* Cache moea64_need_lock in a local variable; gcc generates slightly better
code this way, it doesn't need to reload the value from memory each read.
* VPN cropping is only needed on PowerPC ISA 2.02 and older cores, a subset
of those that need serialization, so move this under the need_lock check,
so those that don't need the lock don't even need to check this.
kevans [Tue, 26 Mar 2019 02:45:23 +0000 (02:45 +0000)]
Allow kernel config to specify DTS/DTSO to build, and out-of-tree support
This allows for directives such as
makeoptions DTS+=/out/of/tree/myboard.dts
# in tree! Same rules applied as if this were in a dtb/ module
makeoptions DTS+=otherboard.dts
to be specified in config(5) and have these built/installed alongside th
kernel. The assumption that overlays live in an overlays/ directory is only
made for in-tree DTSO, but we still make the assumption that out-of-tree
arm64 DTS will be in vendored directories (for now).
This lowers the cost to hacking on an overlay or dts by being able to
quickly throw it in a custom config, especially if it doesn't fit one of the
current dtb/modules quite appropriately or it's not intended for commit
there.
The build/install targets were split out of dtb.mk to centralize the build
logic and leave out the all/realinstall/CLEANFILES additions... it was
believed that we didn't want to pollute the kernel build with these.
The build rules were converted to suffix rules at the suggestion of Ian to
clean things up a little bit in a world where we can have mixed
in-tree/out-of-tree DTS/DTSO specified.
Reviewed by: ian
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D19351
kevans [Tue, 26 Mar 2019 02:33:27 +0000 (02:33 +0000)]
lualoader: Clear the screen before prompting for password
Assuming that the autoboot sequence was interrupted, we've done enough
cursor manipulation that the prompt for the password will be sufficiently
obscured a couple of lines up. Clear the screen and reset the cursor
position here, too.
markj [Mon, 25 Mar 2019 21:38:58 +0000 (21:38 +0000)]
Reject F_SETLK_REMOTE commands when sysid == 0.
A sysid of 0 denotes the local system, and some handlers for remote
locking commands do not attempt to deal with local locks. Note that
F_SETLK_REMOTE is only available to privileged users as it is intended
to be used as a testing interface.
Reviewed by: kib
Reported by: syzbot+9c457a6ae014a3281eb8@syzkaller.appspotmail.com
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19702
mm [Mon, 25 Mar 2019 11:49:57 +0000 (11:49 +0000)]
MFV r345495:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader [1]
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)
bde [Mon, 25 Mar 2019 11:48:40 +0000 (11:48 +0000)]
Fix another type of buffer overrun for segmented modes. The buffer index
was not taken modulo the window size in VGLClear().
Segmented modes also need a kernel fix to almost work. The ioctl to set
the window origin is broken.
These bugs are rarely problems since non-VESA modes only need
segmentation to support multiple pages but libvgl doesn't support
multiple pages and treats these modes as non-segmented, and VESA modes
are usually mapped linearly except on old hardware so they really are
non-segmented.
Relevant vendor changes:
PR #1153: fixed 2 bugs in ZIP reader
PR #1143: ensure archive_read_disk_entry_from_file() uses ARCHIVE_READ_DISK
Changes to file flags code, support more file flags on FreeBSD:
UF_OFFLINE, UF_READONLY, UF_SPARSE, UF_REPARSE, UF_SYSTEM
UF_ARCHIVE is not supported by intention (yet)
allanjude [Mon, 25 Mar 2019 07:46:20 +0000 (07:46 +0000)]
Make TMPFS_PAGES_MINRESERVED a kernel option
TMPFS_PAGES_MINRESERVED controls how much memory is reserved for the system
and not used by tmpfs.
On very small memory systems, the default value may be too high and this
prevents these small memory systems from using reroot, which is required
for them to install firmware updates.
bde [Sun, 24 Mar 2019 20:43:21 +0000 (20:43 +0000)]
Oops, my previous commit to libvgl was missing the change of VGLSetBorder()
to match the change in its declaration. Change the declaration back to
"byte color" since setting of the border color is not supported for more
than 256 colors.
bde [Sun, 24 Mar 2019 19:41:45 +0000 (19:41 +0000)]
Add support for arbitrary font widths. Only multiples of 8 were supported.
Since the font format is undocumented, it is unclear how non-multiples
of 8 should be padded to bytes in the font file. Use the same
representation as bdf text format (big- endian, with padding in the
lower bits).
bde [Sun, 24 Mar 2019 19:27:03 +0000 (19:27 +0000)]
Fix reading of pixels in (4 and 8-plane) planar modes.
There seems to be no alternative to reading each plane independently using
3 slow i/o's per plane (this delivers 8 nearby pixels, but we don't buffer
the results so run 8 times slower than necessary.
All the code for this was there, but it was ifdefed out and replaced by
simpler code that cannot work in planar modes. The ifdefed out code
was correct except it was missing a volatile declaration, so compilers
optimized the multiple dummy reads in it to a single read.
ian [Sun, 24 Mar 2019 19:11:45 +0000 (19:11 +0000)]
Support device-independent labels for geom_flashmap slices.
While geom_flashmap has always supported label names for its slices, it does
so by appending "s.labelname" to the provider device name, meaning you still
have to know the name and unit of the hardware device to use the labels.
These changes add support for device-independent geom_flashmap labels, using
the standard geom_label infrastructure. geom_flashmap now creates a softc
struct attached to its geom, and as it creates slices it stores the label
into an array in the softc. The new geom_label_flashmap uses those labels
when tasting a geom_flashmap provider.
scottl [Sun, 24 Mar 2019 19:09:50 +0000 (19:09 +0000)]
r329522 created problemss with commands that enter the TIMEDOUT state but
are successfully returned by the card (usually due to an abort being issued
as part of timeout recovery). Remove what amounts to an insufficient
KASSERT, and don't overwrite the state value. State should probably be
re-designed, and that will be done with a future commit.
bde [Sun, 24 Mar 2019 18:57:03 +0000 (18:57 +0000)]
Fix buffer overruns in modes with color depth more than 8.
Support for 16-bit and 32-bit Truecolor modes was supposed to be
complete in r70991 of main.c and in nearby revisions for other files, but
it was broken by the overruns in most cases (all cases were the mouse
is enabled, and most cases where bitmaps are used). r70991 also
uninintentionally added support for depths 9-15, 17-23 and 25-31.
Depth 24 was more obviously broken and its support is ifdefed out. In
the other ranges, only depth 15 is common. It was broken by buffer
overruns in all cases.
bitmap.c:
- the static buffer was used even when it was too small (but it was
large enough to often work accidentally in depth 16)
- the size of the dynamically allocated buffer was too small
- the sizing info bitmap->PixelBytes was not inititialzed in the bitmap
constructor. It often ended up as 0 for MEMBUFs, so using it in more
places gave more null pointer accesses. (It is per-bitmap, but since
conversion between bitmaps of different depths is not supported (except
from 4 bits by padding to 8), it would work better if it were global.)
main.c:
- depths were rounded down instead of up to a multiple of 8, so PixelBytes
was 1 too small for depths above 8 except 16, 24 and 32.
- PixelBytes was not initialized for 4-bit planar modes. It isn't really
used for frame buffer accesses in these modes, but needs to be 1 in
MEMBUF images.
mouse.c:
- the mouse cursor buffers were too small.
vgl.h:
- PixelBytes was not initialized in the static bitmap constructor. It
should be initialized to the value for the current mode, but that is
impossible in a static constructor. Initialize it to -1 so as to
fail if it is used without further initialization.
All modes that are supposed to be supported now don't crash in
nontrivial tests, and almost work. Missing uses of PixelBytes now
give in-bounds wrong pointers instead of overruns. Misconversions of
bitmaps give multiple miscolored mouse cursors instead of 1 white one,
and similarly for bitmaps copied through a MEMBUF.
ian [Sun, 24 Mar 2019 18:51:52 +0000 (18:51 +0000)]
Distinguish between "no partition" and "choose best partition" with a constant.
The values of the d_slice and d_partition fields of a disk_devdesc have a
few values with special meanings in the disk_open() routine. Through various
evolutions of the loader code over time, a d_partition value of -1 has
meant both "use the first ufs partition found in the bsd label" and "don't
open a bsd partition at all, open the raw slice."
This defines a new special value of -2 to mean open the raw slice, and it
gives symbolic names to all the special values used in d_slice and
d_partition, and adjusts all existing uses of those fields to use the new
constants.
The phab review for this timed out without being accepted, but I'm still
citing it below because there is useful commentary there.
ian [Sun, 24 Mar 2019 18:02:27 +0000 (18:02 +0000)]
Revert accidental change that should not have been included in r345475.
I had changed this value as part of a local experiment, and neglected to
change it back before committing the other changes.
ian [Sun, 24 Mar 2019 17:53:26 +0000 (17:53 +0000)]
Truncate a too-long interrupt handler name when there is only one handler.
There are only 19 bytes available for the name of an interrupt plus the
name(s) of handlers/drivers using it. There is a mechanism from the days of
shared interrupts that replaces some of the handler names with '+' when they
don't all fit into 19 bytes.
In modern times there is typically only one device on an interrupt, but long
device names are the norm, especially with embedded systems. Also, in systems
with multiple interrupt controllers, the names of the interrupts themselves
can be long. For example, 'gic0,s54: imx6_anatop0' doesn't fit, and
replacing the device driver name with a '+' provides no useful info at all.
When there is only one handler but its name was too long to fit, this
change truncates enough leading chars of the handler name (replacing them
with a '-' char to indicate that some chars are missing) to use all 19
bytes, preserving the unit number typically on the end of the name. Using
the prior example, this results in: 'gic0,s54:-6_anatop0' which provides
plenty of info to figure out which device is involved.
PR: 211946
Reviewed by: gonzo@ (prior version without the '-' char)
Differential Revision: https://reviews.freebsd.org/D19675
bde [Sun, 24 Mar 2019 16:47:43 +0000 (16:47 +0000)]
Fix libvgl to not always fail to initialize due to its invalid mmap()
args (neither MAP_PRIVATE nor MAP_SHARED). It was broken in r271635
and/or r271724 by stricter checking. The compatibility code in r271724
doesn't work for my old binaries (actually new binaries with old
libraries).
dchagin [Sun, 24 Mar 2019 14:50:02 +0000 (14:50 +0000)]
Update syscall.master to 5.0.
For 32-bit Linuxulator, ipc() syscall was historically
the entry point for the IPC API. Starting in Linux 4.18, direct
syscalls are provided for the IPC. Enable it.
dchagin [Sun, 24 Mar 2019 14:44:35 +0000 (14:44 +0000)]
Linux between 4.18 and 5.0 split IPC system calls.
In preparation for doing this in the Linuxulator modify our linux_shmat()
to match actual Linux shmat() system call.
tuexen [Sat, 23 Mar 2019 22:46:29 +0000 (22:46 +0000)]
Limit the number of bytes which can be queued for SCTP sockets.
This is joint work with rrs@.
Reported by: syzbot+307f167f9bc214f095bc@syzkaller.appspotmail.com
MFC after: 1 week
rpokala [Sat, 23 Mar 2019 19:53:15 +0000 (19:53 +0000)]
Add descriptions for sysctls in kern_mib.c and sysctl.3 which lack them.
r343532 noted the difference between "hw.realmem" and "hw.physmem", which I
was previously unaware of. I discovered that neither sysctl had a
description visible via `sysctl -d', so I found where they were defined and
added suitable descriptions. While in the file, I went ahead and added
descriptions for all the others which lacked them. I also updated sysctl.3
accordingly
kib [Sat, 23 Mar 2019 16:36:18 +0000 (16:36 +0000)]
ASLR: check for max_addr after applying randomization, not before.
Otherwise resulting address from vm_map_find() migh not satisfy the
upper limit. For instance, it could affect MAP_32BIT flag from 64bit
processes.
Found by: Doug Moore <dougm@rice.edu>
Reviewed by: alc, Doug Moore <dougm@rice.edu>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D19688
ae [Sat, 23 Mar 2019 15:41:32 +0000 (15:41 +0000)]
Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).
dim [Sat, 23 Mar 2019 14:10:05 +0000 (14:10 +0000)]
Pull in r356809 from upstream llvm trunk (by Eli Friedman):
[ARM] Don't form "ands" when it isn't scheduled correctly.
In r322972/r323136, the iteration here was changed to catch cases at
the beginning of a basic block... but we accidentally deleted an
important safety check. Restore that check to the way it was.
This should fix "Assertion failed: (LiveCPSR && "CPSR liveness tracking
is wrong!"), function UpdateCPSRUse" errors when building the devel/xwpe
port for armv7.
mw [Sat, 23 Mar 2019 05:13:51 +0000 (05:13 +0000)]
Allow using TPM as entropy source.
TPM has a built-in RNG, with its own entropy source.
The driver was extended to harvest 16 random bytes from TPM every 10 seconds.
A new build option "TPM_HARVEST" was introduced - for now, however, it
is not enabled by default in the GENERIC config.
Attempting to build www/firefox on POWER9 resulted in a HMI exception being
thrown, a fatal trap currently. This is typically caused by timer facility
errors, but examination of the Hypervisor Maintenance Exception Register
(HMER) yielded only that an exception had recovered, with no information of
the actual exception cause.
When an HMI occurs, OPAL_HANDLE_HMI or OPAL_HANDLE_HMI2 must be called to
handle the exception at the firmware level. If the exception is handled, we
can continue.
This adds only the preliminary handler, enough to prevent package building
from panicking. An enhancement in the future is to use the flags returned
by OPAL_HANDLE_HMI2 to print more useful error messages, and log maintenance
events.
mw [Sat, 23 Mar 2019 02:48:47 +0000 (02:48 +0000)]
Update mvneta/e6000sw for new DSA Device Tree Bindings
In the latest Linux kernel revisions the DSA (Distributed
Switch Architecture) device tree binding was changed.
Instead of the top level dsa@ node, the switch and its
ports is represented as a child node of the mdio bus.
With that other modifications were added, such as
relation with the ethernet port of the SoC. Adjust
e6000sw etherswitch and mvneta drivers to that.
Tested on Armada 3720 EspressoBin and Armada 388 Clearfog Pro boards.
oshogbo [Sat, 23 Mar 2019 02:17:07 +0000 (02:17 +0000)]
strings: return an error code and the char value separately
If we returning 32 bits value it's hard to distinguish if the returned value
is a valid one or if its an error (in case of EOF). For that reason separate
exit code of the function from the returned character.
jhibbits [Fri, 22 Mar 2019 22:14:14 +0000 (22:14 +0000)]
powerpc: Re-merge isa3 HPT with moea64 native HPT
r345402 fixed the bug that led to the split of the ISA 3.0 HPT handling from
the existing manager. The cause of the bug was gcc moving the register
holding VPN to a different register (not r0), which triggered bizarre
behaviors. With the fix, things work, so they can be re-merged. No
performance lost with the merge.
avg [Fri, 22 Mar 2019 17:44:47 +0000 (17:44 +0000)]
Revert r345410, VOP_FSYNC change in ZFS vdev_file
I overlooked the fact that that VOP_FSYNC() call is not a FreeBSD VFS
call, but a macro that provides an illumos-compatible wrapper for the
FreeBSD operation.
avg [Fri, 22 Mar 2019 10:38:22 +0000 (10:38 +0000)]
intpm: change translation of HBA error status to smbus(4) errors
PIIX4_SMBHSTSTAT_ERR can be set for several reasons that, unfortunately,
cannot be distinguished, but the most typical case is a missing or hung
slave (SMB_ENOACK).
PIIX4_SMBHSTSTAT_FAIL means failed or killed / aborted transaction, so
it's previous mapping to SMB_ENOACK was not ideal.
After this change an smb(4) access to a missing slave results in ENXIO
rather than EIO. To me, that seems to be more appropriate.
cperciva [Fri, 22 Mar 2019 06:33:26 +0000 (06:33 +0000)]
Build if_ena.ko on arm64.
This module provides support for the Amazon Elastic Network Adapter; it
was previously only built on x86 architectures, but Amazon EC2 now also
has ARM64 instances with this hardware.
cperciva [Fri, 22 Mar 2019 06:28:37 +0000 (06:28 +0000)]
Initialize uart_bus_space_mem.
This value was being used uninitialized, resulting in predictable issues
on systems with memory-mapped UART registers.
A case could be made that memmap_bus should be declared in a header
rather than being declared in each .c file which needs to refer to it,
but that's a broader style question.
This commit unbreaks hw.uart.console="mm:..." on ARM64.
jhibbits [Fri, 22 Mar 2019 01:43:31 +0000 (01:43 +0000)]
powerpc64: Handle the modern (2.05+) implementaiton of tlbie
By happenstance gcc4 puts 'vpn' into r0 in all uses of TLBIE(), but modern
gcc does not. Also, the single-argument form of tlbie zeros all unused
arguments, making the modern tlbie instruction use r0 as the RS field
(LPID).
The vpn argument has the bottom 12 bits cleared (the input having been
left-shifted by 12 bits), which just so happens, on the POWER9 and previous
incarnations, to be the number of LPID bits supported. With those bits
being zero, the instruction:
tlbie r0, r0
will invalidate the VPN in r0, in LPAR 0 (ignoring the upper bits of r0 for
the RS field). One build with gcc8 yields:
tlbie r9, r0
with r0 having arbitrary contents, not equal to r9. This leads to strange
crashes, behaviors, and panics, due to the requested TLB entry not actually
being invalidated.
As the moea64_native must work on both old and new, we explicitly zero out
r0 so that it can work with only the single argument, built with base gcc
and modern gcc. isa3_hashtb takes a different approach, encoding the
two-argument form, soas not to explicitly clobber r0, and instead let the
compiler decide.
markj [Thu, 21 Mar 2019 19:52:50 +0000 (19:52 +0000)]
Disallow preemptive creation of wired superpage mappings.
There are some unusual cases where a process may cause an mlock()ed
range of memory to be unmapped. If the application subsequently
faults on that region, the handler may attempt to create a superpage
mapping backed by the resident, wired pages. However, the pmap code
responsible for creating such a mapping (pmap_enter_pde() on i386
and amd64) does not ensure that a leaf page table page is available
if the superpage is later demoted; the demotion operation must therefore
perform a non-blocking page allocation and must unmap the entire
superpage if the allocation fails. The pmap layer ensures that this
can never happen for wired mappings, and so the case described above
breaks that invariant.
For now, simply ensure that the MI fault handler never attempts to
create a wired superpage except via promotion.
Reviewed by: kib
Reported by: syzbot+292d3b0416c27c131505@syzkaller.appspotmail.com
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19670
glebius [Thu, 21 Mar 2019 16:15:29 +0000 (16:15 +0000)]
Always create ipfw(4) hooks as long as module is loaded.
Now enabling ipfw(4) with sysctls controls only linkage of hooks to default
heads. When module is loaded fetch sysctls as tunables, to make it possible
to boot with ipfw(4) in kernel, but not linked to any pfil(9) hooks.
gjb [Thu, 21 Mar 2019 14:17:55 +0000 (14:17 +0000)]
Bump the IMAGE_SIZE for arm64 SoC images to prevent failures due
to full filesystem. This makes the size of the arm64 SoC images
consistent with armv6 and armv7.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
kib [Thu, 21 Mar 2019 13:30:48 +0000 (13:30 +0000)]
nullfs: fix unmounts when filesystem is active.
If vflush() did not completely flushed the mount vnodes queue, either
retry for forced unmounts, or give up for non-forced. This situation
can occur when new vnodes are instantiated while vflush() worked.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
mw [Thu, 21 Mar 2019 10:51:36 +0000 (10:51 +0000)]
Add bus_release_resource() method to nexus on arm64
The nexus module was missing method for releasing bus resources. As a
result, it couldn't be released and the bus_release_resource() call would
return ENXIO.
Next call to bus_alloc_resource() for the same resource was returning
error, because it wasn't released previously and it was still busy.
The implementation of the nexus_release_resource() is the same as for
arm architecture.
Submitted by: Michal Krawczyk <mk@semihalf.com> Reported-by: Greg V <greg@unrelenting.technology> Tested-by: cperciva, Greg V <greg@unrelenting.technology>
Obtained from: Semihalf
MFC after: 2 weeks
Sponsored by: Amazon, Inc.
Differential revision: https://reviews.freebsd.org/D19641
cperciva [Thu, 21 Mar 2019 08:54:34 +0000 (08:54 +0000)]
Recognize the Amazon PCI serial device found in a1.* EC2 instances
as an NS8250 UART.
This is the same as the UART found in EC2 "bare metal" instances,
except that the card vendor shows up as 0x0000 rather than 0x1d0f.
This seems like a bug in the EC2 firmware; but we might as well support
it anyway.
kp [Thu, 21 Mar 2019 08:09:52 +0000 (08:09 +0000)]
pf: Ensure that IP addresses match in ICMP error packets
States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection. It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet. Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.
Reported by: Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at Synacktiv
Obtained from: OpenBSD
Security: CVE-2019-5598
imp [Thu, 21 Mar 2019 06:27:58 +0000 (06:27 +0000)]
Make WD and WDC aliases for HGST.
HGST was bought by WDC. Over the years, it has sold different drives
branded as HGST, WD or WDC. All of them need the HGST workaround of
sending 4k-sized packets (or multiples of 4k). And the ones that don't
really need this aren't broken by this change. Submitter is the vendor
who has tested these changes on a number of drives. I've simplified it
slightly, since we don't need additional vendors for this at this
time.
Submitted by: JacobBurley via github on behalf of WDC
Pull Request: https://github.com/freebsd/freebsd/pull/391