 slightly for clarity (keep relevant stuff closer to the top) while
documenting.
kib [Fri, 4 Jan 2019 17:33:07 +0000 (17:33 +0000)]
i386: Use atomic 64bit load to read PDE value from PAE pagetables in
pmap_kextract().
pmap_kextract() can race with promotion/demotion on the kernel page
table, in which case current non-atomic 64bit read would see torn
value, breaking pmap_kextract(). pmap_kextract() would correctly
handle either promoted or demoted PDE, but not a mix where one word
is from a different state.
It requires PAE and > 4G memory to reproduce. We observed this in
real loads, both for intensive use of malloc(9)/free(9) where
vtoslab() returned invalid pointer to the slab, and with the use of
busdma_bounce, where incorrect page was bounced.
In collaboration with: pho
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D18714
markj [Fri, 4 Jan 2019 17:31:50 +0000 (17:31 +0000)]
Support MSG_DONTWAIT in send*(2).
As it does for recv*(2), MSG_DONTWAIT indicates that the call should
not block, returning EAGAIN instead. Linux and OpenBSD both implement
this, so the change makes porting easier, especially since we do not
return EINVAL or so when unrecognized flags are specified.
markj [Fri, 4 Jan 2019 17:14:50 +0000 (17:14 +0000)]
Don't enable interrupts in init_secondary().
The MI kernel assumes that interrupts will not be enabled on APs until
after the first context switch. In particular, the problem was causing
occasional deadlocks during boot.
Remove an unneeded intr_disable() added in r335005.
Reviewed by: jhb (previous version)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18738
emaste [Fri, 4 Jan 2019 16:47:35 +0000 (16:47 +0000)]
newvers: retire p4 version support
Perforce no longer offers a FreeBSD client and it not a viable VCS for
FreeBSD development. Remove p4 version logic to simplify newvers.sh in
advance of other changes.
chuck [Fri, 4 Jan 2019 15:03:35 +0000 (15:03 +0000)]
Fix bhyve's NVMe Completion Queue entry values
The function which processes Admin commands was not returning the
Command Specific value in Completion Queue Entry, Dword 0 (CDW0). This
effects commands such as Set Features, Number of Queues which returns
the number of queues supported by the device in CDW0. In this case, the
host will only create 1 queue pair (Number of Queues is zero based).
This also masked a bug in the queue counting logic.
chuck [Fri, 4 Jan 2019 15:03:30 +0000 (15:03 +0000)]
Fix bhyve's NVMe queue bookkeeping
Many size / length parameters in NVMe are "0's based", meaning, a value
of 0x0 represents 1, 0x1 represents 2, etc.. While this leads to an
efficient encoding, it can lead to subtle bugs. With respect to queues,
these parameters include:
- Maximum number of queue entries
- Maximum number of queues
- Number of Completion Queues
- Number of Submission Queues
To be consistent, convert all 0's based values from the host to 1's
based value internally. Likewise, covert internal 1's based values to
0's based values when returned to the host. This fixes an off-by-one bug
when creating IO queues and simplifies some of the code. Note that this
bug is masked by another bug.
While in the neighborhood,
- fix an erroneous queue ID check (checking CQ count when deleting SQ)
- check for queue ID of 0x0 in a few places where this is illegal
- clean up the Set Features, Number of Queues command and check for
illegal values
emaste [Fri, 4 Jan 2019 14:42:36 +0000 (14:42 +0000)]
newvers: avoid clearing svn revision information with nested VCS dirs
Consider the case where FreeBSD is checked out via Subversion with a
(perhaps unrelated) .git or .hg directory at a higher level - for
example,
.../.git
.../src/freebsd
Previously newvers obtained the SVN revision information via svnversion,
and then tried to obtain the SVN revision corresponding to the git or hg
commit, overwriting the existing information.
As a short term fix use a different variable for hg-svn or git-svn
information, setting $svn from hg or git info only if not empty.
Reported by: Matthias Apitz
Sponsored by: The FreeBSD Foundation
kevans [Fri, 4 Jan 2019 03:13:24 +0000 (03:13 +0000)]
getopt_long(3): fix case of malformed long opt
When presented with an arg string like '-l-', getopt_long will successfully
parse out the 'l' short option, then proceed to match '--' against the first
longopts entry as it later does a strncmp with len=0. This latter bit is
arguably another bug in itself, but presumably not a practical issue as all
callers of parse_long_options are already doing the right thing (except this
one pointed out).
An opt string like '-l-' should be considered malformed and throw a bad
argument rather than behaving as if '--' were passed. It cannot possibly do
what the invoker expects, and it's probably the result of a typo (ls -l- a)
rather than any intent.
mmacy [Thu, 3 Jan 2019 22:49:11 +0000 (22:49 +0000)]
zfsboot: support newer ZFS versions
declare v3 objset size/layout to fix userboot and possibly other loader issues
- fix for userboot assertion failure in zfs_dev_close in free due to out of bounds write
- fix for zfs_alloc / zfs_free mismatch assertion failure when booting GPT on BIOS
markj [Thu, 3 Jan 2019 16:21:44 +0000 (16:21 +0000)]
Fix some issues with the riscv pmap_protect() implementation.
- Handle VM_PROT_EXECUTE.
- Clear PTE_D and mark the page dirty when removing write access
from a mapping.
- Atomically clear PTE_W to avoid clobbering a hardware PTE update.
Reviewed by: jhb, kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18719
avos [Wed, 2 Jan 2019 18:30:22 +0000 (18:30 +0000)]
rtwn(4): refresh manpages.
- Add 'device rtwn' to rtwn_pci(4) and rtwn_usb(4) config sample;
kernel will not compile otherwise.
- Refresh devices list in rtwn_usb(4); add 'chipset' column.
- Bump Dd after this commit and r342682.
markj [Wed, 2 Jan 2019 17:09:35 +0000 (17:09 +0000)]
Capsicumize savecore(8).
- Use cap_fileargs(3) to open dump devices after entering capability
mode, and use cap_syslog(3) to log messages.
- Use a relative directory fd to open output files.
- Use zdopen(3) to compress kernel dumps in capability mode.
Reviewed by: cem, oshogbo
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18458
markj [Wed, 2 Jan 2019 15:52:16 +0000 (15:52 +0000)]
Use g_handleattr() to reply to GEOM::candelete queries.
g_handleattr() fills out bp->bio_completed; otherwise, g_getattr()
returns an error in response to the query. This caused BIO_DELETE
support to not be propagated through stacked configurations, e.g.,
a gconcat of gmirror volumes would not handle BIO_DELETE even when
the gmirrors do. g_io_getattr() was not affected by the problem.
markj [Wed, 2 Jan 2019 15:36:35 +0000 (15:36 +0000)]
Avoid setting PG_U unconditionally in pmap_enter_quick_locked().
This KPI may in principle be used to create kernel mappings, in which
case we certainly should not be setting PG_U. In any case, PG_U must be
set on all layers in the page tables to grant user mode access, and we
were only setting it on leaf entries. Thus, this change should have no
functional impact.
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
We need to subtract the TLS_TCB_SIZE to get to the real data pointer, since
r13 points to the end of the TCB structure. Prior to this, devel/protobuf-c
port broke with recent update to devel/protobuf, which exposed this issue.
cem [Tue, 1 Jan 2019 19:56:49 +0000 (19:56 +0000)]
linuxkpi: Remove extraneous NULL check on M_WAITOK allocation
The check was not introduced in r342628, but the subsequent unchecked access to
refs was added then, prompting a Coverity warning about "Null pointer
dereferences (FORWARD_NULL)." The warning is bogus due to M_WAITOK, but so is
the NULL check that hints it, so just remove it.