* VERSION: 20180222
Merge with NetBSD make, pick up
o parse.c: avoid calling sysconf for every call to loadfile
* VERSION: 20180218
Merge with NetBSD make, pick up
o var.c: Var_Set handle NULL value anytime.
* VERSION: 20180212
Merge with NetBSD make, pick up
o parse.c: do not treat .info as warning with -W
* VERSION: 20171207
Merge with NetBSD make, pick up
o var.c: Var_Append use Var_Set if var not previously set
so that VAR_CMD is handled correctly.
Add a suitable unit-test.
Kyle Evans [Thu, 1 Mar 2018 21:46:01 +0000 (21:46 +0000)]
stand: Fix build after r330249
One does not simply convert to SUBDIR.yes in stand without making everything
else in the affected files SUBDIR.yes -- there are better ways to do this.
Warner Losh [Thu, 1 Mar 2018 19:50:55 +0000 (19:50 +0000)]
Create LOADER_UBOOT, and LOADER_OFW. Move these options out of
Makefile.${MACHINE_ARCH} and remove the now-empty files. Generate the
*32 directories on the necessary architectures (well, currently only
amd64) on the fly. Remove LOADER_EFI variable and co-locate it with
EFI.
David Bright [Thu, 1 Mar 2018 17:47:28 +0000 (17:47 +0000)]
Allow the "@" and "!" characters in passwd file GECOS fields.
Two PRs (152084 & 210187) request allowing the "@" and/or "!"
characters in the passwd file GECOS field. The man page for pw does
not mention that those characters are disallowed, Linux supports those
characters in this field, and the "@" character in particular would be
useful for storing email addresses in that field.
Ed Maste [Thu, 1 Mar 2018 13:52:18 +0000 (13:52 +0000)]
Rationalize license text on Linuxolator files
Many licenses on Linuxolator files contained small variations from the
standard FreeBSD license text. To avoid license proliferation switch to
the standard 2-clause FreeBSD license for those files where I have
permission from each of the listed copyright holders. Additional files
still waiting on permission from others are listed in review D14210.
Approved by: dchagin, rdivacky, sos
MFC after: 1 week
MFC with: r329370
Sponsored by: The FreeBSD Foundation
Correct the return value from flush_work() and flush_delayed_work() in the
LinuxKPI to comply more with Linux. This fixes an issue when these functions
are used in waiting loops.
Kyle Evans [Thu, 1 Mar 2018 02:31:28 +0000 (02:31 +0000)]
lualoader: config: Pull some messages out into constants
Rather than hardcoding these things. This could lead to some form of loader
localization later, but the main goal at the moment is to get a clear view
of the strings we're outputting and strive to use more string.format() and
less wild concatenation all over the place.
Conrad Meyer [Thu, 1 Mar 2018 01:49:36 +0000 (01:49 +0000)]
pci_ioctl: Avoid returning uninitialized error value if user provided empty buffer
In the weird case where the user-provided buffer was zero bytes, we could break
out of PCIOCGETCONF and return without initializing error. In this case,
initialize error to zero -- we successfully did nothing, as requested.
Conrad Meyer [Thu, 1 Mar 2018 00:58:59 +0000 (00:58 +0000)]
psm(4): Always initialize used values in debug print
'status' array passed to get_mouse_status() is usually uninitialized by
callers.
Fully populating it with values in get_mouse_status() can fail due to
read_aux_data().
Additionally, nothing in API constrains 'len' to be >= 3. In practice,
every caller passes three, so perhaps that argument should just be removed.
Refactoring is a larger change, though.
Remove use of potentially uninitialized values by:
1. Only printing 3 debug statuses if the passed array was at least
'len' >= 3;
2. Populating 'status' array up to first three elements, if read_aux_data()
failed.
Andrew Turner [Wed, 28 Feb 2018 16:03:40 +0000 (16:03 +0000)]
Allow releasing APs to take more time, as long as we are making progress.
On large core count machines this can be slow while all the CPUs update
the online counter.
Andrew Turner [Wed, 28 Feb 2018 15:25:47 +0000 (15:25 +0000)]
Count the number of GIC redistributors in the ACPI tables. The GICv3 driver
needs this to allocate memory, and connect the CPUs to the interrupt
controller.
Andrew Turner [Wed, 28 Feb 2018 15:18:31 +0000 (15:18 +0000)]
Only check the ProducerConsumer flag on extended memory. As per the ACPI
6.0 spec 6.4.3.5 bit 0 is ignored on QWord, DWord, and Word Address Space
Descriptors, but not Extended Address Space Descriptors.
Andrew Turner [Wed, 28 Feb 2018 15:02:27 +0000 (15:02 +0000)]
The Arm pl011 driver assumes it's running a devicetree based system.
It calls OF_* functions to check if it needs to implement workarounds.
This may not be the case on arm64 where we support both FDT and ACPI.
Fix this by checking if we are booting on FDT before calling these checks.
Ed Maste [Wed, 28 Feb 2018 14:57:45 +0000 (14:57 +0000)]
Add kernel retpoline option for amd64
Retpoline is a compiler-based mitigation for CVE-2017-5715, also known
as Spectre V2, that protects against speculative execution branch target
injection attacks.
In this commit it is disabled by default, but will be changed in a
followup commit.
Reviewed by: bdrewery (previous version)
MFC after: 3 days
Security: CVE-2017-5715
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14242
Kristof Provost [Wed, 28 Feb 2018 09:59:58 +0000 (09:59 +0000)]
pf: Apply $pf_flags when verifying the pf.conf file
When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
Kristof Provost [Wed, 28 Feb 2018 08:53:07 +0000 (08:53 +0000)]
pf: Do not flush on reload
pfctl only takes the last '-F' argument into account, so this never did what
was intended.
Moreover, there is no reason to flush rules before reloading, because pf keeps
track of the rule which created a given state. That means that existing
connections will keep being processed according to the rule which originally
created them. Simply reloading the (new) rules suffices. The new rules will
apply to new connections.
PR: 127814
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
Kyle Evans [Wed, 28 Feb 2018 05:11:10 +0000 (05:11 +0000)]
lualoader: Add note that \027 is a decimal representation
We've included an extra '0' in there (which might get removed later, but
it's maintained for the moment for legacy purposes) which oftentimes
indicate that the following number should be treated as octal. This is not
the case, so note that to prevent future confusion (of myself and others).
Kyle Evans [Wed, 28 Feb 2018 05:02:05 +0000 (05:02 +0000)]
lualoader: Remove debug function
Our module bits ended up more stable than I anticipated, so this turns out
to be no longer useful.
If things like this need to come back, we should do it in a separate 'debug'
module to serve as a collection of debugging aides. As a rule, this 'debug'
module would *not* be allowed as a requirement of any other modules in-tree.
Kyle Evans [Wed, 28 Feb 2018 04:31:19 +0000 (04:31 +0000)]
lualoader: Further screen cleanup
- Add screen.default_x and screen.default_y to determine where
screen.defcursor resets the cursor to.
- Use screen.setcursor in screen.defcursor instead of rewriting the escape
sequence.
- Use screen.default_y when resetting the cursor after writing the new
twiddle character, add a comment verbally describing the position just in
case.
Kyle Evans [Wed, 28 Feb 2018 04:23:28 +0000 (04:23 +0000)]
lualoader: Re-do twiddle
It worked on my test setup, but is clearly non-functional on others.
Further examination of check-password.4th showed that it actually reset the
cursor to 0,25 every time and overwrote the previous password prompt. Do
that, and also clear the "Incorrect Password" text if the correct password
gets entered.
Conrad Meyer [Tue, 27 Feb 2018 22:01:40 +0000 (22:01 +0000)]
seq(1): Consistently include 'last' for non-integers
The source of error is a rounded increment being too large and thus the loop
steps slightly past 'last'. Perform a final comparison using the formatted
string values (truncated precision) to determine if we still need to print
the 'last' value.
PR: 217149
Submitted by: Fernando ApesteguÃa <fernando.apesteguia AT gmail.com>,
Yuri Pankov <yuripv AT icloud.com> (earlier version)
Reported by: Martijn Dekker <mcdutchie AT hotmail.com>
Sponsored by: Dell EMC Isilon
David Bright [Tue, 27 Feb 2018 21:59:23 +0000 (21:59 +0000)]
dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP
When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).
RFC2131 sec 4.1 states:
DHCP messages broadcast by a client prior to that client obtaining
its IP address must have the source address field in the IP header
set to 0.
The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.
Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.
Kyle Evans [Tue, 27 Feb 2018 21:30:24 +0000 (21:30 +0000)]
lualoader: Remove remnants of testing...
twiddle_pos didn't need to be a module-scope local, since it's going to get
reset with every read anyways- it was left-over from other things.
screen.movecursor with a y=-1 setting was from a test of movecursor,
resulting in the twiddle characters being drawn going up the console and
looking quite funky.
Kyle Evans [Tue, 27 Feb 2018 21:22:57 +0000 (21:22 +0000)]
lualoader: Add a twiddle at password prompt
This gives some form of feedback while typing, and matches-(ish*) Forth
behavior. The cursor generally rests two column after the password prompt,
then the twiddle is drawn three columns later and the cursor reset to
resting position after being drawn.
I've removed the note about re-evaluating it for security considerations and
instead set it up as a module-local variable that we can set later depending
on environment or something. It's set to false with no chance of changing at
the moment.
*As close as I can tell from reading check-password.4th, because I don't
have an easy test (or deployed) setup for forth loader to check how close
it is. Please do mention if it's not close enough.
Michal Meloun [Tue, 27 Feb 2018 15:35:11 +0000 (15:35 +0000)]
Make rtld_bind_start() debugger friendly.
Save link register and annotate call frame structure so debugger can unwind
call frame created by rtld_bind_start().
Andriy Gapon [Tue, 27 Feb 2018 14:08:54 +0000 (14:08 +0000)]
add ZFS_ENTER protection to .zfs/snapshot vnode operations that need it
Those operations, zfsctl_snapdir_readdir and zfsctl_snapdir_getattr,
access the filesystem's objset and it can be unstable during operations
like receive and rollback.
Improve missing tty handling in init(8). This removes a check that did
nothing - it was checking for ENXIO, which, with devfs, is no longer
returned - and was badly placed anyway, and replaces it with similar
one that works, and is done just before starting getty, instead of being
done when rereading ttys(5).
From the practical point of view, this makes init(8) handle disappearing
terminals (eg /dev/ttyU*) gracefully, without unneccessary getty restarts
and resulting error messages.
Reviewed by: imp@
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14307
Justin Hibbits [Tue, 27 Feb 2018 04:38:27 +0000 (04:38 +0000)]
Increase the size of a reservation granule for TLB locks
A reservation granule on PowerPC is a cache line.
On e500mc and derivatives a cacheline size is 64 bytes, not 32. Allocate
the maximum size permitted, but only utilize the size that is needed. On
e500v1 and e500v2 the reservation granule will still be 32 bytes.
Ian Lepore [Tue, 27 Feb 2018 02:11:23 +0000 (02:11 +0000)]
Initialize all members of vm_page::md_page for armv4/5 systems. This fixes
a hang in SI_SUB_KMEM sysinit, and is apparently required after r323290.
Inspired by the commit message for r323676.
Alexander Motin [Tue, 27 Feb 2018 01:48:13 +0000 (01:48 +0000)]
Allow physically non-contiguous chain frames allocation in mps(4)/mpr(4).
Chain frames required to satisfy all 2K of declared I/Os of 128KB each take
more then a megabyte of a physical memory, all of which existing code tries
allocate as physically contiguous. This patch removes that physical
contiguousness requirement, leaving only virtual contiguousness. I was
thinking about other ways of allocation, but the less granular allocation
becomes, the bigger is the overhead and/or complexity, reaching about 100%
overhead if allocate each frame separately.
The patch also bumps the chain frames hard limit from 2K to 16K. It is more
than enough for the case of default REQ_FRAMES and MAXPHYS (the drivers will
allocate less than that automatically), while in case of increased MAXPHYS
it will control maximal memory usage.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D14420
John Baldwin [Mon, 26 Feb 2018 22:17:27 +0000 (22:17 +0000)]
Don't overflow the ipad[] array when clearing the remainder.
After the auth key is copied into the ipad[] array, any remaining bytes
are cleared to zero (in case the key is shorter than one block size).
The full block size was used as the length of the zero rather than the
size of the remaining ipad[]. In practice this overflow was harmless as
it could only clear bytes in the following opad[] array which is
initialized with a copy of ipad[] in the next statement.
John Baldwin [Mon, 26 Feb 2018 21:56:06 +0000 (21:56 +0000)]
Fetch TLS key parameters from the firmware.
The parameters describe how much of the adapter's memory is reserved for
storing TLS keys. The 'meminfo' sysctl now lists this region of adapter
memory as 'TLS keys' if present.
Emmanuel Vadot [Mon, 26 Feb 2018 21:27:42 +0000 (21:27 +0000)]
dwmmc: Add clock support and other improvements
* If compiled with EXT_RESOURCES look up the "biu" and "ciu" clocks in
the DT
* Don't use custom property "bus-frequency" but the standard one
"clock-frequency"
* Use the DT property max-frequency and fall back to 200Mhz if it don't exists
* Add more mmc caps suported by the controller
* Always ack all interrupts
* Subclassed driver can supply an update_ios so they can handle update
the clocks accordingly
* Take care of the DDR bit in update_ios (no functional change since we
do not support voltage change for now)
* Make use of the FDT bus-width property
Emmanuel Vadot [Mon, 26 Feb 2018 21:25:50 +0000 (21:25 +0000)]
rk3328: Add support for this SoC
* rk_cru is a cru driver that needs to be subclassed by
the real CRU driver
* rk_clk_pll handle the pll type clock on RockChip SoC, it's only read
only for now.
* rk_clk_composite handle the different composite clock types (with gate,
with mux etc ...)
* rk_clk_gate handle the RockChip gates
* rk_clk_mux handle the RockChip muxes (unused for now)
* Only clocks for supported devices are supported for now, the rest will be
added when driver support comes
* The assigned-clock* property are not handled for now so we rely a lot on the
bootloader to setup some initial values for some clocks.
David Bright [Mon, 26 Feb 2018 19:27:59 +0000 (19:27 +0000)]
Fix two memory leaks in syslogd
A memory leak in syslogd for processing of forward actions was
reported. This modification adapts the patch submitted with that bug
to fix the leak. While testing the modification, another leak was also
found and fixed.
Glen Barber [Mon, 26 Feb 2018 19:26:59 +0000 (19:26 +0000)]
Bump the size of virtual machine disk images from 20G to 30G,
providing more space for a local buildworld to succeed without
attaching separate disks for /usr/src and /usr/obj.
John Baldwin [Mon, 26 Feb 2018 19:19:05 +0000 (19:19 +0000)]
Add a new variant of the GLA2GPA ioctl for use by the debug server.
Unlike the existing GLA2GPA ioctl, GLA2GPA_NOFAULT does not modify
the guest. In particular, it does not inject any faults or modify
PTEs in the guest when performing an address space translation.
This is used by bhyve's debug server to read and write memory for
the remote debugger.
David Bright [Mon, 26 Feb 2018 18:23:36 +0000 (18:23 +0000)]
iconv uses strlen directly on user supplied memory
`iconv_sysctl_add` from `sys/libkern/iconv.c` incorrectly limits the
size of user strings, such that several out of bounds reads could have
been possible.
static int
iconv_sysctl_add(SYSCTL_HANDLER_ARGS)
{
struct iconv_converter_class *dcp;
struct iconv_cspair *csp;
struct iconv_add_in din;
struct iconv_add_out dout;
int error;
error = SYSCTL_IN(req, &din, sizeof(din));
if (error)
return error;
if (din.ia_version != ICONV_ADD_VER)
return EINVAL;
if (din.ia_datalen > ICONV_CSMAXDATALEN)
return EINVAL;
if (strlen(din.ia_from) >= ICONV_CSNMAXLEN)
return EINVAL;
if (strlen(din.ia_to) >= ICONV_CSNMAXLEN)
return EINVAL;
if (strlen(din.ia_converter) >= ICONV_CNVNMAXLEN)
return EINVAL;
...
Since the `din` struct is directly copied from userland, there is no
guarantee that the strings supplied will be NULL terminated. The
`strlen` calls could continue reading past the designated buffer
sizes.
Declaration of `struct iconv_add_in` is found in `sys/sys/iconv.h`:
struct iconv_add_in {
int ia_version;
char ia_converter[ICONV_CNVNMAXLEN];
char ia_to[ICONV_CSNMAXLEN];
char ia_from[ICONV_CSNMAXLEN];
int ia_datalen;
const void *ia_data;
};
Our strings are followed by the `ia_datalen` member, which is checked
before the `strlen` calls:
if (din.ia_datalen > ICONV_CSMAXDATALEN)
Since `ICONV_CSMAXDATALEN` has value `0x41000` (and is `unsigned`),
this ensures that `din.ia_datalen` contains at least 1 byte of 0, so
it is not possible to trigger a read out of bounds of the `struct`
however, this code is fragile and could introduce subtle bugs in the
future if the `struct` is ever modified.
Kyle Evans [Mon, 26 Feb 2018 18:01:35 +0000 (18:01 +0000)]
libsa: Add MAXWAIT to net for establishing max total timeout
Current timeout behavior is to progress in timeout values from MINTMO to
MAXTMO in MINTMO steps before finally timing out. This results in a fairly
long time before operations finally timeout, which may not be ideal for some
use-cases.
Add MAXWAIT that may be configured along with MINTMO/MAXTMO. If we attempt
to start our send/recv cycle over again but MAXWAIT > 0 and MAXWAIT seconds
have already passed, then go ahead and timeout.
This is intended for those that just want to say "timeout after 180 seconds"
rather than calculate and tweak MINTMO/MAXTMO to get their desired timeout.
The default is 0, or "progress from MINTMO to MAXTMO with no exception."
This has been modified since review to allow for it to be defined via CFLAGS
and doing appropriate error checking. Future work may add some Makefile foo
to respect LOADER_NET_MAXWAIT if it's specified in the environment and pass
it in as MAXWAIT accordingly.