Ian Lepore [Mon, 2 Dec 2019 19:57:20 +0000 (19:57 +0000)]
Do not initialize the flags field in struct gpiobus_pin from the flags in
struct gpio_pin. It turns out these two sets of flags are completely
unrelated to each other.
Also, update the comment for GPIO_ACTIVE_LOW to reflect the fact that it
does get set, somewhat unobviously, by code that parses FDT data. The bits
from the FDT cell containing flags are just copied to gpiobus_pin.flags, so
there's never any obvious reference to the symbol GPIO_ACTIVE_LOW being
stored into the flags field.
Ian Lepore [Mon, 2 Dec 2019 16:15:18 +0000 (16:15 +0000)]
Remove "all rights reserved" from copyright after getting a response from
Luiz that he also was not intentionally asserting that right, it was already
there when he added his name.
Justin Hibbits [Mon, 2 Dec 2019 15:07:06 +0000 (15:07 +0000)]
revert r354714 "Boot arm64 kernel using booti command from U-boot."
After discussing with mmel@, it was clear this is insufficient to address
all the needs. mmel@ will commit his original patch, from
https://reviews.freebsd.org/D13861, and the additions needed from r354714
will be made afterward.
Requested by: mmel
Sponsored by: Juniper Networks, Inc.
Devin Teske [Mon, 2 Dec 2019 05:24:16 +0000 (05:24 +0000)]
Fix spurious error from sysrc
When using sysrc to modify a file, the file should be created silently.
However, with the introduction of SVN r335280, an error of "No such file
or directory" would appear despite everything else working as-expected.
The nature of this spurious error is that SVN r335280 did not check if
the file exists first, before trying to fixup the line-endings in the
file just prior to modification.
PR: bin/240875
Reported by: Jose Luis Duran
MFC after: 3 days
Ian Lepore [Sun, 1 Dec 2019 23:05:20 +0000 (23:05 +0000)]
Rewrite gpioiic(4) to use the gpio_pin_* API, and to conform to the modern
FDT bindings document for gpio-i2c devices.
Using the gpio_pin_* functions to acquire/release/manipulate gpio pins
removes the constraint that both gpio pins must belong to the same gpio
controller/bank, and that the gpioiic instance must be a child of gpiobus.
Removing those constraints allows the driver to be fully compatible with
the modern dts bindings for a gpio bitbanged i2c bus.
For hinted attachment, the two gpio pins still must be on the same gpiobus,
and the device instance must be a child of that bus. This preserves
compatibility for existing installations that have use gpioiic(4) with hints.
Justin Hibbits [Sun, 1 Dec 2019 21:29:34 +0000 (21:29 +0000)]
powerpc: Add 'show frame <addr>' to show an arbitrary trap frame
This lets us print, for example, the user's trap frame when a panic occurs.
The frame address is given in the backtrace at the trap point, which can
then be passed to 'show frame'. This is useful for debugging as it can show
inputs that lead to a panic or fault. It can also be used to print trap
frames from other CPUs that get stuck.
i386 already has a similar command, but no others do.
Ian Lepore [Sun, 1 Dec 2019 21:27:09 +0000 (21:27 +0000)]
Move most of the gpio_pin_* functions from ofw_gpiobus.c to gpiobus.c so
that they can be used by drivers on non-FDT-configured systems. Only the
functions related to acquiring pins by parsing FDT data remain in
ofw_gpiobus. Also, add two new functions for acquiring gpio pins based on
child device_t and index, or on the bus device_t and pin number. And
finally, defer reserving pins for gpiobus children until they acquire the
pin, rather than reserving them as soon as the child is added (before it's
even known whether the child will attach).
This will allow drivers configured with hints (or any other mechanism) to
use the same code as drivers configured via FDT data. Until now, a hinted
driver and an FDT driver had to be two completely different sets of code,
because hinted drivers could only use gpiobus calls to manipulate pins,
while fdt-configured drivers could not use that API (due to not always being
children of the bus that owns the pins) and had to use the newer
gpio_pin_xxxx() functions. Now drivers can be written in the more
traditional form, where most of the code is shared and only the resource
acquisition code at attachment time changes.
Kyle Evans [Sun, 1 Dec 2019 20:43:37 +0000 (20:43 +0000)]
Remove more needless <sys/tty.h> includes
As part of my journey to make it easy to determine what's relying on tty
bits, remove a couple more. Some of these just outright didn't need it,
while others did rely on <sys/tty.h> pollution for mutex headers.
Store the bottom of the shadow chain in OBJ_ANON object->handle member.
The handle value is stable for all shadow objects in the inheritance
chain. This allows to avoid descending the shadow chain to get to the
bottom of it in vm_map_entry_set_vnode_text(), and eliminate
corresponding object relocking which appeared to be contending.
Change vm_object_allocate_anon() and vm_object_shadow() to handle more
of the cred/charge initialization for the new shadow object, in
addition to set up the handle.
Reported by: jeff
Reviewed by: alc (previous version), jeff (previous version)
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differrential revision: https://reviews.freebsd.org/D22541
Michael Tuexen [Sun, 1 Dec 2019 19:20:28 +0000 (19:20 +0000)]
Add a description for the TCP sysctl variable rfc6675_pipe.
It was introduced by r290122, but no documentation was provided.
This is taken from https://reviews.freebsd.org/D21798, since it
is not related to the feature added there.
Submitted by: Richard Scheffenegger
MFC after: 1 week
Michael Tuexen [Sun, 1 Dec 2019 18:05:02 +0000 (18:05 +0000)]
In order for the TCP Handshake to support ECN++, and further ECN-related
improvements, the ECN bits need to be exposed to the TCP SYNcache.
This change is a minimal modification to the function headers, without any
functional change intended.
Michael Tuexen [Sun, 1 Dec 2019 16:14:44 +0000 (16:14 +0000)]
Update the hostcache also for PTB messages received for SCTP/IPv6.
The corresponding code for SCTP/IPv4 was introduced in
https://svnweb.freebsd.org/base?view=revision&revision=317597
Anish Gupta [Sun, 1 Dec 2019 04:00:08 +0000 (04:00 +0000)]
bhyve amd: amdvi_dump_cmds() log the command for which the command completion failed. Completion is checked in poll mode although it can be done using interrupts.
No need to log all the commands in command ring but only the last one for which completion failed.
Bjoern A. Zeeb [Sun, 1 Dec 2019 00:22:04 +0000 (00:22 +0000)]
Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros.
r354748-354750 replaced the KAME macros with m_pulldown() calls.
Contrary to the rest of the network stack m_len checks before m_pulldown()
were not put in placed (see r354748).
Put these m_len checks in place for now (to go along with the style of the
network stack since the initial commits). These are not put in for
performance but to avoid an error scenario (even though it also will help
performance at the moment as it avoid allocating an extra mbuf; not because
of the unconditional function call).
The observed error case went like this:
(1) an mbuf with M_EXT arrives and we call m_pullup() unconditionally on it.
(2) m_pullup() will call m_get() unless the requested length is larger than
MHLEN (in which case it'll m_freem() the perfectly fine mbuf) and migrate the
requested length of data and pkthdr into the new mbuf.
(3) If m_get() succeeds, a further m_pullup() call going over MHLEN will fail.
This was observed with failing auto-configuration as an RA packet of
200 bytes exceeded MHLEN and the m_pullup() called from nd6_ra_input()
dropped the mbuf.
(Re-)adding the m_len checks before m_pullup() calls avoids this problems
with mbufs using external storage for now.
Kyle Evans [Sat, 30 Nov 2019 20:10:50 +0000 (20:10 +0000)]
tty: implement TIOCNOTTY
Generally, it's preferred that an application fork/setsid if it doesn't want
to keep its controlling TTY, but it could be that a debugger is trying to
steal it instead -- so it would hook in, drop the controlling TTY, then do
some magic to set things up again. In this case, TIOCNOTTY is quite handy
and still respected by at least OpenBSD, NetBSD, and Linux as far as I can
tell.
I've dropped the note about obsoletion, as I intend to support TIOCNOTTY as
long as it doesn't impose a major burden.
Xin LI [Sat, 30 Nov 2019 20:06:53 +0000 (20:06 +0000)]
Reduce disk write load in /usr/libexec/save-entropy.
Before this commit, the save-entropy script rotates entropy files
like logs. This involves creating a new file that holds the entropy
and renaming of all existing entropy files. However, the entropy
data do not really need to be kept in a particular order, and
replacing the oldest file is sufficient.
This commit replaces the rotation with a scan in the
[1..entropy_save_num] space that finds the first empty slot, or
the slot of the oldest file, and writes entropy into that slot.
This also fixes an issue that prevents save-entropy from saving
any entropy when there is one non-regular file in any slot as a
side effect.
Ian Lepore [Sat, 30 Nov 2019 19:16:44 +0000 (19:16 +0000)]
Add an OFWBUS_PNP_INFO() macro for devices that hang directly off the root
ofwbus. Also, apply some style(9) whitespace fixing to the
SIMPLEBUS_PNP_INFO() macro (no functional change).
Mateusz Guzik [Sat, 30 Nov 2019 17:24:42 +0000 (17:24 +0000)]
lockprof: use IPI-injecetd fences to fix hangs on stat dump and reset
The previously used quiesce_all_cpus walks all CPUs and waits until curthread
can run on them. Even on contemporary machines this becomes a significant
problem under load when it can literally take minutes for the operation to
complete. With the patch the stall is normally less than 1 second.
Reviewed by: kib, jeff (previous version)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21740
Mateusz Guzik [Sat, 30 Nov 2019 16:40:16 +0000 (16:40 +0000)]
vfs: swap placement between v_type and v_tag
The former is frequently accessed (e.g., in vfs_cache_lookup) and shares the
cacheline with v_usecount, avoidably adding to cache misses during concurrent
lookup. The latter is almost unused and probably can get garbage-collected.
The struct does not change in size despite enum vs char * discrepancy.
On 64-bit archs there used to be 4 bytes padding after v_type giving 480 bytes
in total.
Toomas Soome [Sat, 30 Nov 2019 09:11:28 +0000 (09:11 +0000)]
loader.efi: efipart needs better support detecting nested partitions
Just as disks can have nested partitions, the same happens with cd devices,
so we need to detect device paths and make sure we will not mix the handles.
To address this:
we fetch handle array and create linked list of block devices.
we walk the list and detect parent devices and set children pd_parent.
for {fd, cd, hd}, we walk device list and pick up our devices and store to
corresponding list. We make sure we store parent device first.
For sorting we use 3 steps: We check for floppy, we check for cd and then
everything else must be hd.
In general, it seems the floppy devices have no parent.
CD can have both parents and children (multiple boot entries, partitions
from the hybrid disk image).
Tested by: cross+freebsd@distal.com on Cisco UCS systems, C200 series (C220M5, C240M4).
Also on MBP with UEFI 1.10
Reported by: Chriss Ross
MFC after: 1w
Differential Revision: https://reviews.freebsd.org/D22553
Jeff Roberson [Fri, 29 Nov 2019 19:49:20 +0000 (19:49 +0000)]
Avoid acquiring the object lock if color is already set. It can not be
unset until the object is recycled so this check is stable. Now that we
can acquire the ref without a lock it is not necessary to group these
operations and we can avoid it entirely in many cases.
Ian Lepore [Fri, 29 Nov 2019 18:05:54 +0000 (18:05 +0000)]
Ignore "gpio-hog" nodes when instantiating ofw_gpiobus children. Also,
in ofw_gpiobus_probe() return BUS_PROBE_DEFAULT rather than 0; we are not
the only possible driver to handle this device, we're just slightly better
than the base gpiobus (which probes at BUS_PROBE_GENERIC).
In the time since this code was first written, the gpio controller bindings
aquired the concept of a "hog" node which could be used to preset one or
more gpio pins as input or output at a specified level. This change doesn't
fully implement the hogging concept, it just filters out hog nodes when
instantiating child devices by scanning for child nodes in the fdt data.
The whole concept of having child nodes under the controller node is not
supported by the standard bindings, and appears to be a freebsd extension,
probably left over from the days when we had no support for cross-tree
phandle references in the fdt data.
Kyle Evans [Fri, 29 Nov 2019 14:46:13 +0000 (14:46 +0000)]
tty_rel_gone: add locking assertion
We already assert the lock is held later during tty_rel_free(), but it is
arguably good form to clarify locking expectations here as well at the
top-level that other drivers use.
vn_open_cred() assumes that it is called from the top-level of a VFS
syscall. Writers must call bwillwrite() before locking any VFS
resource to wait for cleanup of dirty buffers.
ZFS getextattr() and setextattr() VOPs do call vn_open_cred(), which
results in wait for unrelated buffers while owning ZFS vnode lock (and
ZFS does not use buffer cache). VN_OPEN_INVFS allows caller to skip
bwillwrite.
Note that ZFS is still incorrect there, because it starts write on an
mp and locks a vnode while holding another vnode lock.
Reported by: Willem Jan Withagen <wjw@digiware.nl>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Leandro Lupori [Fri, 29 Nov 2019 11:34:11 +0000 (11:34 +0000)]
[PPC] Remove extra \0 char inserted on vty by QEMU
Since version 2.11.0, QEMU became bug-compatible with
PowerVM's vty implementation, by inserting a \0 after
every \r going to the guest. Guests are expected to
workaround this issue by removing every \0 immediately
following a \r.
Ryan Libby [Fri, 29 Nov 2019 06:25:07 +0000 (06:25 +0000)]
kern.mk: -Wno-error=stringop-overflow for gcc due to false positives
Demote gcc's Wstringop-overflow to Wno-error due to false positives.
E.g. the riscv64 build with gcc 8.3.0 has been failing with this warning
since r355062 [1]. A bug has been filed with gcc [2]. The warning was
first introduced in gcc 7.1 [3]. Hopefully we can avoiding suppressing
the warning in future gcc versions.
Kyle Evans [Fri, 29 Nov 2019 03:56:01 +0000 (03:56 +0000)]
tty_pts: don't rely on tty header pollution for sys/mutex.h
tty_pts.c relies on sys/tty.h for sys/mutex.h. Include it directly instead
of relying on this pollution to ease the diff for anyone that wants to try
converting the tty lock to anything other than a mutex.
Conrad Meyer [Fri, 29 Nov 2019 03:31:47 +0000 (03:31 +0000)]
Fix braino in previous bugfix r300174
The previous revision missed the exact same error in a copy paste block
of the same code in another function. Fix the identical case, too.
A DHCP client identifier is simply the hardware type (one byte)
concatenated with the hardware address (some variable number of bytes,
but at most 16). Limit the size of the temporary buffer to match and
the rest of the calculations shake out correctly.
PR: 238022
Reported by: Young <yangx92 AT hotmail.com>
Submitted by: Young <yangx92 AT hotmail.com>
MFC after: I don't plan to but you should feel free
Security: yes
Doug Moore [Fri, 29 Nov 2019 02:06:45 +0000 (02:06 +0000)]
Functions that call vm_map_splay_merge sometimes set data fields
(e.g. root->left = NULL) to affect the behavior of that function. This
change stops that data manipulation, and instead calls a pair of
functions, one for the left direction and the other for the right,
with the function called depending whether or not we currently null
the root child in that direction to control the behavior of
vm_map_splay_merge.
Rick Macklem [Thu, 28 Nov 2019 23:34:23 +0000 (23:34 +0000)]
Fix two races while handling nfsuserd daemon start/stop.
A crash was reported where the nr_client field was NULL during an upcall
to the nfsuserd daemon. Since nr_client == NULL only occurs when the
nfsuserd daemon is being shut down, it appeared to be caused by a race
between doing an upcall and the daemon shutting down.
By inspection two races were identified:
1 - The nfsrv_nfsuserd variable is used to indicate whether or not the
daemon is running. However it did not handle the intermediate phase
where the daemon is starting or stopping.
This was fixed by making nfsrv_nfsuserd tri-state and having the
functions that are called during start/stop to obey the intermediate
state.
2 - nfsrv_nfsuserd was checked to see that the daemon was running at
the beginning of an upcall, but nothing prevented the daemon from
being shut down while an upcall was still in progress.
This race probably caused the crash.
The patch fixes this by adding a count of upcalls in progress and
having the shut down function delay until this count goes to zero
before getting rid of nr_client and related data used by an upcall.
Alexander Motin [Thu, 28 Nov 2019 18:28:35 +0000 (18:28 +0000)]
Fix use-after-free in case of L2ARC prefetch failure.
In case L2ARC read failed, l2arc_read_done() creates _different_ ZIO
to read data from the original storage device. Unfortunately pointer
to the failed ZIO remains in hdr->b_l1hdr.b_acb->acb_zio_head, and if
some other read try to bump the ZIO priority, it will crash.
The problem is reproducible by corrupting L2ARC content and reading
some data with prefetch if l2arc_noprefetch tunable is changed to 0.
With the default setting the issue is probably not reproducible now.
Michael Tuexen [Thu, 28 Nov 2019 12:50:25 +0000 (12:50 +0000)]
Really ignore the SCTP association identifier on 1-to-1 style sockets
as requiresd by the socket API specification.
Thanks to Inaki Baz Castillo, who found this bug running the userland
stack with valgrind and reported the issue in
https://github.com/sctplab/usrsctp/issues/408
Jeff Roberson [Thu, 28 Nov 2019 07:49:25 +0000 (07:49 +0000)]
Garbage collect the mostly unused us_keg field. Use appropriately named
union members in vm_page.h to store the zone and slab. Remove some nearby
dead code.
Warner Losh [Thu, 28 Nov 2019 05:40:15 +0000 (05:40 +0000)]
Also turn of teken for RB_MULTIPLE
RB_MULTIPLE without RB_SERIAL set is valid, and means 'Video first, then serial'
to the kernel (so kernel messages go to both, but /etc/rc uses video console
(this should be fixed, btw, but another day)). Check for RB_MULTIPLE as well as
RB_SERIAL where we want to to serial things. This means we'll use the old code
for emulation in these situations, which is likely best since we're outputing to
both and the old code is ligher weight allowing both to keep up w/o weird
scrolling things.
Alexander Motin [Thu, 28 Nov 2019 02:40:12 +0000 (02:40 +0000)]
Make DMAR allow Intel NTB device to access its own BAR0.
I have no good explanation why it happens, but I found that in B2B mode
at least Xeon v4 NTB leaks accesses to its configuration memory at BAR0
originated from the link side to its host side. DMAR predictably blocks
those, making access to remote scratchpad registers in B2B mode impossible.
This change creates identity mapping in DMAR covering the BAR0 addresses,
making the NTB work fine with DMAR enabled. It seems like allowing single
4KB range at 32KB offset may be enough, but I don't see a reason to be so
specific.
Rick Macklem [Thu, 28 Nov 2019 02:05:31 +0000 (02:05 +0000)]
Add a cap on credential lifetime for Kerberized NFS.
The kernel RPCSEC_GSS code sets the credential (called a client) lifetime
to the lifetime of the Kerberos ticket, which is typically several hours.
As such, when a user's credentials change such as being added to a new group,
it can take several hours for this change to be recognized by the NFS server.
This patch adds a sysctl called kern.rpc.gss.lifetime_max which can be set
by a sysadmin to put a cap on the time to expire for the credentials, so that
a sysadmin can reduce the timeout.
It also fixes a bug, where time_uptime is added twice when GSS_C_INDEFINITE
is returned for a lifetime. This has no effect in practice, sine Kerberos
never does this.
Cy Schubert [Thu, 28 Nov 2019 00:46:33 +0000 (00:46 +0000)]
Include fin, the packet information structure (fr_info_t), in the
l4sums DTrace probe, making more information available for the diagnosis
of IPv6 checksum errors.
Conrad Meyer [Thu, 28 Nov 2019 00:46:03 +0000 (00:46 +0000)]
auditd(8): fix long-standing uninitialized memory use bug
The bogus use could lead to an infinite loop depending on how fast the
audit_warn script to execute.
By fixing read(2) interruptibility, d060887 (r335899) revealed another bug
in auditd_wait_for_events. When read is interrupted by SIGCHLD,
auditd_reap_children will always return with errno set to ECHILD. But
auditd_wait_for_events checks errno after that point, expecting it to be
unchanged since read. As a result, it calls auditd_handle_trigger with bogus
stack garbage. The result is the error message "Got unknown trigger 48." Fix
by simply ignoring errno at that point; there's only one value it could've
possibly had, thanks to the check up above.
The best part is we've had a fix for this for like 18 months and just never
merged it. Merge it now.
PR: 234209
Reported by: Marie Helene Kvello-Aune <freebsd AT mhka.no> (2018-12)
Submitted by: asomers (2018-07)
Reviewed by: me (in OpenBSM)
Obtained from: OpenBSM
X-MFC-With: r335899
Security: ¯\_(ツ)_/¯
Differential Revision: https://github.com/openbsm/openbsm/pull/45
Chuck Silvers [Thu, 28 Nov 2019 00:37:43 +0000 (00:37 +0000)]
As part of creating a snapshot, set fs->fs_fmod to 0 in the snapshot image
because nothing ever changes this field for read-only mounts and we want
to verify that it is still 0 when we unmount.
Jeff Roberson [Thu, 28 Nov 2019 00:19:09 +0000 (00:19 +0000)]
Implement a sysctl tree for uma zones to assist in debugging and provide
more statistcs than are exported via the ABI stable vmstat interface.
Rename uz_count to uz_bucket_size because even I was confused by the
name after returning to the source years later.
Alan Cox [Wed, 27 Nov 2019 20:33:49 +0000 (20:33 +0000)]
There is no reason why we need to pin the underlying thread to its current
processor in pmap_invalidate_{all,page,range}(). These functions are using
an instruction that broadcasts the TLB invalidation to every processor, so
even if a thread migrates in the middle of one of these functions every
processor will still perform the required TLB invalidations.
Mark Johnston [Wed, 27 Nov 2019 20:32:53 +0000 (20:32 +0000)]
iwm(4): Remove _mvm from the namespace.
This was inherited from iwlwifi, which drives devices supported by both
iwn(4) and iwm(4) in FreeBSD. In iwm(4) _mvm is meaningless, so remove
it. OpenBSD made the same change a long time ago. No functional change
intended.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Ryan Libby [Wed, 27 Nov 2019 19:49:55 +0000 (19:49 +0000)]
uma: trash memory when ctor/dtor supplied too
On INVARIANTS kernels, UMA has a use-after-free detection mechanism.
This mechanism previously required that all of the ctor/dtor/uminit/fini
arguments to uma_zcreate() be NULL in order to function. Now, it only
requires that uminit and fini be NULL; now, the trash ctor and dtor will
be called in addition to any supplied ctor or dtor.
Also do a little refactoring for readability of the resulting logic.
This enables use-after-free detection for more zones, and will allow for
simplification of some callers that worked around the previous
restriction (see kern_mbuf.c).
Michael Tuexen [Wed, 27 Nov 2019 19:32:29 +0000 (19:32 +0000)]
Plug two mbuf leaks during INIT-ACK handling.
One leak happens when there is not enough memory to allocate the
the resources for streams. The other leak happens if the are
unknown parameters in the received INIT-ACK chunk which require
reporting and the INIT-ACK requires sending an ABORT due to illegal
parameter combinations.
Hopefully this fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19083
Andrew Turner [Wed, 27 Nov 2019 16:52:46 +0000 (16:52 +0000)]
Support kernels larger than EFI_STAGING_SIZE in loader.efi
With a very large kernel or module the staging area may be too small to
hold it. When this is the case try to allocate more space before failing
in the efi copyin/copyout/readin functions.