I reported this in https://bugs.llvm.org/show_bug.cgi?id=44715, and
initially reverted the upstream change in r357259 to work around it.
However, after some discussion with Fangrui Song in the upstream ticket,
I think we can classify this as an unfortunate interaction between using
-Ttext=0 in combination with --no-rosegment. (We added the latter
in r332090, because btxld does not correctly handle input with more
than 2 PT_LOAD segments.)
Fangrui suggested to use a linker script instead, and Warner was already
attempting this in r305353, but had to revert it due to "crypto-using
boot problems" (not sure what those were :).
This review updates the stand/i386/boot.ldscript to handle more
sections, inserts some symbols like _edata and such that we use in
libsa, and also discards any .interp section.
It uses ORG which is defined on the linker command line using
--defsym ORG=value to set the start of all the sections.
Ed Maste [Thu, 19 Mar 2020 18:17:43 +0000 (18:17 +0000)]
MFC r346085: Add Cirrus CI config file to support CI builds
Also followup commits:
r346121: Cirrus-CI: pass OVMF env var to test script for upcoming changes
r350302: cirrus.yml: use OVMF.fd from uefi-edk2-qemu-x86_64 package
r350449: cirrus.yml: stop fetching OVMF.fd now that we're using the pkg
r356867: Cirrus-CI: bump VM image to FreeBSD 12.1
Ed Maste [Thu, 19 Mar 2020 18:15:09 +0000 (18:15 +0000)]
MFC r346080: Add a smoke test QEMU boot script for CI
And followon commits:
r346317 (ian): Allow this test script to be run from within src/tools/boot
r346329: Install some entropy for QEMU CI smoke test
r346330: Put QEMU CI smoke test boot log in /tmp if TMPDIR not set
r346748 (bcran): Fix tools/boot/ci-qemu-test.sh and make some improvements
r346961: revert QEMU q35 platform use from r346748
r352063: ci-qemu-test: if firmware is not available, hint at pkg to install
r358472: CI: print wired page count on boot
Toomas Soome [Thu, 19 Mar 2020 16:51:57 +0000 (16:51 +0000)]
MFC r354240, r354252, r358906
libi386/comconsole.c updates:
We don't support configuring serial PCI cards in EFI. Make this clearer in the
source rather than obfuscaring it behind NO_PCI (nothing else declares that,
so it's not making the ifdefs clearer).
libi386/comconsole.c cstyle cleanup
test if port does exist via using scratch register
Cy Schubert [Thu, 19 Mar 2020 03:37:02 +0000 (03:37 +0000)]
MFC r358070:
This commit makes significant changes to pam_login_access(8) to bring it
up to par with the Linux pam_access(8).
Like the Linux pam_access(8) our pam_login_access(8) is a service module
for pam(3) that allows a administrator to limit access from specified
remote hosts or terminals. Unlike the Linux pam_access, pam_login_access
is missing some features which are added by this commit:
Access file can now be specified. The default remains /etc/access.conf.
The syntax is consistent with Linux pam_access.
By default usernames are matched. If the username fails to match a match
against a group name is attempted. The new nodefgroup module option will
only match a username and no attempt to match a group name is made.
Group names must be specified in brackets, "()" when nodefgroup is
specified. Otherwise the old backward compatible behavior is used.
This is consistent with Linux pam_access.
A new field separator module option allows the replacement of the default
colon (:) with any other character. This facilitates potential future
specification of X displays. This is also consistent with Linux pam_access.
A new list separator module option to replace the default space/comma/tab
with another character. This too is consistent with Linux pam_access.
Linux pam_access options not implemented in this commit are the debug
and audit options. These will be implemented at a later date.
Cy Schubert [Thu, 19 Mar 2020 03:31:12 +0000 (03:31 +0000)]
MFC r358066:
When pam_login_access(5) fails to match a username it attempts to
match the primary group a user belongs to. This commit extends the
match to secondary groups a user belongs to as well, just as the Linux
pam_access(5) does.
Cy Schubert [Thu, 19 Mar 2020 03:29:46 +0000 (03:29 +0000)]
MFC r358065:
The words ALL, LOCAL, and EXCEPT have special meaning and are documented
as in the login.access(5) man page. However strcasecmp() is used to compare
for these special strings. Because of this User accounts and groups with
the corresponding lowercase names are misintrepreted to have special
whereas they should not.
This commit fixes this, conforming to the man page and to how the Linux
pam_access(8) handles these special words.
Alexander Motin [Wed, 18 Mar 2020 23:53:07 +0000 (23:53 +0000)]
MFC r349011 (by imp):
Don't print the request we may be aborting in ciss_notify_abort as
part of ciss_detach. It's a left-over debug that isn't needed and also
discloses a kernel address. Only root could provoke as part of a
devctl or kldunload.
Hiroki Sato [Wed, 18 Mar 2020 18:21:58 +0000 (18:21 +0000)]
MFC of r358404, r358410, r358412, and r358413:
Fix broken STARTTLS when SharedMemoryKey is enabled.
OpenSSL 1.1 API patch for sendmail had a bug which
prevented sm_RSA_generate_key() function from working.
This function is used to generate a temporary RSA key
for a shared memory region used for TLS processing.
Note that 12.0 and 12.1-RELEASE include this bug.
This affects only if SM_CONF_SHM compile-time
option (enabled by default) and SharedMemoryKey
run-time option (not enabled by default) in a .cf file are
specified. The latter corresponds to confSHARED_MEMORY_KEY in
a .mc file.
Fix style inconsistencies.
Do not free p and g parameters after calling DH_set0_pqg(3).
Hiroki Sato [Wed, 18 Mar 2020 18:10:44 +0000 (18:10 +0000)]
MFC of r358152 and r328235:
Improve performance of "read" built-in command when using a seekable fd.
The read built-in command calls read(2) with a 1-byte buffer because
newline characters need to be detected even on a byte stream which
comes from a non-seekable file descriptor. Because of this, the
following script calls >6,000 read(2) to show a 6-KiB file:
while read IN; do echo "$IN"; done < /COPYRIGHT
When the input byte stream is seekable, it is possible to read a data
block and then reposition the file pointer to where a newline
character found. This change adds a small buffer to do this and
reduces the number of read(2) calls.
Theoretically, multiple built-in commands reading the same seekable
byte stream in a single pipe chain can share the buffer. However,
this change just makes a single invocation of the read built-in
allocate a buffer and deallocate it every time for simplicity.
Although this causes read(2) to read the same regions multiple times,
the performance penalty should be small compared to the reduction of
read(2) calls.
Hiroki Sato [Wed, 18 Mar 2020 18:02:33 +0000 (18:02 +0000)]
MFC of r355574, r358095, and r358395:
Add ACPI battery subsystem man page.
Add _BIX (Battery Information Extended) object support.
ACPI Control Method Batteries have a _BIF and/or _BIX object which
provide static properties of the battery. FreeBSD acpi_cmbat module
supported _BIF object only, which was deprecated as of ACPI 4.0.
_BIX is an extended version of _BIF defined in ACPI 4.0 or later.
As of writing, _BIX has two revisions. One is in ACPI 4.0 (rev.0) and
another is in ACPI 6.0 (rev.1). It seems that hardware vendors still
stick to _BIF only or _BIX rev.0 + _BIF for the maximum compatibility.
Microsoft requires _BIX rev.0 for Windows machines, so there are some
laptop machines with _BIX rev.0 only. In this case, FreeBSD does not
recognize the battery information.
After this change, the acpi_cmbat module gets battery information from
_BIX or _BIF object and internally uses _BIX rev.1 data structure as
the primary information store in the kernel. ACPIIO_BATT_GET_BI[FX]
returns an acpi_bi[fx] structure built by using information obtained
from a _BIF or a _BIX object found on the system. The revision number
field can be used to check which field is available. The acpiconf(8)
utility will show additional information if _BIX is available.
Although ABIs of ACPIIO_BATT_* were changed, the existing APIs for
userland utilities are not changed and the backward-compatible ABIs
are provided. This means that older versions of acpiconf(8) can also
work with the new kernel. The (union acpi_battery_ioctl_arg) was
padded to 256 byte long to avoid another ABI change in the future.
A _BIX object with its revision number >1 will be treated as
compatible with the rev.1 _BIX format.
Add workaround for models which do not follow the ACPI specification strictly.
Extra objects are now simply ignored instead of rejecting everything.
Hiroki Sato [Wed, 18 Mar 2020 17:42:18 +0000 (17:42 +0000)]
MFC of r358061:
Use 0x5c for the scan code 0x7d.
Japanese keyboards traditionally use 0x5c for
both Japanese yen sign key and backslash key.
While a Japanese yen sign is depicted on the keytop,
most of Japanese expect that the scan code 0x7d gives
a backslash (0x5c), not a Japanese yen sign (0xa5).
This is because JIS X 0201 encoding (aka ISO/IEC 646-JA,
an extended version of ASCII which is very popular
in Japan) has Japanese yen sign at 0x5c and
no backslash. On the other hand, ISO/IEC 8859-1
has Japanese yen sign at 0xa5. This difference has
caused a confusion after Unicode became popular since
ISO/IEC 10646 adopted 8859-1 for the plane 0.
Hiroki Sato [Wed, 18 Mar 2020 17:35:35 +0000 (17:35 +0000)]
MFC from r347887:
Fix hostname to be returned in an ICMPv6 NI Reply message defined
in RFC 4620, ICMPv6 Node Information Queries. A vnet jail with an
IPv6 address sent a hostname of the host environment, not the
jail, even if another hostname was set to the jail.
This change can be tested by the following commands:
Kyle Evans [Wed, 18 Mar 2020 01:55:27 +0000 (01:55 +0000)]
MFC r358993: libssp: don't compile with -fstack-protector*
This similarly matches what we do in libc; compiling libssp with
-fstack-protector* is actively harmful. For instance, if the canary ctor
ends up with a stack protector then it will trivially trigger a false
positive as the canary's being initialized.
This was noted by the reporter as irc/ircd-hybrid started crashing at start
after our libssp was MFC'd to stable/11, as its build will explicitly link
in libssp. On FreeBSD, this isn't necessary as SSP bits are included in
libc, but it should absolutely not trigger runtime breakage -- it does mean
that the canary will get initialized twice, but as this is happening early
on in application startup it should just be redundant work.
Ed Maste [Tue, 17 Mar 2020 19:53:03 +0000 (19:53 +0000)]
MFC r358512: Move ELF feature note tool to usr.bin/elfctl
elfctl is a tool for modifying the NT_FREEBSD_FEATURE_CTL ELF note,
which contains a set of flags for enabling or disabling vulnerability
mitigations and other features.
Also merge follow-on commits:
r358518 elfctl: initialize features
r358546 elfctl: tiny style(9) cleanup, use bool where appropriate
r358622 elfctl: style(9): use C99 uintX_t types
r358623 elfctl: check read return value
r358889 elfctl: remove memory leak
Bjoern A. Zeeb [Mon, 16 Mar 2020 21:12:46 +0000 (21:12 +0000)]
MFC r358992:
kern_jail: missing \0 termination check on osrelease parameter
If a user spplies a non-\0 terminated osrelease parameter reading it back
may disclose kernel memory.
This is a problem in case of nested jails (children.max > 0, which is not
the default). Otherwise root outside the jail has access to kernel memory
by other means and root inside a jail cannot create a child jail.
Add the proper \0 check at the end of a supplied osrelease parameter and
make sure any copies of the field will be \0-terminated.
Submitted by: Hans Christian Woithe (chwoithe yahoo.com)
wmt(4): Reapply r358872 (by hselasky) modified to use
maximal input report size instead of wMaxPacketSize.
If the USB frame length is set to 1024 bytes, WMT_BSIZE, the EETI controller
will pack multiple touch events in the packet and the current code will only
process the first touch event.
As a result some important events are lost like releasing the finger from the
touchscreen.
Use the maximal input report size as buffer size instead.
Navdeep Parhar [Sat, 14 Mar 2020 02:11:34 +0000 (02:11 +0000)]
MFC r357606:
cxgbe(4): Add native netmap support to the main interface.
This means that extra virtual interfaces (VIs) created with
hw.cxgbe.num_vis are no longer required to use netmap. Use this
tunable to enable native netmap support on the main interface:
Navdeep Parhar [Sat, 14 Mar 2020 01:28:53 +0000 (01:28 +0000)]
MFC r355730:
cxgbe(4): Use the _XT variant of the CPL used to transmit NIC traffic.
CPL_TX_PKT_XT disables the internal parser on the chip and instead
relies on the driver to provide the exact length of the L2 and L3
headers. This allows hw checksumming and TSO to be used with L2 and
L3 encapsulations that the chip doesn't understand directly.
Note that netmap tx still uses the old CPL as it never uses the hw
to generate the checksum on tx.
Navdeep Parhar [Sat, 14 Mar 2020 00:57:20 +0000 (00:57 +0000)]
MFC r355107 and r355597.
r355107:
cxgbe(4): Allow the driver to specify multiple FECs that the firmware
should try in order to link up with the peer.
Various FEC variables within the driver can now have multiple bits set
instead of being powers of 2. 0 and -1 in the user knobs still mean no
FEC and auto (driver decides) respectively for backward compatibility,
but no-FEC and auto now have their own bits in the internal
representation. There is a new bit that can be set to request the FEC
recommended by the cable/transceiver module.
Add sysctls to display link related capabilities of the local side as
well as the link partner.
Note that all this needs a new firmware and the documentation for the
driver FEC knobs will be updated after that firmware is added to the
driver.
r355597:
cxgbe(4): Man page updates to go with r355107.
Improve documentation of bootconfig and PARTITIONS
- Mention bootconfig target in TARGETS section.
- Document PARTITIONS variable, which is only mentioned in the examples,
but doesn't have its own point.
mixer(8): Report an error if the passed value is an empty string
This patch fixes a bug that made the mixer command enter
an infinite loop when instructed to set the value of a device
to an empty string (e.g., `mixer vol ""`).
Additionally, some tests for mixer(8) are being added.
- Use Xr to reference other manual pages.
- Reference execve(2) instead of exec(2) as exec(2) does not exist.
- Remove the deprecated "Tn" macro.
- Improve the formatting of the etime description.
- Fix some typos.
- Remove redundant semicolons from the synopsis section.
- Stylize variable names and types with Vt and Va respectively.
- Use a list to present non-implemented functions.
- Sort the order of the sections.
- Add a history section.
- Use Nm when "libefivar" is mentioned.
mount_smbfs(8): Add the STANDARDS and HISTORY sections
- Document that mount_smbfs(8) only supports SMB1 and that SMB2 and SMB3
are not supported at the moment. Suggest users to browse ports for
software compatible with newer versions of the protocol.
- Copy supported servers list from README.
- Add a SEE ALSO section and reference the chapter about Samba in the
FreeBSD Handbook.
- Add a HISTORY section.
- Style changes:
- Use Dq instead of Em in the EXAMPLES section.
- Mark command modifiers with Cm.
Reviewed by: bcr
Approved by: bcr (mentor)
Approved by: krion (mentor, implicit), mat (mentor, implicit)
Sponsored by: Bally Wulff Games & Entertainment GmbH
Differential Revision: https://reviews.freebsd.org/D17798
MFC r358537:
Expose the ACPI power button, sleep button and LID state as evdev's.
This allows libinput to disable touchpads when the lid is closed and
various desktop environments can show power-off dialogs when the power
button is pressed. While the latter is doable with devd a
cross-platform solution is nicer.
MFC r358629:
Implement a detaching flag for the sound(4) subsystem to take
appropriate actions when we are trying to detach an audio device,
but cannot because someone is using it.
This avoids applications having to wait for the DSP read data
timeout before they receive any error indication.
Tested with virtual_oss(8).
MFC r358738:
Remove the power bit from the super speed root hub port status register
because it clobbers the super speed link status when a device is in super
speed mode. Currently the power bit is not needed for anything in the USB
hub driver.
This fixes USB warm reset for super speed devices.
Pedro F. Giffuni [Wed, 11 Mar 2020 05:45:33 +0000 (05:45 +0000)]
MFC r358154 (by delphij)
Bump PROTOMAX: this matches the value on NetBSD and will be necessary for
future updates.
MFC r r358448;
/etc/services: attempt to bring the database to this century.
This is the result of splitting r358153 in two, in order to avoid a build
system bug and being able to merge the change to previous releases..
Document better this file, updating the URL to the IANA registry and closely
match the official services.
For system ports (0 to 1023) we now try to follow the registry closely, noting
some historical differences where applicable.
As a side effect: drop references to unofficial Kerberos IV which was EOL'ed
on Oct 2006[1]. While it is conceivable some people may still use it in some
very old FreeBSD machines that can't be replaced easily, the use of it is
considered a security risk. Also drop the unofficial netatalk, which we
supported long ago in the kernel but was dropped long ago.
Leave for now smtps, even though it conflicts with IANA's submissions.
The change should have very little visibility, if any, but should be a
step closer to the current IANA database.
Alexander Motin [Tue, 10 Mar 2020 15:18:53 +0000 (15:18 +0000)]
MFC r358580: Increase number of write completion threads, matching ZoL.
Our iSCSI benchmarks on a large 80-core system show that previous limit
of 8 threads can be a bottleneck. At some points this change increases
write IOPS by as much as 50%. I am still not sure that so many threads
is really required, but we tested lower amounts and got no significant
benefits, while latencies were a bit worse, so decided to not diverge.
Ed Maste [Mon, 9 Mar 2020 14:13:40 +0000 (14:13 +0000)]
MFC r358299: muge: fix rxcsum enable test
if_capabilities indicates capabilities supported by the hardware;
if_capenable which are enabled. Note that rx checksum is still disabled
in the driver at compile time.
Ed Maste [Mon, 9 Mar 2020 13:33:58 +0000 (13:33 +0000)]
MFC r346273: correct readlinkat(2) return type
r176215 corrected readlink(2)'s return type and the type of the last
argument. readlink(2) was introduced in r177788 after being developed
as part of Google Summer of Code 2007; it appears to have inherited the
wrong return type.
Man pages and header files were already ssize_t; update syscalls.master
to match.
Ed Maste [Mon, 9 Mar 2020 13:04:47 +0000 (13:04 +0000)]
MFC r358554: Add deprecation notices to ctau and cx drivers
These support outdated or obsolete ISA WAN (T1/E1) sync serial cards,
and these drivers haven't really been touched (other than in tree-wide
sweeps to keep them building) for 15+ years.
Related PCI devices ce and cp are still in the tree.
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Dimitry Andric [Mon, 9 Mar 2020 07:12:02 +0000 (07:12 +0000)]
MFC r358711:
Merge commit f75939599 from llvm git (by Erich Keane):
Reland r374450 with Richard Smith's comments and test fixed.
The behavior from the original patch has changed, since we're no
longer allowing LLVM to just ignore the alignment. Instead, we're
just assuming the maximum possible alignment.
This fixes 'Assertion failed: (Alignment != 0 && "Invalid Alignment"),
function CreateAlignmentAssumption', when building recent versions of
v8, which invoke __builtin_assume_aligned() with its alignment argument
set to 4GiB or more.
Clang will now report a warning, and show the maximum possible alignment
instead, e.g.:
huge-align.cpp:1:27: warning: requested alignment must be 536870912 bytes or smaller; maximum alignment assumed [-Wbuiltin-assume-aligned-alignment]
void *f(void *g) { return __builtin_assume_aligned(g, 4294967296); }
^ ~~~~~~~~~~
Upstream PR: https://bugs.llvm.org/show_bug.cgi?id=43839
Reported by: cem
Ed Maste [Sun, 8 Mar 2020 23:22:18 +0000 (23:22 +0000)]
MFC r350468: pf: zero (another) output buffer in pfioctl
Avoid potential structure padding leak. r350294 identified a leak via
static analysis; although there's no report of a leak with the
DIOCGETSRCNODES ioctl it's a good practice to zero the memory.
Suggested by: kp
Sponsored by: The FreeBSD Foundation