Dimitry Andric [Sat, 1 Feb 2020 21:43:45 +0000 (21:43 +0000)]
Amend r357367 by using register values from the TPM datasheet.
As Ian Lepore noted, writing ~1 to a register might have a completely
different effect than doing a regular read-modify-write operation.
Follow the TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22
datasheet instead, and use the actual values mentioned there:
(uint32_t)1 to cancel the command, (uint32_t)0 to clear the field.
Conrad Meyer [Sat, 1 Feb 2020 20:38:22 +0000 (20:38 +0000)]
tpm(4): Fix 'go ready' in TPM 2.0 TIS driver
tpmtis_go_ready() read the value of the TPM_STS register, ORed
TPM_STS_CMD_READY with it, and wrote it back. However, the TPM Profile
(PTP) specification states that only one bit in the write request value may
be set to 1, or else the entire write request is ignored.
Fix by just writing TPM_STS_CMD_READY.
Similarly, remove the call which clears the TPM_STS_CMD_READY flag in the
same function. It was being ignored for the same reason.
Submitted by: Darrick Lew <darrick.freebsd AT gmail.com>
Reviewed by: vangyzen, myself
MFC after: if you care about stable, you might want to do so
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D23081
Conrad Meyer [Sat, 1 Feb 2020 20:33:23 +0000 (20:33 +0000)]
rand(3): Replace implementation with one backed by random(3) algorithm
rand(3)'s standard C API is extremely limiting, but we can do better
than the historical 32-bit state Park-Miller LCG we've shipped since
2001: r73156.
The justification provided at the time for not using random(3) was that
rand_r(3) could not be made to use the same algorithm. That is still
true. However, the irrelevance of rand_r(3) is increasingly obvious.
Since that time, POSIX has marked the interface obsolescent. rand_r(3)
never became part of the standard C library. If not for API
compatibility reasons, I would just remove rand_r(3) entirely.
So, I do not believe it is a problem for rand_r(3) and rand(3) to
diverge.
The 12 ABI is maintained with compatibility definitions, but this
revision does subtly change the API of rand(3). The sequences of
pseudorandom numbers produced in programs built against new versions of
libc will differ from programs built against prior versions of libc.
Conrad Meyer [Sat, 1 Feb 2020 19:50:10 +0000 (19:50 +0000)]
hwpstate_intel(4): Detect and support PKG variant
If package-level control is present, we default to using it. Per-core
software control may be enabled by setting the machdep.hwpstate_pkg_ctrl
tunable to "0" in loader.conf(5).
Conrad Meyer [Sat, 1 Feb 2020 19:49:13 +0000 (19:49 +0000)]
hwpstate_intel(4): Add fallback EPP using PERF_BIAS MSR
Per Intel SDM (Vol 3b Part 2), if HWP indicates EPP (energy-performance
preference) is not supported, the hardware instead uses the ENERGY_PERF_BIAS
MSR. In the epp sysctl handler, fall back to that MSR if HWP does not
support EPP and CPUID indicates the ENERGY_PERF_BIAS MSR is supported.
Kristof Provost [Sat, 1 Feb 2020 19:40:11 +0000 (19:40 +0000)]
tests: epair: Don't fail if we load if_epair
kldload() returns a positive integer when it loads a ko, so check that the
return value is -1 to detect error cases, not that it's different from zero.
Mark Johnston [Sat, 1 Feb 2020 18:23:51 +0000 (18:23 +0000)]
Remove a couple of lingering usages of the page lock.
Update vm_page_scan_contig() and vm_page_reclaim_run() to stop using
vm_page_change_lock(). It has no use after r356157. Remove
vm_page_change_lock() now that it has no users.
Remove an unncessary check for wirings in vm_page_scan_contig(), which
was previously checking twice. The check is racy until
vm_page_reclaim_run() ensures that the page is unmapped, so one check is
sufficient.
Conrad Meyer [Sat, 1 Feb 2020 17:30:45 +0000 (17:30 +0000)]
intel_hwpstate(4): Don't leak bound thread in error conditions
I don't know why a Skylake CPU with the HWP feature bit present would trap
on MSR reads of the HWP registers, but if this occurs, do not leave the
attach thread bound. This could conceivably cause reported hangs, although
I have no evidence that this is the cause.
Reported by: ae@, Andreas Nilsson <andrnils AT gmail.com>
X-MFC-With: r357002
Mitchell Horne [Sat, 1 Feb 2020 17:13:52 +0000 (17:13 +0000)]
prci: register tlclk as a fixed clock
The PRCI exports tlclk as a constant fixed divisor clock, defined as 1/2
of the coreclk frequency. In older FU540 device trees (such as the one
provided by SiFive), tlclk is represented as its own entity, and is
automatically registered as a fixed-divisor-clock. Unfortunately the
upstream FU540 device tree (that we have in our tree) represents tlclk
as an output of the PRCI block, and we must register it manually. At
worst, users of the old device tree will end up with an unreferenced
duplicate of tlclk.
This fixes device attachment for the SiFive UART on newer device trees,
since it references tlclk via the PRCI.
Mitchell Horne [Sat, 1 Feb 2020 17:09:56 +0000 (17:09 +0000)]
prci: register the DDR and GEMGX PLLs
The PRCI module exports three PLLs. Currently only the coreclk/corepll
is registered, so add the logic to register the DDR (memory) and GEMGX
(ethernet) clocks as well. These clocks are unused at the moment.
Dimitry Andric [Sat, 1 Feb 2020 17:02:26 +0000 (17:02 +0000)]
Fix new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
In this case, the intent was to clear the zeroth bit, and leave the rest
unaffected. Therefore, the ~ operator should be used instead.
Dimitry Andric [Sat, 1 Feb 2020 16:57:04 +0000 (16:57 +0000)]
Revert r357349, since the clang 10.0.0 warning was actually correct, and
the ! operator should have been a ~ instead:
Merge r357348 from the clang 10.0.0 import branch:
Disable new clang 10.0.0 warnings about converting the result of
shift operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace. So disable
it for this case.
Mateusz Guzik [Sat, 1 Feb 2020 06:40:35 +0000 (06:40 +0000)]
vfs: save on atomics on the root vnode for absolute lookups
There are 2 back-to-back atomics on the vnode, but we can check upfront if one
is sufficient. Similarly we can handle relative lookups where current working
directory == root directory.
Kristof Provost [Fri, 31 Jan 2020 22:54:44 +0000 (22:54 +0000)]
vlan: Fix panic when vnet jail with a vlan interface is destroyed
During vnet cleanup vnet_if_uninit() checks that no more interfaces remain in
the vnet. Any interface borrowed from another vnet is returned by
vnet_if_return(). Other interfaces (i.e. cloned interfaces) should have been
destroyed by their cloner at this point.
The if_vlan VNET_SYSUNINIT had priority SI_ORDER_FIRST, which means it had
equal priority as vnet_if_uninit(). In other words: it was possible for it to
be called *after* vnet_if_uninit(), which would lead to assertion failures.
Set the priority to SI_ORDER_ANY, like other cloners to ensure that vlan
interfaces are destroyed before we enter vnet_if_uninit().
Jeff Roberson [Fri, 31 Jan 2020 22:21:15 +0000 (22:21 +0000)]
Add two missing fences with comments describing them. These were found by
inspection and after a lengthy discussion with jhb and kib. They have not
produced test failures.
Don't pointer chase through cpu0's smr. Use cpu correct smr even when not
in a critical section to reduce the likelihood of false sharing.
Dimitry Andric [Fri, 31 Jan 2020 19:36:14 +0000 (19:36 +0000)]
Merge r357348 from the clang 10.0.0 import branch:
Disable new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace. So disable it
for this case.
Dimitry Andric [Fri, 31 Jan 2020 19:35:21 +0000 (19:35 +0000)]
Disable new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):
sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD BIT(0)
^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
^
Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace. So disable it
for this case.
Dimitry Andric [Fri, 31 Jan 2020 19:06:01 +0000 (19:06 +0000)]
Merge r357342 from the clang1000-import branch:
Work around two -Werror warning issues in googletest, which have been
solved upstream in the mean time.
The first issue is because one of googletest's generated headers contain
classes with a user-declared copy assignment operator, but rely on the
generation by the compiler of an implicit copy constructor, which is now
deprecated:
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/internal/gtest-param-util-generated.h:5284:8: error: definition of implicit copy constructor for 'CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' is deprecated because it has a user-declared copy assignment operator [-Werror,-Wdeprecated-copy]
void operator=(const CartesianProductHolder3& other);
^
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/gtest-param-test.h:1277:10: note: in implicit copy constructor for 'testing::internal::CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' first required here
return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
^
/usr/src/tests/sys/fs/fusefs/io.cc:534:2: note: in instantiation of function template specialization 'testing::Combine<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' requested here
Combine(Bool(), /* async read */
^
For now, silence the warning using -Wno-deprecated-copy.
The second issue is because one of the googlemock test programs attempts
to use "unsigned wchar_t" and "signed wchar_t", which are non-standard
and at best, hazily defined:
contrib/googletest/googlemock/test/gmock-actions_test.cc:111:37: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0U, BuiltInDefaultValue<unsigned wchar_t>::Get());
^
contrib/googletest/googlemock/test/gmock-actions_test.cc:112:36: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0, BuiltInDefaultValue<signed wchar_t>::Get());
^
For now, silence the warning using -Wno-signed-unsigned-wchar.
John Baldwin [Fri, 31 Jan 2020 19:00:48 +0000 (19:00 +0000)]
Add stricter checks on user changes to SSTATUS.
Rather than trying to blacklist which bits userland can't write to via
sigreturn() or setcontext(), only permit changes to whitelisted bits.
- Permit arbitrary writes to bits in the user-writable USTATUS
register that shadows SSTATUS.
- Ignore changes in write-only bits maintained by the CPU.
- Ignore the user-supplied value of the FS field used to track
floating point state and instead set it to a value matching the
actions taken by set_fpcontext().
Dimitry Andric [Fri, 31 Jan 2020 18:26:23 +0000 (18:26 +0000)]
Work around two -Werror warning issues in googletest, which have been
solved upstream in the mean time.
The first issue is because one of googletest's generated headers contain
classes with a user-declared copy assignment operator, but rely on the
generation by the compiler of an implicit copy constructor, which is now
deprecated:
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/internal/gtest-param-util-generated.h:5284:8: error: definition of implicit copy constructor for 'CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' is deprecated because it has a user-declared copy assignment operator [-Werror,-Wdeprecated-copy]
void operator=(const CartesianProductHolder3& other);
^
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/gtest-param-test.h:1277:10: note: in implicit copy constructor for 'testing::internal::CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' first required here
return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
^
/usr/src/tests/sys/fs/fusefs/io.cc:534:2: note: in instantiation of function template specialization 'testing::Combine<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' requested here
Combine(Bool(), /* async read */
^
For now, silence the warning using -Wno-deprecated-copy.
The second issue is because one of the googlemock test programs attempts
to use "unsigned wchar_t" and "signed wchar_t", which are non-standard
and at best, hazily defined:
contrib/googletest/googlemock/test/gmock-actions_test.cc:111:37: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0U, BuiltInDefaultValue<unsigned wchar_t>::Get());
^
contrib/googletest/googlemock/test/gmock-actions_test.cc:112:36: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
EXPECT_EQ(0, BuiltInDefaultValue<signed wchar_t>::Get());
^
For now, silence the warning using -Wno-signed-unsigned-wchar.
Dimitry Andric [Fri, 31 Jan 2020 18:13:00 +0000 (18:13 +0000)]
Merge r357339 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in bsnmpd:
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
return (-1);
^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
} else
^
The intent was to group the return statement with the previous syslog()
call.
Dimitry Andric [Fri, 31 Jan 2020 18:09:27 +0000 (18:09 +0000)]
Fix the following -Werror warning from clang 10.0.0 in bsnmpd:
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
return (-1);
^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
} else
^
The intent was to group the return statement with the previous syslog()
call.
Ed Maste [Fri, 31 Jan 2020 18:04:04 +0000 (18:04 +0000)]
retire BSD_CRTBEGIN option
BSD crt is currently used on all architectures (other than sparc64).
Remove the option and use BSD crt everywhere as part of the GCC 4.2.1
retirement plan.
Conrad Meyer [Fri, 31 Jan 2020 17:40:41 +0000 (17:40 +0000)]
hwpstate(4): Ignore CurPstateLimit by default
Add a sysctl knob to allow users to re-enable it, and document the knob and
default in cpufreq.4. (While here, add a few unrelated updates to
cpufreq.4.)
It seems that the register value in some hardware simply reflects the
configured P-state. This results in an inadvertent and unintended outcome
where the P-state can only walk down, and then the driver becomes "stuck" in
the slowest possible P-state.
The Linux driver never consults this register, so that's some evidence that
ignoring the contents are relatively harmless.
PR: 234733
Reported by: sigsys AT gmail.com, Erich Dollanksy <freebsd.ed.lists AT
sumeritec.com>
Mark Johnston [Fri, 31 Jan 2020 15:43:33 +0000 (15:43 +0000)]
Reimplement stack capture of running threads on i386 and amd64.
After r355784 the td_oncpu field is no longer synchronized by the thread
lock, so the stack capture interrupt cannot be delievered precisely.
Fix this using a loop which drops the thread lock and restarts if the
wrong thread was sampled from the stack capture interrupt handler.
Change the implementation to use a regular interrupt instead of an NMI.
Now that we drop the thread lock, there is no advantage to the latter.
Simplify the KPIs. Remove stack_save_td_running() and add a return
value to stack_save_td(). On platforms that do not support stack
capture of running threads, stack_save_td() returns EOPNOTSUPP. If the
target thread is running in user mode, stack_save_td() returns EBUSY.
Reviewed by: kib
Reported by: mjg, pho
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23355
Andrew Turner [Fri, 31 Jan 2020 11:33:11 +0000 (11:33 +0000)]
Call the MAPTI command earlier in the ITS driver
The GICv3 Software Overview suggests when allocating a new MSI/MSI-X
interrupt we need to call MAPD followed by MAPTI. Unfortunately the code
would place a MOVI command between these. This is invalid as it needs
values set by the MAPTI to be present.
Re-order so we allocate a temporary CPU for the interrupt, then use the
MAPTI command to assign the MSI to it.
Mateusz Guzik [Fri, 31 Jan 2020 11:31:14 +0000 (11:31 +0000)]
vfs: revert the overzealous assert added in r357285 to vgone
The intent was to make it more likely to catch filesystems with custom
need_inactive routines which fail to call vn_need_pageq_flush (or do an
equivalent).
One immediate case which is missed is vgone from called by inactive itself.
A better assertion may land later. The routine is not added to vputx because
it is of no use to tmpfs et al.
Make sure all receive completion callbacks are covered by the network
EPOCH(9), because this is required when calling if_input() and
ether_input() after r357012.
Andrew Turner [Fri, 31 Jan 2020 10:30:13 +0000 (10:30 +0000)]
Only create one ITS configuration table
When there are multiple ITS devices in the system we would allocate a
configuration table for each, however only one table is needed as all the
ITS devices share this.
Allocate a table only when the global table is unset.
While here fix the type of this to be a pointer to a uint8_t array as the
entries are all 8 bits wide.
Andrew Turner [Fri, 31 Jan 2020 09:51:38 +0000 (09:51 +0000)]
Ignore the SMMUv3 and PMCG interrupt controller in the IORT tables
When mapping MSI/MSI-X interrupts throught he Arm IORT ACPI tables we may
need to ignore an interrupt controller even if it is within the bounds the
entry describes. When the SMMUv3 is not using GSIV (non-MSI/MSI-X)
interrupts we need to read the defined field. The Performance Monitoring
Counter Group always ignores the first table entry.
Mateusz Guzik [Fri, 31 Jan 2020 08:38:38 +0000 (08:38 +0000)]
zfs: convert z_teardown_inactive_lock to sleepable read-mostly lock
This eliminates a global serialisation point. It only gets write locked
on unmount.
Sample result doing an incremental -j 40 build:
before: 173.30s user 458.97s system 2595% cpu 24.358 total
after: 168.58s user 254.92s system 2211% cpu 19.147 total
Jeff Roberson [Fri, 31 Jan 2020 00:49:51 +0000 (00:49 +0000)]
Implement a safe memory reclamation feature that is tightly coupled with UMA.
This is in the same family of algorithms as Epoch/QSBR/RCU/PARSEC but is
a unique algorithm. This has 3x the performance of epoch in a write heavy
workload with less than half of the read side cost. The memory overhead
is significantly lessened by limiting the free-to-use latency. A synthetic
test uses 1/20th of the memory vs Epoch. There is significant further
discussion in the comments and code review.
This code should be considered experimental. I will write a man page after
it has settled. After further validation the VM will begin using this
feature to permit lockless page lookups.
Both markj and cperciva tested on arm64 at large core counts to verify
fences on weaker ordering architectures. I will commit a stress testing
tool in a follow-up.
John Baldwin [Thu, 30 Jan 2020 22:19:48 +0000 (22:19 +0000)]
Trim duplicate CSR swaps from user exceptions.
The stack pointer is swapped with the sscratch CSR just before the
jump to cpu_exception_handler_user where the first instruction swaps
it again. The two swaps together are a no-op, but the csr swap
instructions can be expensive (e.g. on Bluespec RISC-V cores csr swap
instructions force a full pipeline stall).
Around a generic call to null_nodeget(), there is nothing that would
prevent the unmount of the nullfs mp until we process to the
insmntque1() point. Calculate the VV_ROOT flag after insmntque1() to
not access mp->mnt_data before we have an exclusively locked vnode
from this mount point on the mp vnode list.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
John Baldwin [Thu, 30 Jan 2020 19:15:27 +0000 (19:15 +0000)]
Remove unused fields from struct pcb.
cpu_switch/throw() and savectx() do not save or restore any values in
these fields which mostly held non-callee-save registers.
makectx() copied these fields from kdb_frame, but they weren't used
except for PC_REGS using pcb_sepc. Change PC_REGS to use
kdb_frame->tf_sepc directly instead.
Andrew Turner [Thu, 30 Jan 2020 18:49:19 +0000 (18:49 +0000)]
Shift the ITS processor ID after reading it.
When using the processor ID value we mask off the low and high bits that
should be zero. Unfortunatly we don't shift the ID value so it won't be
affected. Add the shift when reading the ID as this will need to align
with the address based target value.
John Baldwin [Thu, 30 Jan 2020 18:28:02 +0000 (18:28 +0000)]
Fix use of an uninitialized variable.
ctx (and thus ctx.flags) is stack garbage at the start of this
function, so initialize ctx.flags to an explicit value instead of
using binary operations on the garbage.
Conrad Meyer [Thu, 30 Jan 2020 18:12:41 +0000 (18:12 +0000)]
contrib/apr: Rip out bogus [CS]PRNG implementation
This construction used some relatively slow design involving SHA2; even if
it were fed real entropy (unclear; external to the design), it did not
handle fork in a safe way, and it was difficult to audit for correctness.
So just rip it out and use the very simple and known-correct arc4random(3)
interface in its place.
Conrad Meyer [Thu, 30 Jan 2020 18:12:24 +0000 (18:12 +0000)]
aic7xxx(4): Fix unintended sign extension in ahd_inq()
ahd_inb() returns type uint8_t. The shift left by untyped 24 implicitly
promotes the result to type (signed) int. Then the binary OR with uint64_t
values sign-extends the integer. If bit 31 of the read value happened to be
set, the 64-bit result would have all upper 32 bits set to 1 due to OR. This
is clearly not intended.
Conrad Meyer [Thu, 30 Jan 2020 17:50:51 +0000 (17:50 +0000)]
contrib/apr: Remove scope leak UB
In apr_vformatter, the variable buf was declared inside a limited scope
region, but a pointer to it is leaked outside of that region and used
later. This is undefined behavior. Fix by moving the buf variable to
function scope.
Make completion event path mostly lockless using EPOCH(9).
Implement a mechanism using EPOCH(9) which allows us to make
the callback path for completion events mostly lockless.
Simplify draining callback events using epoch_wait().
While at it make sure all receive completion callbacks are
covered by the network EPOCH(9), because this is required
when calling if_input() and ether_input() after r357012.
Software interrupt handlers are allowed to sleep. In swi_net() there
is a read lock behind NETISR_RLOCK() which in turn ends up calling
msleep() which means the whole of swi_net() cannot be protected by an
EPOCH(9) section. By default the NETISR_LOCKING feature is disabled.
This issue was introduced by r357004. This is a preparation step for
replacing the functionality provided by r357004.
Found by: kib@
Sponsored by: Mellanox Technologies
Philip Paeps [Thu, 30 Jan 2020 10:40:38 +0000 (10:40 +0000)]
acpi_ibm: add support for ThinkPad PrivacyGuard
ThinkPad PrivacyGuard is a built-in toggleable privacy filter that
restricts viewing angles when on. It is an available on some new
ThinkPad models such as the X1 Carbon 7th gen (as an optional HW
upgrade).
The privacy filter can be enabled/disabled via an ACPI call. This commit
adds a sysctl under dev.acpi_ibm that allows for getting and setting the
PrivacyGuard state.
Submitted by: Kamila Součková <kamila@ksp.sk>
Reviewed By: cem, philip
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D23370
Make sure all occurrences of ieee80211_input_xxx() in sys/dev are
covered by a network epoch section. Do not depend on the interrupt
handler nor any taskqueues being in a network epoch section.
This patch should unbreak the PCI WLAN drivers after r357004.
Kyle Evans [Thu, 30 Jan 2020 03:31:16 +0000 (03:31 +0000)]
stdio: provide _unlocked variants of fflush, fputc, fputs, fread, fwrite
fflush_unlocked is currently desired in ports by sysutils/metalog, and
redefined as the locked fflush.
fputc_unlocked, fputs_unlocked, fread_unlocked, and fwrite_unlocked are
currently desired in ports by devel/elfutils, and redefined as the locked
fputs, fread, and fwrite respectively.
Kyle Evans [Thu, 30 Jan 2020 03:01:00 +0000 (03:01 +0000)]
pkgbase: generate dependencies in generate-ucl.sh
This cuts out a large chunk of duplicated *.ucl files that just needed
dependencies tacked on, and gives generate-ucl.sh some leeway in case a
future pkg may need more than one dependency.
Run-through to determine which ones could simply be removed done with for i
in *.ucl; do diff -U3 template.ucl ${i}; done | less and inspecting for any
differences beyond just adding deps at the end. The remaining ucl files are
basically all differently-licensed, require scripts, or are marked vital.
I've opted to remove %PKGDEPS% entirely without regard for third-party ucl,
as pkgbase is not yet considered production. However, I do not hold a strong
position on this and there is approximately 0 chance it will return.
clibs should have been added previously in generate-ucl.sh as one that
doesn't have any dependencies, but do so now that we would otherwise be
tacking on the runtime dependency.
Mateusz Guzik [Thu, 30 Jan 2020 02:12:52 +0000 (02:12 +0000)]
vfs: unlazy before dooming the vnode
With this change having the listmtx lock held postpones dooming the vnode.
Use this fact to simplify iteration over the lazy list. It also allows
filters to safely access ->v_data.
Kyle Evans [Wed, 29 Jan 2020 22:40:13 +0000 (22:40 +0000)]
config.mk: #define MAC as well
MAC is also almost universally a default; every GENERIC includes it, and
it's std.armv[67]. mips is again the oddball here with it only being
included in ERL/OCTEON1.
The only module currently working around this one is mac_veriexec, but it
looks like nothing it builds actually uses the MAC definition. Downstream
consumers enabling MAC in mips using mac_veriexec may be advised to do
something differently here in config.mk.