Michael Tuexen [Fri, 18 Dec 2020 10:13:28 +0000 (10:13 +0000)]
MFC r368593:
Clean up more resouces of an existing SCTP association in case of
a restart.
This fixes a use-after-free scenario, which was reported by Felix
Wilhelm from Google in case a peer is able to modify the cookie.
However, this can also be triggered by an assciation restart under
some specific conditions.
MFC r368622:
Harden the handling of outgoing streams in case of an restart or INIT
collision. This avouds an out-of-bounce access in case the peer can
break the cookie signature. Thanks to Felix Wilhelm from Google for
reporting the issue.
Michael Tuexen [Fri, 18 Dec 2020 10:08:11 +0000 (10:08 +0000)]
MFC r368394:
When dropping packets (RRQ or WRQ) for debugging, report the send
operation as successful. Reporting a failure stops the transfer
instead of using timeouts.
MFC r368521:
Fix the TFTP client when performing a RRQ for files smaller than 512 bytes
and the server not sending an OACK:
* Close the file.
* Report the correct the number of received blocks.
MFC r368647:
Improve the counting of blocks used to transfer a file from the
server to the client in case of not using an OACK: Don't miss
the first block in case of it is not also the last one.
MFC r368657:
When receiving a file having a length, which is a mulitple of the blocksize,
close the file once it is received.
Ryan Libby [Fri, 18 Dec 2020 08:40:33 +0000 (08:40 +0000)]
MFC r350739-r350740 (by cem)
r350739:
Disable useless -Wformat-zero-length
It is part of -Wformat, which is enabled by -Wall. Empty format strings are
well defined and it is perfectly reasonable to expect them in a formatting
interface.
r350740:
r350739 try #2
For some inexplicable reason, C++ compilers reject the -Wno- flag, and also
(ab)use CWARNFLAGS.
Ryan Libby [Fri, 18 Dec 2020 08:29:38 +0000 (08:29 +0000)]
MFC r357019:
uma: fix zone domain overlaying pcpu cache with disabled cpus
UMA zone structures have two arrays at the end which are sized according
to the machine: an array of CPU count length, and an array of NUMA
domain count length. The CPU counting was wrong in the case where some
CPUs are disabled (when mp_ncpus != mp_maxid + 1), and this caused the
second array to be overlaid with the first.
Michal Meloun [Thu, 17 Dec 2020 13:17:26 +0000 (13:17 +0000)]
MFC r368167,r368187,r368203:
r368167:
NVME: Don't try to swap data on little endian machines. These swapping
functions violate BUSDMA contract - we cannot write to armed (by
bus_dmamap_sync(PRE_..)) buffers. Remove them at least from little endian
machines until a better solution will be developed.
r368187:
Unbreak r368167 in userland. Decorate unused arguments.
r368203:
Always use the __unused attribute even for potentially unused parameters.
Michal Meloun [Thu, 17 Dec 2020 12:58:05 +0000 (12:58 +0000)]
MFC r368364:
DesignWare PCIe driver: Don't call bus_generic_attach() twice.
bus_generic_attach() should be called from the attach function of the real
implementation, not from the common init function.
Martin Matuska [Wed, 16 Dec 2020 22:24:20 +0000 (22:24 +0000)]
MFC r368207,368607:
MFC r368207:
Update libarchive to 3.5.0
Relevant vendor changes:
Issue #1258: add archive_read_support_filter_by_code()
PR #1347: mtree digest reader support
Issue #1381: skip hardlinks pointing to itself on extraction
PR #1387: fix writing of cpio archives with hardlinks without file type
PR #1388: fix rdev field in cpio format for device nodes
PR #1389: completed support for UTF-8 encoding conversion
PR #1405: more formats in archive_read_support_format_by_code()
PR #1408: fix uninitialized size in rar5_read_data
PR #1409: system extended attribute support
PR #1435: support for decompression of symbolic links in zipx archives
Issue #1456: memory leak after unsuccessful archive_write_open_filename
MFC r368607:
Sync libarchive with vendor.
Vendor changes:
Issue #1461: Unbreak build without lzma
Issue #1462: warc reader: Fix build with gcc11
Issue #1463: Fix code compatibility in test_archive_read_support.c
Issue #1464: Use built-in strnlen on platforms where not available
Issue #1465: warc reader: fix undefined behaviour in deconst() function
Ian Lepore [Wed, 16 Dec 2020 17:09:38 +0000 (17:09 +0000)]
MFC 368585:
Provide userland notification of gpio pin changes ("userland gpio interrupts").
This is an import of the Google Summer of Code 2018 project completed by
Christian Kramer (and, sadly, ignored by us for two years now). The goals
stated for that project were:
FreeBSD already has support for interrupts implemented in the GPIO
controller drivers of several SoCs, but there are no interfaces to take
advantage of them out of user space yet. The goal of this work is to
implement such an interface by providing descriptors which integrate
with the common I/O system calls and multiplexing mechanisms.
The initial imported code supports the following functionality:
- A kernel driver that provides an interface to the user space; the
existing gpioc(4) driver was enhanced with this functionality.
- Implement support for the most common I/O system calls / multiplexing
mechanisms:
- read() Places the pin number on which the interrupt occurred in the
buffer. Blocking and non-blocking behaviour supported.
- poll()/select()
- kqueue()
- signal driven I/O. Posting SIGIO when the O_ASYNC was set.
- Many-to-many relationship between pins and file descriptors.
- A file descriptor can monitor several GPIO pins.
- A GPIO pin can be monitored by multiple file descriptors.
- Integration with gpioctl and libgpio.
I added some fixes (mostly to locking) and feature enhancements on top of
the original gsoc code. The feature ehancements allow the user to choose
between detailed and summary event reporting. Detailed reporting provides
a record describing each pin change event. Summary reporting provides the
time of the first and last change of each pin, and a count of how many times
it changed state since the last read(2) call. Another enhancement allows
the recording of multiple state change events on multiple pins between each
call to read(2) (the original code would track only a single event at a time).
The phabricator review for these changes timed out without approval, but I
cite it below anyway, because the review contains a series of diffs that
show how I evolved the code from its original state in Christian's github
repo for the gsoc project to what is being commited here. (In effect,
the phab review extends the VC history back to the original code.)
Submitted by: Christian Kramer
Obtained from: https://github.com/ckraemer/freebsd/tree/gsoc2018
Differential Revision: https://reviews.freebsd.org/D27398
atkbdc(4): Add quirk for "System76 lemur Pro" laptops.
Currently atkbdc(4) assumes all coreboot BIOSes belonging to Chromebooks
and unconditionally sets a number of quirks to workaround known issues.
Exclude "System76" laptops from this set as they appeared to be a
traditional hardware ("lemur Pro" is a rebranded Clevo chassis) with
coreboot firmware on board. KBDC_QUIRK_KEEP_ACTIVATED quirk activated for
Chromebook platform makes keyboard on this devices inoperable.
"Purism Librem" laptops may require the same exclusion too.
PR: 250711
Reported by: nick.lott@gmail.com
r367854:
psm(4): Disable AUX multiplexer probing on all Lenovo laptops.
Rudimentary AUX multiplexing support was added to kernel to make possible
touchpad initialization on some HP EliteBook laptops with trackpoint.
Disable multiplexer probing on all Lenovo laptops now as they use touchpad
pass-through port rather than AUX multiplexer to connect trackpoint and
at least two model (X120e and X121e) is known for getting PS/2 AUX port
dysfunctional after switching back to hidden multiplexing mode.
AUX MUX probing can be reenabled with setting of hw.psm.mux_disabled loader
tunable to 0.
PR: 249987
Reported by: jwb
r368365:
atkbd(4): Change quirk table end-of-list marker to NULL vendor/maker/product
This fixes regression introduced in r367349 which effectively resulted in
truncation of quirk table.
Kyle Evans [Tue, 15 Dec 2020 21:54:31 +0000 (21:54 +0000)]
MFC r368326: kern: soclose: don't sleep on SO_LINGER w/ timeout=0
This is a valid scenario that's handled in the various protocol layers where
it makes sense (e.g., tcp_disconnect and sctp_disconnect). Given that it
indicates we should immediately drop the connection, it makes little sense
to sleep on it.
This could lead to panics with INVARIANTS. On non-INVARIANTS kernels, this
could result in the thread hanging until a signal interrupts it if the
protocol does not mark the socket as disconnected for whatever reason.
Kyle Evans [Tue, 15 Dec 2020 21:53:54 +0000 (21:53 +0000)]
MFC r368388: bectl: simplify the tail end of the jail cmd
This has already confused me once (and I'm pretty sure I wrote it), so let's
clarify: unjailing after the command has completed will only happen if we're
interactive and -U has not been specified.
This just folds two conditionals together to make it obvious how -b/-U
interact with each other.
Kyle Evans [Tue, 15 Dec 2020 21:53:15 +0000 (21:53 +0000)]
MFC r368462: cpuset_set{affinity,domain}: do not allow empty masks
cpuset_modify() would not currently catch this, because it only checks that
the new mask is a subset of the root set and circumvents the EDEADLK check
in cpuset_testupdate().
This change both directly validates the mask coming in since we can
trivially detect an empty mask, and it updates cpuset_testupdate to catch
stuff like this going forward by always ensuring we don't end up with an
empty mask.
The check_mask argument has been renamed because the 'check' verbiage does
not imply to me that it's actually doing a different operation. We're either
augmenting the existing mask, or we are replacing it entirely.
Kyle Evans [Tue, 15 Dec 2020 21:52:31 +0000 (21:52 +0000)]
MFC r368461: kern: cpuset: resolve race between cpuset_lookup/cpuset_rel
The race plays out like so between threads A and B:
1. A ref's cpuset 10
2. B does a lookup of cpuset 10, grabs the cpuset lock and searches
cpuset_ids
3. A rel's cpuset 10 and observes the last ref, waits on the cpuset lock
while B is still searching and not yet ref'd
4. B ref's cpuset 10 and drops the cpuset lock
5. A proceeds to free the cpuset out from underneath B
Resolve the race by only releasing the last reference under the cpuset lock.
Thread A now picks up the spinlock and observes that the cpuset has been
revived, returning immediately for B to deal with later.
Kyle Evans [Tue, 15 Dec 2020 21:51:45 +0000 (21:51 +0000)]
MFC r368460: kern: cpuset: plug a unr leak
cpuset_rel_defer() is supposed to be functionally equivalent to
cpuset_rel() but with anything that might sleep deferred until
cpuset_rel_complete -- this setup is used specifically for cpuset_setproc.
Add in the missing unr free to match cpuset_rel. This fixes a leak that
was observed when I wrote a small userland application to try and debug
another issue, which effectively did:
cpuset(&newid);
cpuset(&scratch);
newid gets leaked when scratch is created; it's off the list, so there's
no mechanism for anything else to relinquish it. A more realistic reproducer
would likely be a process that inherits some cpuset that it's the only ref
for, but it creates a new one to modify. Alternatively, administratively
reassigning a process' cpuset that it's the last ref for will have the same
effect.
Kristof Provost [Tue, 15 Dec 2020 15:33:28 +0000 (15:33 +0000)]
MFC r368237:
if: Fix panic when destroying vnet and epair simultaneously
When destroying a vnet and an epair (with one end in the vnet) we often
panicked. This was the result of the destruction of the epair, which destroys
both ends simultaneously, happening while vnet_if_return() was moving the
struct ifnet to its home vnet. This can result in a freed ifnet being re-added
to the home vnet V_ifnet list. That in turn panics the next time the ifnet is
used.
Prevent this race by ensuring that vnet_if_return() cannot run at the same time
as if_detach() or epair_clone_destroy().
Kristof Provost [Tue, 15 Dec 2020 08:29:45 +0000 (08:29 +0000)]
MFC r368588:
pf: Allow net.pf.request_maxcount to be set from loader.conf
Mark request_maxcount as RWTUN so we can set it both at runtime and from
loader.conf. This avoids users getting caught out by the change from tunable to
run time configuration.
Brooks Davis [Mon, 14 Dec 2020 22:07:07 +0000 (22:07 +0000)]
MFC r368561:
ndis(4): expand deprecation to the whole driver
nids(4) was a clever idea in the early 2000's when the market was
flooded with 10/100 NICs with Windows-only drivers, but that hasn't been
the case for ages and the driver has had no meaningful maintenance in
ages. It only supports Windows-XP era drivers.
Brooks Davis [Mon, 14 Dec 2020 21:56:15 +0000 (21:56 +0000)]
MFC r368543:
style(9): Correct whitespace in struct definitions
struct ifconf and struct ifreq use the odd style "struct<tab>foo".
struct ifdrv seems to have tried to follow this but was committed with
spaces in place of most tabs resulting in "struct<space><space>ifdrv".
John Baldwin [Mon, 14 Dec 2020 20:48:59 +0000 (20:48 +0000)]
MFC 368004: Pull the check for VM ownership into ppt_find().
This reduces some code duplication. One behavior change is that
ppt_assign_device() will now only succeed if the device is unowned.
Previously, a device could be assigned to the same VM multiple times,
but each time it was assigned, the device's state was reset.
John Baldwin [Mon, 14 Dec 2020 20:40:21 +0000 (20:40 +0000)]
MFC 368003:
Honor the disabled setting for MSI-X interrupts for passthrough devices.
Add a new ioctl to disable all MSI-X interrupts for a PCI passthrough
device and invoke it if a write to the MSI-X capability registers
disables MSI-X. This avoids leaving MSI-X interrupts enabled on the
host if a guest device driver has disabled them (e.g. as part of
detaching a guest device driver).
This was found by Chelsio QA when testing that a Linux guest could
switch from MSI-X to MSI interrupts when using the cxgb4vf driver.
While here, explicitly fail requests to enable MSI on a passthrough
device if MSI-X is enabled and vice versa.
Michal Meloun [Mon, 14 Dec 2020 10:14:32 +0000 (10:14 +0000)]
MFC r367865:
Also pass interrupt binding request to non-root interrupt controllers. There
are message based controllers that can bind interrupts even if they are not
implemented as root controllers (such as the ITS subblock of GIC).
Justin Hibbits [Sun, 13 Dec 2020 22:42:48 +0000 (22:42 +0000)]
MFC r3684733:
dev/mfi: Make a seemingly bogus conditional unconditional
Summary:
r358689 attempted to fix a clang warning/error by inferring the intent
of the condition "(cdb[0] != 0x28 || cdb[0] != 0x2A)". Unfortunately, it looks
like this broke things. Instead, fix this by making this path unconditional,
effectively reverting to the previous state.
Yuri Pankov [Sun, 13 Dec 2020 22:25:54 +0000 (22:25 +0000)]
MFC r368390:
update wcwidth data from utf8proc
Character width data being out of date is a constant source
of weird rendering issues and wasted time trying to diagnose
those, e.g. as reported by Jeremy Chadwick:
https://gitlab.com/muttmua/mutt/-/issues/67
Sadly, there is no real ("standard") wcwidth data source, so
this tries to rectify the problem using the utf8proc one (through
its C API) which would hopefully benefeat both FreeBSD and
utf8proc through bug reports (if any).
Alexander Motin [Sun, 13 Dec 2020 02:19:18 +0000 (02:19 +0000)]
MFC r368132: Increase nvme(4) maximum transfer size from 1MB to 2MB.
With 4KB page size the 2MB is the maximum we can address with one page PRP.
Going further would require chaining, that would add some more complexity.
On the other side, to reduce memory consumption, allocate the PRP memory
respecting maximum transfer size reported in the controller identify data.
Many of NVMe devices support much smaller values, starting from 128KB.
To do that we have to change the initialization sequence to pull the data
earlier, before setting up the I/O queue pairs. The admin queue pair is
still allocated for full MIN(maxphys, 2MB) size, but it is not a big deal,
since there is only one such queue with only 16 trackers.
Yuri Pankov [Sun, 13 Dec 2020 01:44:52 +0000 (01:44 +0000)]
MFC r353491 by eugen:
Add missing port to the list of needed tools in the README file
describing locale rebuild process:
devel/apache-ant
MFC r353791:
tools/tools/locale: allow POSIX target to be built in parallel
While it's rarely used target, more so a one not used during the
buildworld, it helps when it's not taking hours (literally).
MFC r364245 by hrs:
- Update to Unicode CLDR v35 (Unicode 12.0).
- Update tools/tools/locale to add make targets to automatically
generate locale source files. With this change, just typing
"make obj && make -j4" will rebuild them. Check README for more details.
- Fix issues in ja_JP ctypedef and range specification support
in utf8-rollup.pl.
- Add a temporary patch for UnicodeData.txt to fix code ranges of
CJK Ideograph Extension A and Extension B.
- tools/cldr2def.pl:
Use eucJP for ja_JP ctypedef because eucJP is not compatible with UTF-8.
- tools/convert_map.pl:
Add a verbose error message.
- tools/utf8-rollup.pl:
Normalize entries to use Unicode, not UTF-8.
MFC r368404 by hrs:
Fix the source directory when installing the results. The install
target did not install them actually.
Sometimes users want to use freebsd-update(8) in a non-interactive way and
what they often miss is that they have to set PAGER to cat(1) in order to
avoid interactive prompts from less(1).
John Baldwin [Sat, 12 Dec 2020 17:07:33 +0000 (17:07 +0000)]
MFC 367578: Clear tp->tod in t4_pcb_detach().
Otherwise, a socket can have a non-NULL tp->tod while TF_TOE is clear.
In particular, if a newly accepted socket falls back to non-TOE due to
an active open failure, the non-TOE socket will still have tp->tod set
even though TF_TOE is clear.
John Baldwin [Sat, 12 Dec 2020 17:04:54 +0000 (17:04 +0000)]
MFC 366955: Handle CPL_RX_DATA on active TLS sockets.
In certain edge cases, the NIC might have only received a partial TLS
record which it needs to return to the driver. For example, if the
local socket was closed while data was still in flight, a partial TLS
record might be pending when the connection is closed. Receiving a
RST in the middle of a TLS record is another example. When this
happens, the firmware returns the the partial TLS record as plain TCP
data via CPL_RX_DATA. Handle these requests by returning an error to
OpenSSL (via so_error for KTLS or via an error TLS record header for
the older Chelsio OpenSSL interface).
John Baldwin [Sat, 12 Dec 2020 16:55:23 +0000 (16:55 +0000)]
MFC 366854: Re-enable receive flow control for TOE TLS sockets.
Flow control was disabled during initial TOE TLS development to
workaround a hang (and to match the Linux TOE TLS support for T6).
The rest of the TOE TLS code maintained credits as if flow control was
enabled which was inherited from before the workaround was added with
the exception that the receive window was allowed to go negative.
This negative receive window handling (rcv_over) was because I hadn't
realized the full implications of disabling flow control.
To clean this up, re-enable flow control on TOE TLS sockets. The
existing TPF_FORCE_CREDITS workaround is sufficient for the original
hang. Now that flow control is enabled, remove the rcv_over
workaround and instead assert that the receive window never goes
negative matching plain TCP TOE sockets.
Kristof Provost [Fri, 11 Dec 2020 15:39:22 +0000 (15:39 +0000)]
MFC r368020, r368025:
if: Protect V_ifnet in vnet_if_return()
When we terminate a vnet (i.e. jail) we move interfaces back to their home
vnet. We need to protect our access to the V_ifnet CK_LIST.
We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove())
waits for net epoch callback completion. That's not possible from NET_EPOCH.
Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to
move and, once we've released the lock, move them back to their home vnet.
We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a
LOR between ifnet_sx, in_multi_sx and iflib ctx lock.
Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as
we do the list manipulation, but do not hold it as we if_vmove().
if: Fix non-VIMAGE build
if_link_ifnet() and if_unlink_ifnet() are needed even when VIMAGE is not
enabled.
Kristof Provost [Fri, 11 Dec 2020 14:11:41 +0000 (14:11 +0000)]
MFC r368015:
if: Remove ifnet_rwlock
It no longer serves any purpose, as evidenced by the fact that we never take it
without ifnet_sxlock.
This differs slightly from r368015 in that we keep the ifnet_rwlock instance
(but no longer take the lock) in case there are external users who still take
the lock.
John Baldwin [Thu, 10 Dec 2020 22:26:51 +0000 (22:26 +0000)]
MFC 366584: Don't invoke semunload() if seminit() fails during MOD_LOAD.
The module handler code invokes a MOD_UNLOAD event immediately if
MOD_LOAD fails. The result was that if seminit() failed, semunload()
was invoked twice. semunload() is not idempotent however and would
try to remove it's process_exit eventhandler twice resulting in a
panic.
John Baldwin [Thu, 10 Dec 2020 21:12:25 +0000 (21:12 +0000)]
MFC 366897: Use a template assembly file to generate the embedded MFS.
This uses the .incbin directive to pull in the MFS image contents.
Using assembly directly ensures that symbols can be defined with the
name and properties (such as .size) desired without having to rename
symbols, etc. via a second objcopy invocation. Since it is compiled
by the C compiler driver, it also avoids the need for all of the
EMBEDFS* make variables.
Fix bug in ifconfig preventing proper VLAN creation.
Detection of VLAN interface type must happen before detection of
interface type by prefix. Else the following sequence of commands will
try to create a LAGG interface instead of a VLAN interface, which
accidentially worked previously, because the data pointed to by the
ifr_data pointer was not parsed by the VLAN create ioctl(2). This is a
regression after r368229, because the VLAN creation now parses the
ifr_data field.
How to reproduce:
# ifconfig lagg0 create
# ifconfig lagg0.256 create
This is a direct commit, until r366917, stacked VLANs has been MFC'ed.
Alan Somers [Wed, 9 Dec 2020 20:06:37 +0000 (20:06 +0000)]
ZFS: fix spurious EBUSY after zfs receive to an existing dataset
If you do a "zfs send -p <src> | zfs receive -F <dst>" to an existing but
empty dataset, the receive will complete successfully but spuriously fail
with exit status 1 and the message "cannot mount 'pool/dataset': mountpoint
or dataset is busy".
The root cause is a merge error made in r344569 and MFCed in r345578, which
merged changes a10d50f999 and e63ac16d25 from ZoL. The merge:
* failed to flip a == to an != like the upstream change did, and
* Left out one chunk
Direct commit to stable/12 because head has moved on to OpenZFS.
Ed Maste [Wed, 9 Dec 2020 00:28:27 +0000 (00:28 +0000)]
MFC r368397: Add deprecation notice to mn(4)
Sync serial (T1/E1) interfaces are largely irrelevant today and phk
confirms this driver is unnecessary in review D23928.
This leaves ce(4) and cp(4) in the tree. They're likely not relevant
either, but glebius contacted the manufacturer and those devices are
still available for purchase. At glebius' suggestion leave them in
the tree as long as they do not impose a maintenace burden.
Rick Macklem [Tue, 8 Dec 2020 22:37:30 +0000 (22:37 +0000)]
MFC: r368268
Improve man page for AmazonEFS mounts.
PR#250770 was actually just a misunderstanding of what
NFS mount options are needed for AmazonEFS mounts.
This patch attempts to clarify the manpage to clarify this.
Yuri Pankov [Tue, 8 Dec 2020 07:47:29 +0000 (07:47 +0000)]
MFC r340354:
Use blank am_pm and t_fmt_ampm for de_AT and de_DE locales as apparently
they use 24-hour clock notation. The visible change is that w(1) now
uses 24-hour clock format as it checks for t_fmt_ampm presence.
PR: 231771
Submitted by: Christoph Schönweiler <public2016@hauptsignal.at>