hselasky [Mon, 10 Oct 2016 11:27:59 +0000 (11:27 +0000)]
MFC r306441 and r306634:
While draining a timeout task prevent the taskqueue_enqueue_timeout()
function from restarting the timer.
Commonly taskqueue_enqueue_timeout() is called from within the task
function itself without any checks for teardown. Then it can happen
the timer stays active after the return of taskqueue_drain_timeout(),
because the timeout and task is drained separately.
This patch factors out the teardown flag into the timeout task itself,
allowing existing code to stay as-is instead of applying a teardown
flag to each and every of the timeout task consumers.
Add assert to taskqueue_drain_timeout() which prevents parallel
execution on the same timeout task.
Update manual page documenting the return value of
taskqueue_enqueue_timeout().
emaste [Wed, 5 Oct 2016 01:01:10 +0000 (01:01 +0000)]
MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/
Previously it was possible to smuggle in addional files that would
used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
1) Microoptimize %p case.
2) Implememt %u for GNU compatibility.
3) Don't forget to advance buf for %w/%u.
4) Fail with incomplete week (week 0) request and no such week in the
year.
5) Fix yday formula when Sunday requested and the week started from Monday.
6) Fail with impossible yday for incomplete week (week 0) and direct %w/%u
request.
7) Shift yday/wday to the first day of the year, if incomplete week
(week 0) requested and no %w/%u used.
8) For already non-standard %z extension implement GNU compatible formats:
+hh and -hh.
9) Check for incorrect values for %z.
1) Fix the case we have less arguments for format string than we expected.
2) Return error on unsupported format specs.
(both according to POSIX)
3) For %Z format, understand "UTC" name too.
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
r304807 (allanjude): Capsicumize bspatch
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
r304821: bspatch: remove output file in the case of error
r305486: bspatch: add sanity checks on sizes to avoid integer overflow
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
r305737: bspatch: remove superfluous newlines from errx strings
r305822: bspatch: use #define for header size instead of magic number
r306026: bspatch: Remove backwards-compatibility sys/capability.h support
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
MFC r264823 (ed): Make usage printing more consistent with other tools.
- Introduce a separate usage() function.
- Don't use argv[0]. Directly name the application, as we do elsewhere.
- Don't prepend the application name.
- Don't print two newlines.
Also apply the unnecessary semicolon cleanup from r298089
MFC r305590:
Correctly map the USB mouse tilt delta values into buttons 5 and 6
instead of 3 and 4 which is used for the scroll wheel, according to
X.org.
MFC r305421:
Resolve deadlock between device_detach() and usbd_do_request_flags()
by reviving the SX control request lock and refining which lock
protects the common scratch area in "struct usb_device".
The SX control request lock was removed by r246759 because it caused a
lock order reversal with the USB enumeration lock inside
usbd_transfer_setup() as a function of r246616. It was thought that
reducing the number of locks would resolve the LOR, but because some
USB device drivers use usbd_do_request_flags() inside callback
functions, like in taskqueues, a deadlock may occur when these are
drained from device_detach(). By restoring the SX control request
lock usbd_do_request_flags() is allowed to complete its execution
when a USB device driver is detaching. By using the SX control request
lock to protect the scratch area, the LOR introduced by r246616 is
also resolved.
Bump the FreeBSD version while at it to force recompilation of all USB
kernel modules.
MFC r304571:
Make the UKBD USB transfers double buffered and set them up one by one,
so they are memory independent which allows for handling panics
triggered by the keyboard driver itself, typically via CTRL+ALT+ESC
sequences. Or if the USB keyboard driver was processing a key at the
moment of panic. Allow UKBD to be attached while keyboard polling is active.
MFC r305284:
Fix array size issue when using the pre-scaling feature for
ISOCHRONOUS USB transfers. Make sure enough length and buffer pointers
are allocated when setting up the libusb transfer structure to support
the maximum number of frames the kernel can handle.
dim [Wed, 7 Sep 2016 19:25:08 +0000 (19:25 +0000)]
MFC r305389:
With clang 3.9.0, compiling sys/netinet/igmp.c results in the following
warning:
sys/netinet/igmp.c:546:21: error: implicit conversion from 'int' to 'char' changes value from 148 to -108 [-Werror,-Wconstant-conversion]
p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */
~ ^~~~~~~~
sys/netinet/ip.h:153:19: note: expanded from macro 'IPOPT_RA'
#define IPOPT_RA 148 /* router alert */
^~~
This is because ipopt_list is an array of char, so IPOPT_RA is wrapped
to a negative value. It would be nice to change ipopt_list to an array
of u_char, but it changes the signature of the public struct ipoption,
so add an explicit cast to suppress the warning.
dim [Wed, 7 Sep 2016 19:17:03 +0000 (19:17 +0000)]
MFC r305360:
With clang 3.9.0, compiling cxgb results in the following warning:
sys/dev/cxgb/cxgb_sge.c:2873:44: error: implicit conversion from 'int'
to 'char' changes value from 128 to -128 [-Werror,-Wconstant-conversion]
*mtod(m, char *) = CPL_ASYNC_NOTIF;
~ ^~~~~~~~~~~~~~~
This is because CPL_ASYNC_NOTIF is 0x80, so the plain char argument is
wrapped to a negative value. Fix this by using uint8_t instead.
dim [Wed, 7 Sep 2016 19:02:47 +0000 (19:02 +0000)]
MFC r305345:
With clang 3.9.0, compiling ppbus(4) results in the following warnings:
sys/dev/ppbus/ppb_1284.c:296:46: error: implicit conversion from 'int'
to 'char' changes value from 144 to -112 [-Werror,-Wconstant-conversion]
if ((error = do_peripheral_wait(bus, SELECT | nBUSY, 0))) {
~~~~~~~~~~~~~~~~~~ ~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:785:48: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
if (do_1284_wait(bus, nACK | SELECT | PERROR | nBUSY,
~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:786:29: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
nACK | SELECT | PERROR | nBUSY)) {
~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
This is because nBUSY is 0x80, so the plain char argument is wrapped to
a negative value. Fix this in a minimal fashion, by using uint8_t in a
few places.
dim [Wed, 7 Sep 2016 18:33:18 +0000 (18:33 +0000)]
MFC r305085:
Fix warnings in tnftp about invalid constant conversions, e.g.:
contrib/tnftp/src/ftp.c:2067:11: error: implicit conversion from 'int'
to 'char' changes value from 255 to -1 [-Werror,-Wconstant-conversion]
buf[0] = IAC;
~ ^~~
/usr/include/arpa/telnet.h:39:13: note: expanded from macro 'IAC'
#define IAC 255 /* interpret as command: */
^~~
contrib/tnftp/src/ftp.c:2068:11: error: implicit conversion from 'int'
to 'char' changes value from 244 to -12 [-Werror,-Wconstant-conversion]
buf[1] = IP;
~ ^~
/usr/include/arpa/telnet.h:50:12: note: expanded from macro 'IP'
#define IP 244 /* interrupt process--permanently */
^~~
dim [Wed, 7 Sep 2016 18:22:08 +0000 (18:22 +0000)]
MFC r305077:
Squelch clang 3.9.0 warnings about BASE (which is 32768) being converted
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.
MFC r305086:
Fix warnings in telnet about invalid constant conversions, e.g.:
contrib/telnet/telnet/commands.c:2914:13: error: implicit conversion
from 'int' to 'char' changes value from 137 to -119
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_SSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:152:21: note: expanded from macro 'IPOPT_SSRR'
#define IPOPT_SSRR 137 /* strict source route */
^~~
contrib/telnet/telnet/commands.c:2916:13: error: implicit conversion
from 'int' to 'char' changes value from 131 to -125
[-Werror,-Wconstant-conversion]
*lsrp++ = IPOPT_LSRR;
~ ^~~~~~~~~~
/usr/include/netinet/ip.h:148:21: note: expanded from macro 'IPOPT_LSRR'
#define IPOPT_LSRR 131 /* loose source route */
^~~
MFC r303799, r303800:
ext2fs: Add defines for some missing ext4 features and inode flags.
These are currently unused in our implementation and some even appear to
have not been implemented yet on linux but it is good to keep them for
reference.
MFC r305269: cron: use existing maximum username constant MAXLOGNAME
Previously cron had its own maximum username length limit, which was
smaller than the system's MAXLOGNAME. This could lead to crontab -u
updating the wrong user's crontab (if the name was truncated, and
matched another user).
Replace alpha reference in getconf(1) with amd64 [*]
PR: 211300 [*]
r304693:
Clean up trailing whitespace
r304694:
Add `MIN_HOLE_SIZE` pathconf(2) support to getconf
This allows shell programs to programmatically determine whether
or not a filesystem supports sparse files
r304698:
Add support for _PC_ACL_NFS4 as TRUSTEDBSD_ACL_NFS4
The TRUSTEDBSD prefix was chosen for consistency with the other
related `_PC_ACL*` prefixed variables.
r305226:
MFC r304809:
Add non-TRUSTEDBSD prefixed knobs for the _PC_ACL* and {CAP,INF,MAC}_PRESENT knobs
It's not necessarily intuitive that the variables to query contain TRUSTEDBSD
in the prefix. Add non-TRUSTEDBSD prefixed knobs for querying things like
"_PC_ACL_NFS4".
hselasky [Mon, 29 Aug 2016 08:54:31 +0000 (08:54 +0000)]
MFC r304629:
Don't separate the status stage of the XHCI USB control transfers into
its own job because this breaks the simplified QEMU XHCI TRB parser,
which expects the complete USB control transfer as a series of back to
back TRBs. The old behaviour is kept under #ifdef in case this change
breaks enumeration of any USB devices.
hselasky [Mon, 29 Aug 2016 08:44:35 +0000 (08:44 +0000)]
MFC r304597:
Fix for invalid use of bits in input context. Basically split
configuring of EP0 and non-EP0 into xhci_cmd_evaluate_ctx() and
xhci_cmd_configure_ep() respectivly. This resolves some errors when
using XHCI under QEMU and gets is more in line with the XHCI
specification.
cy [Sat, 27 Aug 2016 02:53:21 +0000 (02:53 +0000)]
MFC r304779, r304780, r304781, r304782, r304802
r304779:
Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
to leap-seconds invaldidates validation hash at the end of the file.
Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.
r304780:
Change the algorithm by which /var/db/leap-seconds is updated.
1. Use the leap-seconds version number (update time) to determine
whether to update the file or not.
2. If the version numbers of the files is the same, use the later
expiry date to determine which file to use.
Suggested by: ian@
r304781:
Add logic to replace the working ntp leap-seconds file in /var/db
if it contains a $FreeBSD$ header. The header will cause the file
to fail checksum of the hash causing ntpd to ignore the file.
r304782:
Make validation of the leap-seconds file unconditional.
r304802:
Remove the gratuitous check for $FreeBSD$ and rename the function
to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
isn't already there.
hselasky [Fri, 26 Aug 2016 12:08:27 +0000 (12:08 +0000)]
MFC r304342:
Add support for setting blocking and non-blocking mode on /dev/rdma_cm
by returning success on FIONBIO and FIOASYNC IOCTLs. The actual flags
handling is done by the kern_ioctl() function.
Reported by: Alex Bowden <alex.bowden@outlook.com>
Sponsored by: Mellanox Technologies
jhb [Mon, 22 Aug 2016 17:52:10 +0000 (17:52 +0000)]
MFC 304476: Fix various nits in the aio operation manpages.
- Avoid double use of "request" in a single sentence. Instead, describe
aio_sigevent as being used to request notification of the associated
operation's completion. This matches the language used to describe
aio_sigevent in aio(4).
- Simplify the prohibition on modifying buffers while requests are in
flight.
- Fix case mismatch.
- Drop note about not using stack variables. C programmers should be able
to figure out if a stack variable is safe based on the later warning
about the life cycle requirements of control blocks.
- Remove prohibition on modifying the I/O buffer for aio_fsync() since
it does not use an I/O buffer. For aio_mlock(), prohibit modifications
to the mapping (e.g. due to mprotect, munmap, mmap, etc.) but do not
prohibit modifications to the memory backing the buffer (stores into
the pages backing the buffer).
jhb [Sat, 20 Aug 2016 00:22:39 +0000 (00:22 +0000)]
MFC 298950: Fix an off by one error when remapping MSI-X vectors.
pci_remap_msix() can be used to alter the mapping of allocated
MSI-X vectors to the MSI-X table. The code had an off by one error
when adding the IRQ resources after performing a remap. This was
fatal for any vectors in the table that used the "last" valid IRQ as
those vectors were assigned a garbage IRQ value.
hselasky [Mon, 15 Aug 2016 09:03:05 +0000 (09:03 +0000)]
MFC r303765:
Keep a reference count on USB keyboard polling to allow recursive
cngrab() during a panic for example, similar to what the AT-keyboard
driver is doing.
hselasky [Fri, 12 Aug 2016 07:59:06 +0000 (07:59 +0000)]
MFC r301039:
Add support for simplex USB MIDI devices, which only provide BULK or
INTERRUPT endpoints for moving data in one direction, like the KeyRig
49 from M-Audio.
dim [Tue, 9 Aug 2016 18:53:57 +0000 (18:53 +0000)]
MFC r228395 (by ed):
Add missing "static const" to long options table.
This table is only used in this C file and passed to getopt_long(), so
we can safely add static and const to it.
MFC r241737 (by ed):
More -Wmissing-variable-declarations fixes.
MFC r270132 (by gabor):
- Do not look for more matching lines if -L is specified
Submitted by: eadler (based on)
MFC r296799 (by ian):
Fix a bug in bsdgrep that caused the program to hang in a tight loop for
some combinations of command line options and search patterns. The code was
examining regexec flags looking for a regcomp flag value. The fix is to
look in the struct field where the decoded regcomp flag was stored when the
regex was compiled.
With this fix, it's possible to build WITHOUT_GNU_GREP_COMPAT and
WITH_BSDGREP and have a usable GPL-free grep (which of course lacks gnugrep
extensions). It now passes the kyua tests except for one test that requires
the -z/--null-data gnu extension, and one test involving outputting context
lines across multiple files which appears to sometimes output an extra
delimiter line ("--") between matches (a rather obscure failure of a rather
obscure feature, so bsdgrep should be generally usable now).
MFC r303676:
Fix a segfault in bsdgrep when parsing the invalid extended regexps "?"
or "+" (these are invalid, because there is no preceding operand).
When bsdgrep attempts to emulate GNU grep in discarding and ignoring the
invalid ? or + operators, some later logic in tre_compile_fast() goes
beyond the end of the buffer, leading to a crash.
Fix this by bailing out, and reporting a bad pattern instead.
jhb [Sat, 6 Aug 2016 23:53:33 +0000 (23:53 +0000)]
MFC 303076,303225: Use MTX_SYSINIT for the VESA lock.
303076:
vesa: fix panic on suspend
Fix the following panic seen when migrating a FreeBSD guest on Xen:
panic: mtx_lock() of destroyed mutex @ /usr/src/sys/dev/fb/vesa.c:541
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe001d2fa4f0
vpanic() at vpanic+0x182/frame 0xfffffe001d2fa570
kassert_panic() at kassert_panic+0x126/frame 0xfffffe001d2fa5e0
__mtx_lock_flags() at __mtx_lock_flags+0x15b/frame 0xfffffe001d2fa630
vesa_bios_save_restore() at vesa_bios_save_restore+0x78/frame 0xfffffe001d2fa680
vga_suspend() at vga_suspend+0xa3/frame 0xfffffe001d2fa6b0
isavga_suspend() at isavga_suspend+0x1d/frame 0xfffffe001d2fa6d0
bus_generic_suspend_child() at bus_generic_suspend_child+0x44/frame
[...]
This is caused because vga_sub_configure (which is called if the VGA adapter
is attached after VESA tried to initialize), points to vesa_configure, which
doesn't initialize the VESA mutex. In order to fix it, make sure
vga_sub_configure points to vesa_load, so that all the needed vesa
components are properly initialized.
303225:
Use MTX_SYSINIT for the VESA lock.
vesa_init_done isn't a reliable guard for the mutex init. If
vesa_configure() doesn't find valid VESA info it will not set
vesa_init_done, but the lock will remain initialized. Revert r303076
and use MTX_SYSINIT to deterministically init the lock.
jhb [Fri, 5 Aug 2016 17:14:45 +0000 (17:14 +0000)]
MFC 302181: Add a tunable to disable migration of MSI-X interrupts.
The new 'machdep.disable_msix_migration' tunable can be set to 1 to
disable migration of MSI-X interrupts.
Xen versions prior to 4.6.0 do not properly handle updates to MSI-X
table entries after the initial write. In particular, the operation
to unmask a table entry after updating it during migration is not
propagated to the "real" table for passthrough devices causing the
interrupt to remain masked. At least some systems in EC2 are
affected by this bug when using SRIOV. The tunable can be set in
loader.conf as a workaround.
ngie [Wed, 3 Aug 2016 01:26:02 +0000 (01:26 +0000)]
MFstable/10 r303692:
MFstable/11 r303691:
MFC r302550,r302551,r302552,r302553:
r302550:
Deobfuscate cleanup path in clnt_dg_create(..)
Similar to r300836 and r301800, cl and cu will always be non-NULL as they're
allocated using the mem_alloc routines, which always use
`malloc(..., M_WAITOK)`.
Deobfuscating the cleanup path fixes a leak where if cl was NULL and
cu was not, cu would not be free'd, and also removes a duplicate test for
cl not being NULL.
Similar to r300836, r301800, and r302550, cl and ct will always
be non-NULL as they're allocated using the mem_alloc routines,
which always use `malloc(..., M_WAITOK)`.
MFC 303109: Update crashinfo to work with newer gdb from ports.
If gdb from ports is installed, use it instead of the base system gdb
to extract variables from a kernel. Note that base gdb and ports gdb
do not support the same options for invoking a single command in batch
mode, so a wrapper shell function is used. In addition, prefer kgdb
from ports when generating a backtrace if present.
MFC 302899: Add documentation for the sigevent structure.
- Add a sigevent(3) manpage to give a general overview of the sigevent
structure and the available notification mechanisms.
- Document that AIO requests contain a nested sigevent structure that can
be used to request completion notification.
- Expand the sigevent details in other manuals to note details such as
the extra values stored in a queued signal's information or in a posted
kevent.
MFC 299977: Use polling spin loops for timeouts during early boot.
Some ACPI operations such as mutex acquires and event waits accept a
timeout. The ACPI OSD layer implements these timeouts by using regular
sleep timeouts. However, this doesn't work during early boot before
event timers are setup. Instead, use polling combined with DELAY()
to spin.
This fixes booting on upcoming Intel systems with Kaby Lake processors.