stable/11: Bump FreeBSD_Version for recent rc ${name}_limits bits
Some ports had their own interpretation of _limits that conflicted with the
new definition as of r328331. r331880 was an MFC of this commit to
stable/11. Bump FreeBSD_Version in stable/11 following r331880 so that ports
can do the right thing.
MFC r332045: Fix kernel memory disclosure in tcp_ctloutput
strcpy was used to copy a string into a buffer copied to userland, which
left uninitialized data after the terminating 0-byte. Use the same
approach as in tcp_subr.c: strncpy and explicit '\0'.
admbugs: 765, 822
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by: Vlad Tsyrklevich
Security: Kernel memory disclosure
Sponsored by: The FreeBSD Foundation
MFC r332042: Fix kernel memory disclosure in linux_ioctl_socket
strlcpy is used to copy a string into a buffer to be copied to userland,
previously leaving uninitialized data after the terminating NUL. Zero
the buffer first to avoid a kernel memory disclosure.
admbugs: 765, 811
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by: Vlad Tsyrklevich
Sponsored by: The FreeBSD Foundation
MFC r331718: stand: Add workaround for HP BIOS issues
hrs@ and kuriyama@ have found that on some HP BIOS, a system will fail to
boot immediately after installation with the claim that it can't work out
which disk they are booting from.
They tracked it down to a buffer overrun, and found that it could be
alleviated by doing a dummy read before-hand.
MFC r331739
1. Add additional debug prints.
2. Break transmit when IFF_DRV_RUNNING is OFF.
3. set desc_count=0 for default case in switch in ql_rcv_isr()
ken [Wed, 4 Apr 2018 18:06:52 +0000 (18:06 +0000)]
MFC r331766, r331768:
------------------------------------------------------------------------
r331766 | ken | 2018-03-30 09:28:25 -0600 (Fri, 30 Mar 2018) | 25 lines
Bring in the Broadcom/Emulex Fibre Channel driver, ocs_fc(4).
The ocs_fc(4) driver supports the following hardware:
Emulex 16/8G FC GEN 5 HBAS
LPe15004 FC Host Bus Adapters
LPe160XX FC Host Bus Adapters
Emulex 32/16G FC GEN 6 HBAS
LPe3100X FC Host Bus Adapters
LPe3200X FC Host Bus Adapters
The driver supports target and initiator mode, and also supports FC-Tape.
Note that the driver only currently works on little endian platforms. It
is only included in the module build for amd64 and i386, and in GENERIC
on amd64 only.
MFC r307826: Use checkyesno instead of rolling my own..
MFC r328949: Fix firstboot fs mount logic
The firstboot logic has an error which causes the filesystem to be
mounted readonly even though root_rw_mount=YES. This fixes the error to
ensure that the root filesystem is mounted rw as expected after the run
of the firstboot scripts.
MFC r331413: efidev: Drop a quick note in about efi_cfgtbl/efi_runtime
There's no real annotation for it, so it's not immediately obvious to the
unfamiliar that these pointers are to locations in the EFI runtime map
unlike the system table pointer immediately above them.
r330868:
EFIRT: SetVirtualAddressMap with 1:1 mapping after exiting boot services
This fixes a problem encountered on the Lenovo Thinkpad X220/Yoga 11e where
runtime services would try to inexplicably jump to other parts of memory
where it shouldn't be when attempting to enumerate EFI vars, causing a
panic.
The virtual mapping is enabled by default and can be disabled by setting
efi_disable_vmap in loader.conf(5).
r331241:
Check if the gettime runtime service is valid.
The U-Boot efi runtime service expects us to set the address map before
calling any runtime services. It will then remap a few functions to their
runtime version. One of these is the gettime function. If we call into
this without having set a runtime map we get a page fault.
Add a check to see if this is valid in efi_init() so we don't try to use
the possibly invalid pointer.
r331361:
Enter into the EFI environment before dereferencing the runtime services
pointer. This may be within the EFI address space and not the FreeBSD
kernel address space.
r331365:
Re-work efidev ordering to fix efirt preloaded by loader on amd64
On amd64, efi_enter calls fpu_kern_enter(). This may not be called until
fpuinitstate has been invoked, resulting in a kernel panic with
efirt_load="YES" in loader.conf(5).
Move fpuinitstate a little earlier in SI_SUB_DRIVERS so that we can squeeze
efirt between it and efirtc at SI_SUB_DRIVERS, SI_ORDER_ANY. efidev must be
after efirt and doesn't really need to be at SI_SUB_DEVFS, so drop it at
SI_SUB_DRIVER, SI_ORDER_ANY.
The not immediately obvious dependency of fpuinitstate by efirt has been
noted in both places.
Convert extres/phy to kobj model. Similarly as other extres pseudo-drivers,
implement phy by using kobj model. This detaches it from provider device, so
single device driver can export multiple different phys. Additionally, this
allows phy to be subclassed to more specialized drivers, like is USB OTG phy,
or PCIe phy with hot-plug capability.
cherry pick from r306197:
Nvidia Tegra 124 and Jetson TK1 related DTS.
r306327:
Update AHCI driver to match new dts tree
r306328:
Update PCI driver to match new dts tree
r308390:
Rework NVIDIA Tegra124 XUSBPAD driver.
- Adapt it for new, incompatible, DT bindings introduced by r306197. -
Add support for USB super speed pads/ports.
r308391:
Add NVIDIA Tegra XHCI driver and coresponding firmware blob.
r310600:
Implement drivers for NVIDIA tegra124 display controller, HDMI source and
host1x module. Unfortunately, tegra124 SoC doesn't have 2D acceleration
engine and 3D requires not yet started nouveau driver.
r314703:
Add support for card detect and write protect gpio pins to Tegra SDHCI.
gordon [Wed, 4 Apr 2018 05:24:59 +0000 (05:24 +0000)]
MFC r331981:
Limit glyph count in vtfont_load to avoid integer overflow.
Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize. Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.
Submitted by: emaste
Reported by: Dr. Silvio Cesare of InfoSect
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
Make rtld_bind_start() debugger friendly. Save link register and annotate
call frame structure so debugger can unwind call frame created by
rtld_bind_start().
r309531:
Implement fake pmap_mapdev_attr() for ARMv6. This function is referenced,
but never called from DRM2 code. Also, real behavior of pmap_mapdev_attr()
in ARM world is unclear as we don't have any additional attribute for a
device memory type.
r309553:
Fix build breakage caused by r309531.
r309604:
Fix the armv6 build after r309553.
r319896:
Implement tunable CPU quirks. These quirks are intended for optimizing CPU
performance, not for applying errata workarounds. Nobody can expect that
CPU with unfixed errata is stable enough to execute the kernel until quirks
are applied.
r320054:
Manually load tunable CPU quirks. These are needed too early, far before
SYSINIT is processed.
Use the kernel stack in the ARM FBT DTrace provider. This is used to find
the fifth argument to functions being traced, however there was an error
where the userspace stack was being used. This may be invalid leading to
a kernel panic if this address is unmapped.
MFC r321587: cc_cubic: restore braces around if-condition block
r307901 was reverted in r321480, restoring an incorrect block
delimitation bug present in the original cc_cubic commit. Restore
only the bugfix (brace addition) from r307901.
[HEAD revs above; r307901 and r321480 were both merged to stable/11
in r330445.]
CID: 1090182
Reported by: bz
Sponsored by: The FreeBSD Foundation
eugen [Tue, 3 Apr 2018 14:05:40 +0000 (14:05 +0000)]
MFC r331630: Fix instructions in the zfsboot manual page.
zfsloader(8) fails to probe a slice containing ZFS pool if its second sector
contains traces of BSD label (DISKMAGIC == 0x82564557).
Fix manual page to show working example erasing such traces.
MFC r331822:
Reorganize health recovery in mlx5core.
- Move the semaphore locking and unlocking to the same function.
- Flags are no longer needed if the reset and crdump will be done in the
same function.
MFC r331821:
Prepare for FW dump in error state in mlx5core.
- Move firmware dump prep and cleanup to init_one() and remove_one() so that
the init and cleanup will happen only upon driver reload.
- Add some prints to indicate firmware dump.
Upstream DTBs don't provide IRQ lines for the RNG. Moreover, harvesting
bytes as often as the RNG interrupt is triggered (87 times per sec) is an
overkill.
For these reasons, get rid of the interrupt mode and make callout mode the
default, with random bits harvested every 4 seconds.
Fix MAC address detection regression introduced by r324184
To accomodate all variaties of Pi DTS files floating around
we look for MAC address property either in DTS node for
USB ethernet (if it exists) or at predefined path
".../usb/hub/ethernet".
After r324184 smsc_fdt_find_eth_node started to return node
with compatibility string "usb424,ec00" as an eth node.
In imported GNU dts files this node still does not have
MAC address related property, and therefor following check for
"mac-address" and "local-mac-address" fails.
To make this logic more robust do not just search for the node
but also make sure it has required property, so if node with
accepted compatibility string exists but doesn't have the
property we fall back to looking for hardoded path mentioned above.
r314672:
[rpi] rpi3 should use the same cpufreq logic as rpi2, not rpi-b
RPi3 cpufreq is more like that on RPi2. Setting arm frequency
above min (say, "sysctl hw.cpufreq.arm_freq=600000001") turns on
turbo mode, and the firmware automatically raises voltage, sets
frequency to max 1200MHz, and throttle when overheat, etc.
Swap if/else parts and use SOC_BCM2835 def so RPi3 can share the
same cpufreq logic as RPi2, instead of falling to that for RPi.
Submitted by: Jia-Shiun Li <jiashiun@gmail.com>
Differential Revision: https://reviews.freebsd.org/D9640
r315967:
[rpi] Use compatibility string from upstream DTB for I2C controller
FreeBSD uses upstream DTB for RPi3 build and compatibility string for
i2c device is different there. Add this new string to compatibility data.
Reported by: Karl Denninger
r324184 by ian:
Allow Raspberry Pi platform and drivers to be configured with upstream DTBs.
- Added more compatibility strings to drivers not yet converted
- Added new RPI platform code compatibility string to match the ones used
upstream
- Adapted RPI and RPI2 DTS to match the new platform code compatibility
string
The goal is to use the upstream DTBs as a replacement for our custom one.
This is now possible with these changes.
Additionally, as the RPI firmware automatically chooses the right DTB for
us, this would allow to have one common armv6 kernel for RPI0 and RPI1
(BCM2835-based), and one common armv7 kernel for RPI2 v1.1 (BCM2836-based),
and RPI2 v1.2 / RPI3 (BCM2837-based).
r304488 by manu:
Keep boot parameters in ARM trampoline code
Currently boot parameters (r0 - r3) are forgotten in ARM trampoline code.
This patch save them at startup and restore them before jumping into kernel
_start() routine.
This is usefull when booting with Linux ABI and/or custom bootloader.
r305094 by cognet:
Garbage collect bits forgotten in r295267.
r305096 by cognet:
Some old arm ports don't load the kernel at the beginning of the memory,
because the bootloader, ie redboot, won't let them do so, and so used the
memory before the kernel for early memory allocation, such as pagetables,
stacks, etc...
Make a bit of an effort to try to get that memory mapped.
r305097 by cognet:
Nuke obio_bs_tag, it was used before it was initialized, and
arm_base_bs_tag is the same, anyway.
Random bit generator (RBG) driver for RPi and RPi2.
Summary:
This driver supports the following methods to trigger gathering random bits from the hardware:
1. interrupt when the FIFO is full (default) fed into the harvest queue
2. callout (when BCM2835_RNG_USE_CALLOUT is defined) every second if hz is less than 100, otherwise hz / 100, feeding the random bits into the harvest queue
If the kernel is booted with verbose enabled, the contents of the registers will be dumped after the RBG is started during the attach routine.
Author: hackagadget_gmail.com (Stephen J. Kiernan)
Test Plan: Built RPI2 kernel and booted on board. Tested the different methods to feed the harvest queue (callout, interrupt) and the interrupt driven approach seems best. However, keeping the other method for people to be able to experiment with.
We will be switching to a new arm64 uart cpu driver that handles both FDT
and ACPI. As such pull out what will be the common parts of the FDT cpu
detection to a new function that can be shared between them.
Reviewed by: manu
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7262
MFC r331806:
Add logic for "families" for GCE images.
This allows for GCE consumers to easily detect the latest major
version of FreeBSD when using the gcloud command line utility.
To ensure snapshot builds do not conflict with release-style
builds (ALPHA, BETA, RC, RELEASE), the '-snap' suffix is appended
to the GCE image family name.
avos [Sat, 31 Mar 2018 17:28:30 +0000 (17:28 +0000)]
MFC r324673:
mbuf(9): unbreak m_fragment()
- Fix it by replacing m_cat() with m_prev->m_next = m_new
(m_cat() will try to append data - as a result, there will be no
fragmentation).
- Move some checks out of the loop.
Some variables were renamed (m_final -> m_first, m_new -> m_last)
dim [Sat, 31 Mar 2018 11:38:43 +0000 (11:38 +0000)]
Merge clang, llvm, lld, lldb, compiler-rt and libc++ 6.0.0 release, and
several follow-up fixes.
MFC r327952:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r321788). Upstream has branched for the
6.0.0 release, which should be in about 6 weeks. Please report bugs and
regressions, so we can get them into the release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.
MFC r328010:
Pull in r322473 from upstream llvm trunk (by Andrei Elovikov):
[LV] Don't call recordVectorLoopValueForInductionCast for
newly-created IV from a trunc.
Summary:
This method is supposed to be called for IVs that have casts in their
use-def chains that are completely ignored after vectorization under
PSE. However, for truncates of such IVs the same InductionDescriptor
is used during creation/widening of both original IV based on PHINode
and new IV based on TruncInst.
This leads to unintended second call to
recordVectorLoopValueForInductionCast with a VectorLoopVal set to the
newly created IV for a trunc and causes an assert due to attempt to
store new information for already existing entry in the map. This is
wrong and should not be done.
This should fix "Vector value already set for part" assertions when
building the net/iodine and sysutils/daa2iso ports.
Reported by: jbeich
PR: 224867, 224868
MFC r328090:
Pull in r322623 from upstream llvm trunk (by Andrew V. Tischenko):
Allow usage of X86-prefixes as separate instrs.
Differential Revision: https://reviews.llvm.org/D42102
This should fix parse errors when x86 prefixes (such as 'lock' and
'rep') are followed by various non-mnemonic tokens, e.g. comments, .byte
directives and labels.
PR: 224669, 225054
MFC r328091:
Revert r327340, as the workaround for rep prefixes followed by .byte
directives is no longer needed after r328090.
MFC r328141 (by emaste):
lld: Fix for ld.lld does not accept "AT" syntax for declaring LMA region
AT> lma_region expression allows to specify the memory region
for section load address.
Should fix [upstream LLVM] PR35684.
LLVM review: https://reviews.llvm.org/D41397
Obtained from: LLVM r322359 by George Rimar
MFC r328143 (by emaste):
lld: Handle parsing AT(ADDR(.foo-bar)).
The problem we had with it is that anything inside an AT is an
expression, so we failed to parse the section name because of the - in
it.
Requested by: royger
Obtained from: LLVM r322801 by Rafael Espindola
MFC r328144 (by emaste):
lld: Fix incorrect physical address on self-referencing AT command.
When a section placement (AT) command references the section itself,
the physical address of the section in the ELF header was calculated
incorrectly due to alignment happening right after the location
pointer's value was captured.
The problem was diagnosed and the first version of the patch written
by Erick Reyes.
Obtained from: LLVM r322421 by Rafael Espindola
MFC r328145:
Pull in r322016 from upstream llvm trunk (by Sanjay Patel):
[ValueTracking] remove overzealous assert
The test is derived from a failing fuzz test:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5008
Credit to @rksimon for pointing out the problem.
This should fix "Bad flavor while matching min/max" errors when building
the graphics/libsixel and science/kst2 ports.
Reported by: jbeich
PR: 225268, 225269
MFC r328146:
Pull in r322106 from upstream llvm trunk (by Alexey Bataev):
[COST]Fix PR35865: Fix cost model evaluation for shuffle on X86.
Summary:
If the vector type is transformed to non-vector single type, the
compile may crash trying to get vector information about non-vector
type.
This should fix "Not a vector MVT!" errors when building the
games/dhewm3 port.
Reported by: jbeich
PR: 225271
MFC r328286 (by emaste):
lld: Don't mark a shared library as needed because of a lazy symbol.
Obtained from: LLVM r323221 by Rafael Esp?ndola
MFC r328381:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r323338).
PR: 224669
MFC r328513:
Pull in r322245 from upstream clang trunk (by Craig Topper):
[X86] Make -mavx512f imply -mfma and -mf16c in the frontend like it
does in the backend.
Similarly, make -mno-fma and -mno-f16c imply -mno-avx512f.
Withou this "-mno-sse -mavx512f" ends up with avx512f being enabled
in the frontend but disabled in the backend.
Reported by: pawel
PR: 225488
MFC r328542 (by emaste):
lld: Use lookup instead of find. NFC, just simpler.
Obtained from: LLVM r323395 by Rafael Espindola
MFC r328543 (by emaste):
lld: Only lookup LMARegion once. NFC.
This is similar to how we handle MemRegion.
Obtained from: LLVM r323396 by Rafael Espindola
MFC r328544 (by emaste):
lld: Remove MemRegionOffset. NFC.
We can just use a member variable in MemoryRegion.
Obtained from: LLVM r323399 by Rafael Espindola
MFC r328545 (by emaste):
lld: Simplify. NFC.
Obtained from: LLVM r323440 by Rafael Espindola
MFC r328546 (by emaste):
lld: Improve LMARegion handling.
This fixes the crash reported at [LLVM] PR36083.
The issue is that we were trying to put all the sections in the same
PT_LOAD and crashing trying to write past the end of the file.
This also adds accounting for used space in LMARegion, without it all
3 PT_LOADs would have the same physical address.
Obtained from: LLVM r323449 by Rafael Espindola
MFC r328547 (by emaste):
lld: Move LMAOffset from the OutputSection to the PhdrEntry. NFC.
If two sections are in the same PT_LOAD, their relatives offsets,
virtual address and physical addresses are all the same.
[Rafael] initially wanted to have a single global LMAOffset, on the
assumption that every ELF file was in practiced loaded contiguously in
both physical and virtual memory.
Unfortunately that is not the case. The linux kernel has:
The delta for all but the third PT_LOAD is the same:
0xffffffff80000000. [Rafael] thinks the 3rd one is a hack for implementing
per cpu data, but we can't break that.
Obtained from: LLVM r323456 by Rafael Espindola
MFC r328548 (by emaste):
lld: Put the header in the first PT_LOAD even if that PT_LOAD has a LMAExpr
The root problem is that we were creating a PT_LOAD just for the header.
That was technically valid, but inconvenient: we should not be making
the ELF discontinuous.
The solution is to allow a section with LMAExpr to be added to a PT_LOAD
if that PT_LOAD doesn't already have a LMAExpr.
LLVM PR: 36017
Obtained from: LLVM r323625 by Rafael Espindola
MFC r328594 (by emaste):
Pull in r322108 from upstream llvm trunk (by Rafael Esp?ndola):
Make one of the emitFill methods non virtual. NFC.
This is just preparatory work to fix [LLVM] PR35858.
MFC r328595 (by emaste):
Pull in r322123 from upstream llvm trunk (by Rafael Esp?ndola):
Don't create MCFillFragment directly.
Instead use higher level APIs that take care of most bookkeeping.
MFC r328596 (by emaste):
Pull in r322131 from upstream llvm trunk (by Rafael Esp?ndola):
Use a MCExpr for the size of MCFillFragment.
This allows the size to be found during ralaxation. This fixes
[LLVM] pr35858.
Requested by: royger
MFC r328753:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r323948).
PR: 224669
MFC r328817:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r324090).
This introduces retpoline support, with the -mretpoline flag. The
upstream initial commit message (r323155 by Chandler Carruth) contains
quite a bit of explanation. Quoting:
Introduce the "retpoline" x86 mitigation technique for variant #2 of
the speculative execution vulnerabilities disclosed today,
specifically identified by CVE-2017-5715, "Branch Target Injection",
and is one of the two halves to Spectre.
Summary:
First, we need to explain the core of the vulnerability. Note that
this is a very incomplete description, please see the Project Zero
blog post for details:
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
The basis for branch target injection is to direct speculative
execution of the processor to some "gadget" of executable code by
poisoning the prediction of indirect branches with the address of
that gadget. The gadget in turn contains an operation that provides a
side channel for reading data. Most commonly, this will look like a
load of secret data followed by a branch on the loaded value and then
a load of some predictable cache line. The attacker then uses timing
of the processors cache to determine which direction the branch took
*in the speculative execution*, and in turn what one bit of the
loaded value was. Due to the nature of these timing side channels and
the branch predictor on Intel processors, this allows an attacker to
leak data only accessible to a privileged domain (like the kernel)
back into an unprivileged domain.
The goal is simple: avoid generating code which contains an indirect
branch that could have its prediction poisoned by an attacker. In
many cases, the compiler can simply use directed conditional branches
and a small search tree. LLVM already has support for lowering
switches in this way and the first step of this patch is to disable
jump-table lowering of switches and introduce a pass to rewrite
explicit indirectbr sequences into a switch over integers.
However, there is no fully general alternative to indirect calls. We
introduce a new construct we call a "retpoline" to implement indirect
calls in a non-speculatable way. It can be thought of loosely as a
trampoline for indirect calls which uses the RET instruction on x86.
Further, we arrange for a specific call->ret sequence which ensures
the processor predicts the return to go to a controlled, known
location. The retpoline then "smashes" the return address pushed onto
the stack by the call with the desired target of the original
indirect call. The result is a predicted return to the next
instruction after a call (which can be used to trap speculative
execution within an infinite loop) and an actual indirect branch to
an arbitrary address.
On 64-bit x86 ABIs, this is especially easily done in the compiler by
using a guaranteed scratch register to pass the target into this
device. For 32-bit ABIs there isn't a guaranteed scratch register
and so several different retpoline variants are introduced to use a
scratch register if one is available in the calling convention and to
otherwise use direct stack push/pop sequences to pass the target
address.
This "retpoline" mitigation is fully described in the following blog
post: https://support.google.com/faqs/answer/7625886
We also support a target feature that disables emission of the
retpoline thunk by the compiler to allow for custom thunks if users
want them. These are particularly useful in environments like
kernels that routinely do hot-patching on boot and want to hot-patch
their thunk to different code sequences. They can write this custom
thunk and use `-mretpoline-external-thunk` *in addition* to
`-mretpoline`. In this case, on x86-64 thu thunk names must be:
```
__llvm_external_retpoline_r11
```
or on 32-bit:
```
__llvm_external_retpoline_eax
__llvm_external_retpoline_ecx
__llvm_external_retpoline_edx
__llvm_external_retpoline_push
```
And the target of the retpoline is passed in the named register, or in
the case of the `push` suffix on the top of the stack via a `pushl`
instruction.
There is one other important source of indirect branches in x86 ELF
binaries: the PLT. These patches also include support for LLD to
generate PLT entries that perform a retpoline-style indirection.
The only other indirect branches remaining that we are aware of are
from precompiled runtimes (such as crt0.o and similar). The ones we
have found are not really attackable, and so we have not focused on
them here, but eventually these runtimes should also be replicated for
retpoline-ed configurations for completeness.
For kernels or other freestanding or fully static executables, the
compiler switch `-mretpoline` is sufficient to fully mitigate this
particular attack. For dynamic executables, you must compile *all*
libraries with `-mretpoline` and additionally link the dynamic
executable and all shared libraries with LLD and pass `-z
retpolineplt` (or use similar functionality from some other linker).
We strongly recommend also using `-z now` as non-lazy binding allows
the retpoline-mitigated PLT to be substantially smaller.
When manually apply similar transformations to `-mretpoline` to the
Linux kernel we observed very small performance hits to applications
running typic al workloads, and relatively minor hits (approximately
2%) even for extremely syscall-heavy applications. This is largely
due to the small number of indirect branches that occur in
performance sensitive paths of the kernel.
When using these patches on statically linked applications,
especially C++ applications, you should expect to see a much more
dramatic performance hit. For microbenchmarks that are switch,
indirect-, or virtual-call heavy we have seen overheads ranging from
10% to 50%.
However, real-world workloads exhibit substantially lower performance
impact. Notably, techniques such as PGO and ThinLTO dramatically
reduce the impact of hot indirect calls (by speculatively promoting
them to direct calls) and allow optimized search trees to be used to
lower switches. If you need to deploy these techniques in C++
applications, we *strongly* recommend that you ensure all hot call
targets are statically linked (avoiding PLT indirection) and use both
PGO and ThinLTO. Well tuned servers using all of these techniques saw
5% - 10% overhead from the use of retpoline.
We will add detailed documentation covering these components in
subsequent patches, but wanted to make the core functionality
available as soon as possible. Happy for more code review, but we'd
really like to get these patches landed and backported ASAP for
obvious reasons. We're planning to backport this to both 6.0 and 5.0
release streams and get a 5.0 release with just this cherry picked
ASAP for distros and vendors.
This patch is the work of a number of people over the past month:
Eric, Reid, Rui, and myself. I'm mailing it out as a single commit
due to the time sensitive nature of landing this and the need to
backport it. Huge thanks to everyone who helped out here, and
everyone at Intel who helped out in discussions about how to craft
this. Also, credit goes to Paul Turner (at Google, but not an LLVM
contributor) for much of the underlying retpoline design.
Pull in r324594 from upstream clang trunk (by Alexander Ivchenko):
Fix for #31362 - ms_abi is implemented incorrectly for values >=16
bytes.
Summary:
This patch is a fix for following issue:
https://bugs.llvm.org/show_bug.cgi?id=31362 The problem was caused by
front end lowering C calling conventions without taking into account
calling conventions enforced by attribute. In this case win64cc was
no correctly lowered on targets other than Windows.
This fixes clang 6.0.0 assertions when building the emulators/wine and
emulators/wine-devel ports, and should also make it use the correct
Windows calling conventions. Bump __FreeBSD_version to make the fix
easy to detect.
PR: 224863
MFC r329223:
Pull in r323998 from upstream clang trunk (by Richard Smith):
PR36157: When injecting an implicit function declaration in C89, find
the right DeclContext rather than injecting it wherever we happen to
be.
This avoids creating functions whose DeclContext is a struct or
similar.
This fixes assertion failures when parsing certain not-completely-valid
struct declarations.
Reported by: ae
PR: 225862
MFC r329410:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r325330).
PR: 224669
MFC r329983:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r325932). This corresponds to 6.0.0 rc3.
PR: 224669
MFC r330384:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 release (upstream r326565).
Release notes for llvm, clang and lld will be available here soon:
<http://releases.llvm.org/6.0.0/docs/ReleaseNotes.html>
<http://releases.llvm.org/6.0.0/tools/clang/docs/ReleaseNotes.html>
<http://releases.llvm.org/6.0.0/tools/lld/docs/ReleaseNotes.html>
Relnotes: yes
PR: 224669
MFC r330686:
Pull in r326882 from upstream llvm trunk (by Sjoerd Meijer):
[ARM] Fix for PR36577
Don't PerformSHLSimplify if the given node is used by a node that
also uses a constant because we may get stuck in an infinite combine
loop.
This fixes an assertion when building the emulators/snes9x port.
Reported by: jbeich
PR: 225471
MFC r331066:
Pull in r321999 from upstream clang trunk (by Ivan A. Kosarev):
[CodeGen] Fix TBAA info for accesses to members of base classes
Resolves:
Bug 35724 - regression (r315984): fatal error: error in backend:
Broken function found (Did not see access type in access path!)
https://bugs.llvm.org/show_bug.cgi?id=35724
This fixes "Did not see access type in access path" fatal errors when
building the devel/gdb port (version 8.1).
Reported by: jbeich
PR: 226658
MFC r331366:
Pull in r327101 from upstream llvm trunk (by Rafael Espindola):
Don't treat .symver as a regular alias definition.
This patch starts simplifying the handling of .symver.
For now it just moves the responsibility for creating an alias down to
the streamer. With that the asm streamer can pass a .symver unchanged,
which is nice since gas cannot parse "foo@bar = zed".
In a followup I hope to move the handling down to the writer so that
we don't need special hacks for avoiding breaking names with @@@ on
windows.
Pull in r327160 from upstream llvm trunk (by Rafael Espindola):
Delay creating an alias for @@@.
With this we only create an alias for @@@ once we know if it should
use @ or @@. This avoids last minutes renames and hacks to handle MS
names.
This only handles the ELF writer. LTO still has issues with @@@
aliases.
Pull in r327928 from upstream llvm trunk (by Vitaly Buka):
Object: Move attribute calculation into RecordStreamer. NFC
Pull in r327930 from upstream llvm trunk (by Vitaly Buka):
Object: Fix handling of @@@ in .symver directive
Summary:
name@@@nodename is going to be replaced with name@@nodename if symbols is
defined in the assembled file, or name@nodename if undefined.
https://sourceware.org/binutils/docs/as/Symver.html
gjb [Sat, 31 Mar 2018 01:37:14 +0000 (01:37 +0000)]
MFC r331696, r331697:
r331696:
Update the Release Engineering article URL to the modern version.
r331697:
Add an example for building SD card images for the RPI-B and RPI3.
Note, this commit manually fixes a merge conflict caused by r325096,
which does a seemingly recursive http -> https update, which this
commit was never marked for MFC.
gonzo [Sat, 31 Mar 2018 00:30:47 +0000 (00:30 +0000)]
MFC r330558:
[ig4] Add support for i2c controllers on Skylake and Kaby Lake
This was tested by Ben on HP Chromebook 13 G1 with a
Skylake CPU and Sunrise Point-LP I2C controller and by me on
Minnowboard Turbot with Atom E3826 (formerly Bay Trail)
Submitted by: Ben Pye <ben@curlybracket.co.uk>
Reviewed by: gonzo
Obtained from: DragonflyBSD (a4549657 by Imre Vadász)
Differential Revision: https://reviews.freebsd.org/D13654
gonzo [Fri, 30 Mar 2018 23:31:08 +0000 (23:31 +0000)]
MFC r329832, r329926
r329832:
[chvgpio] add GPIO driver for Intel Z8xxx SoC family
Add chvgpio(4) driver for Intel Z8xxx SoC family. This product
was formerly known as Cherry Trail but Linux and OpenBSD drivers
refer to it as Cherry View. This driver is derived from OpenBSD
one so the name is kept for alignment with another BSD system.
Submitted by: Tom Jones <tj@enoti.me>
Reviewed by: gonzo, wblock(man page)
Differential Revision: https://reviews.freebsd.org/D13086
r329926:
Add SPDX tags for chvgpio driver sources
Also move $FreeBSD$ keyword in header to BSD license
hselasky [Fri, 30 Mar 2018 19:25:40 +0000 (19:25 +0000)]
MFC r331455:
Fix incorrect page count when mlx5core is in internal error.
Change page cleanup flow when in internal error to properly decrement
the page counts when reclaiming pages. That prevents timing out
waiting for extra pages that were actually cleaned up previously.
hselasky [Fri, 30 Mar 2018 19:24:49 +0000 (19:24 +0000)]
MFC r331453:
Don't save PCI state when PCI error is detected in mlx5core.
When a PCI error is detected the PCI state could be corrupt, don't
save it in that flow. Save the state after initialization. After
restoring the PCI state during slot reset save it again, restoring
the state destroys the previously saved state info.
hselasky [Fri, 30 Mar 2018 19:23:46 +0000 (19:23 +0000)]
MFC r331452:
Add mutual exclusion mechanism for software reset of firmware in mlx5core.
Since the FW can be shared between PCI functions it is common that
more than one health poll will detected a failure, this can lead to
multiple resets.
The solution is to use a FW locking mechanism using semaphore space to
provide a way to synchronize between functions. The FW semaphore is
acquired via config cycle access. First the VSEC gateway must be
acquired, then the semaphore can be locked by writing a value to it
and confirmed it's locked by reading the same value back. The process
in the same to free the semaphore, except the value written should be
zero.
hselasky [Fri, 30 Mar 2018 19:21:19 +0000 (19:21 +0000)]
MFC r331449:
Handle software reset of firmware in error flow in mlx5core.
Some mlx5 adapter firmware allows the driver to reset the firmware in
the event of an error. When a software reset is issued on any physical
function all PFs enter reset state. This is a recoverable condition.
The existing recovery flow was designed to allow the recovery of a
VF after a PF driver reload. This patch expands the scope of that
flow to recover PFs or VFs after a SW reset has been issued.
When a software reset is issued the following occurs:
1. The NIC interface mode is set to SW_RESET (7) while the reset is in
progress.
2. Once the reset completes the NIC interface mode is set to NIC
disabled (1).
After the reset has been issued (added in a subsequent patch) the
health poll for other functions will detect that the NIC interface
state has been set to disabled. This will cause it to enter the
existing recovery flow. If the PCI is still working (meaning it
doesn't return 0xff on all reads) it means recovery can proceed
immediately instead of waiting 60 seconds.
The error detetion has also been refactored to avoid incorrect or
misleading log messages.
hselasky [Fri, 30 Mar 2018 19:20:27 +0000 (19:20 +0000)]
MFC r331447:
Hide verbose proclamation of error when forced in mlx5core.
When mlx5_enter_error_state() operation is forced by shutdown, the
messages surrounding setting the error state are not informational
and confuse users.