Ed Maste [Thu, 23 Mar 2023 17:02:44 +0000 (13:02 -0400)]
makefs: correct El Torito bood record
The boot catalog pointer is a DWord, but we previously populated it via
cd9660_bothendian_dword which overwrote four unused bytes following it.
See El Torito 1.0 (1995) Figure 7 for details.
PR: 203531
Reported by: Coverity Scan
Reported by: Thomas Schmitt <scdbackup@gmx.net>
Reviewed by: kevans
CID: 977470
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39231
Kirk McKusick [Thu, 23 Mar 2023 20:03:20 +0000 (13:03 -0700)]
Improve chance of finding an alternate superblock in sbsearch(3).
When requesting a superblock read for the sole purpose of getting
the parameters needed to find if backup parameters have been stored,
specify UFS_NOCSUM as only the base superblock is needed. This
change reduces the number of checks that the superblock must pass.
Zachary Leaf [Thu, 2 Mar 2023 14:15:54 +0000 (14:15 +0000)]
arm64: add fault address to trapframe
It was previously possible for the fault address register to get
clobbered before it was saved. This small window occurred when an
additional exception was encountered inside the exception handler,
overwriting the previous value.
Commit f29942229d24 ("Read the arm64 far early in el0 exceptions")
patched this issue, but avoided changing the trapframe since this could
be considered a KBI change in FreeBSD 13.
Revert the above fix and save the fault address in the trapframe
instead. This saves the fault address even earlier in the exception
handling process, and is a more robust and simple fix.
Zachary Leaf [Fri, 24 Feb 2023 08:35:08 +0000 (08:35 +0000)]
arm64: extend ESR/SPSR registers to 64b
For the Exception Syndrome Register, ESR_ELx, the upper 32b were
previously unused, but now may contain additional exception info as of
Armv8.7 (FEAT_LS64).
Extend ESR from u32->u64 in exception handling code to support this. In
addition, also extend Saved Program Status Register SPSR_ELx in the same
way to allow for future extensions.
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D38983
John Baldwin [Thu, 23 Mar 2023 16:31:29 +0000 (09:31 -0700)]
libpmc: Use LIB_CXX instead of explicit LDADD to link a C++ library.
This uses the C++ compiler as the linker instead of the C compiler
letting the compiler driver pick the right libraries. This is a no-op
on main and stable/13 but matters for stable/12 where the current
logic breaks for external GCC since it tries to use a non-existent
libstdc++.
Justin Hibbits [Thu, 16 Mar 2023 20:24:56 +0000 (16:24 -0400)]
IfAPI: Add iterator to complement if_foreach()
Summary:
Sometimes an if_foreach() callback can be trivial, or need a lot of
outer context. In this case a regular `for` loop makes more sense. To
keep things hidden in the new API, use an opaque `if_iter` structure
that can still be instantiated on the stack. The current implementation
uses just a single pointer out of the 4 alotted to the opaque context,
and the cleanup does nothing, but may be used in the future.
Ihor Antonov [Thu, 23 Mar 2023 02:37:12 +0000 (21:37 -0500)]
daemon: decouple init logic from main loop
main() func contained both initialization and main loop logic.
This made certain operations like restarting problematic and
required dirty hacks in form of goto jumps.
This commit moves the main loop logic into daemon_eventloop(),
cleans up main, and makes restart logic clear: daemon_mainloop()
is run in a loop with a restart condition checked at the end.
Bjoern A. Zeeb [Tue, 21 Mar 2023 21:25:28 +0000 (21:25 +0000)]
ifconfig: ifieee80211: print bssid name
In certain setups (e.g., autonomous APs) it is extremly helpful to have
a way to map the BSSIDs to names for both normal status output as well
as the scan list. This often allows a quicker overview than remembering
(or manually looking up) BSSIDs.
Call ether_ntohost() on the bssid and consult /etc/ethers
and print "(name)" after the bssid for the status output and "(name)"
at the end of the line after the IE list.
Mateusz Guzik [Tue, 21 Mar 2023 07:27:25 +0000 (07:27 +0000)]
vfs: decouple freevnodes from vnode batching
In principle one cpu can keep vholding vnodes, while another vdrops
them. In this case it may be the local count will keep growing in an
unbounded manner. Roll it up after a threshold instead.
John Baldwin [Wed, 22 Mar 2023 19:35:09 +0000 (12:35 -0700)]
sys: Stop enabling -Wnested-externs.
clang doesn't implement this warning, so violations are only caught by
GCC. It is also no longer a common practice to use this as it was in
the original BSD code, so the need for the warning is not as important
as when it was used to do cleanups 20 years ago. A recent commit
(c3179891f897d840f578a5139839fcacb587c96d) triggers this warning on
GCC, but that commit uses nested externs purposefully.
John Baldwin [Wed, 22 Mar 2023 19:34:34 +0000 (12:34 -0700)]
bhyve: Accept a variable-length string name for qemu_fwcfg_add_file.
It is illegal (UB?) to pass a shorter array to a function argument
that takes a fixed-length array. Do a runtime check for names that
are too long via strlen() instead.
Val Packett [Mon, 6 Feb 2023 19:03:58 +0000 (16:03 -0300)]
arpa: garbage collect ns_newmsg/ns_rdata decls
These were brought in by the libbind import, but these functions were
never actually implemented anywhere, only header declarations and symbol
map entries were imported.
Fixes: 046c3635cdb2 ("Bring final version of libbind:") Fixes: e45764721aed ("Update our stub resolver to final version of ...")
Reported by: ld.lld 16 being --no-undefined-version by default
Sponsored by: https://www.patreon.com/valpackett
Reviewed by: emaste
Pull request: https://github.com/freebsd/freebsd-src/pull/700
Differential Revision: https://reviews.freebsd.org/D38407
Brooks Davis [Wed, 22 Mar 2023 16:23:57 +0000 (16:23 +0000)]
amd64: reduce header pollution in _stdint.h
In 38d1ac34ff82bd2aeb308b52a65b686060e52873 SIGATOMIC_{MIN,MAX} were
defined in terms of LONG_{MIN,MAX}. Later, they were switched to
__LONG_{MIN,MAX} in 78fe75bc280264e7471b3069e148cae32e8ae211 where an
include of machine/_limits.h was added. Switch to using fixed width
INT64_{MIN,MAX} and remove the header pollution.
Brooks Davis [Wed, 22 Mar 2023 16:23:22 +0000 (16:23 +0000)]
riscv: Fix sig_atomic_t limit definitions
sig_atomic_t is defined as a long and thus is 64-bit on arm64. For some
reason its limit was incorrectly specified as a 32-bit number. This had
the unfortunate side effect of causing gnulib to override most of the
definitions in stdint.h. On CheriBSD this breaks all software that uses
gnulib in annoying and hard to debug ways.
Technically updating the limits might be an ABI change, but these
defines are largely unused (the only use in tree is in the libc++ test
suite where it's use an assertion that will fail due to this bug).
Further, since the underlying type remains the same, we're just
increasing the range of values a paranoid program might use.
Brooks Davis [Wed, 22 Mar 2023 16:22:21 +0000 (16:22 +0000)]
arm64: Fix sig_atomic_t limit definitions
sig_atomic_t is defined as a long and thus is 64-bit on arm64. For some
reason its limit was incorrectly specified as a 32-bit number. This had
the unfortunate side effect of causing gnulib to override most of the
definitions in stdint.h. On CheriBSD this breaks all software that uses
gnulib in annoying and hard to debug ways.
Technically updating the limits might be an ABI change, but these
defines are largely unused (the only use in tree is in the libc++ test
suite where it's use an assertion that will fail due to this bug).
Further, since the underlying type remains the same, we're just
increasing the range of values a paranoid program might use.
Ed Maste [Thu, 3 Nov 2022 17:17:40 +0000 (13:17 -0400)]
sftp: avoid leaking path arg in calls to make_absolute_pwd_glob
As Coverity reports:
Overwriting tmp in tmp = make_absolute_pwd_glob(tmp, remote_path)
leaks the storage that tmp points to.
Consume the first arg in make_absolute_pwd_glob, and add xstrdup() to
the one case which did not assign to the same variable that was passed
in. With this change make_absolute() and make_absolute_pwd_glob() have
the same semantics with respect to freeing the input string.
This change was reported to OpenSSH in
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-November/040497.html
but was not acted on. It appears that OpenBSD subsequently received a
Coverity report for the same issue (their Coverity ID 405196) but fixed
only the specific instance reported by Coverity.
This change reverts OpenBSD's sftp.c 1.228 / OpenSSH-portable
commit 36c6c3eff5e4.
Mark Johnston [Wed, 22 Mar 2023 13:02:54 +0000 (09:02 -0400)]
bhyve: Sleep briefly in the VMEXIT_DEBUG handler
As of commit 0bda8d3e9f7a ("vmm: permit some IPIs to be handled by
userspace") and commit 9cc9abf409cc ("bhyve: create all vcpus on
startup"), we have a misbehaviour where AP vCPU threads spin until they
receive a SIPI. In particular, since they are "suspended", they simply
call the VMEXIT_DEBUG handler in a loop, but the handler is a no-op by
default.
This is tricky to fix since the gdb stub isn't aware of whether a given
vCPU is supposed to be running. For 13.2's sake, introduce a simple
workaround wherein the VMEXIT_DEBUG handler sleeps for a short period.
This ensures that host CPU usage remains sane when VMs are starting
without penalizing users of VMEXIT_DEBUG too much.
Reviewed by: corvink, jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39174
Mark Johnston [Wed, 22 Mar 2023 12:52:57 +0000 (08:52 -0400)]
fdescfs: Fix a file ref leak
In fdesc_lookup(), vn_vget_ino_gen() may fail without invoking the
callback, in which case the ref on fp is leaked. This happens if the
fdescfs mount is being concurrently unmounted. Moreover, we cannot
safely drop the ref while the dvp is locked.
So:
- Use a flag variable to indicate whether the ref is dropped.
- Reorganize things to handle the leak.
Reported by: C Turt <ecturt@gmail.com>
Reviewed by: mjg, kib
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39189
Warner Losh [Wed, 22 Mar 2023 02:25:58 +0000 (20:25 -0600)]
_endian.h: Include sys/ctypes.h for visibility macros
BYTE_ORDER, LITTLE_ENDIAN and BIG_ENDIAN will be required by the
forthcoming POSIX Issue 8. In addition, they are provided in the BSD
compilation environments. However, depending on the order includes
happend, sys/cdefs.h may or may not be included when endian.h is
included. Include it here so we can safely test __BSD_VISIBLE. Add
visibility when we're compiling in the future for issue 8, but since the
date number for issue 8 hasn't been fixed, use strictly greater than the
issue 7 date.of 200809.
This had the side effect of sometimes (in the traditional BSD
compliation environment)
#if BYTE_ORDER == LITTLE_ENDIAN
and
#if BYTE_ORDER == BIG_ENDIAN
both being true because none of these were defined. This fixes
that. It also fixes including it after <stdio.h> but not before.
The previous code unsuccesfully attempted to report a precise error for
each option in the user list. Moreover, commit 253b2ec199b broke some
ctrl-api-test (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260547).
With this patch we bail out as soon as an unrecoverable error is detected and
we properly check for copy boundaries. EOPNOTSUPP no longer immediately
returns an error, so that any other option in the list may be examined
by the caller code and a precise report of the (un)supported options can
be returned to the user.
With this patch, all ctrl-api-test unit tests pass again.
Mark Johnston [Tue, 21 Mar 2023 19:51:24 +0000 (15:51 -0400)]
ktls: Fix interlocking between ktls_enable_rx() and listen(2)
The TCP_TXTLS_ENABLE and TCP_RXTLS_ENABLE socket option handlers check
whether the socket is listening socket and fail if so, but this check is
racy. Since we have to lock the socket buffer later anyway, defer the
check to that point.
ktls_enable_tx() locks the send buffer's I/O lock, which will fail if
the socket is a listening socket, so no explicit checks are needed. In
ktls_enable_rx(), which does not acquire the I/O lock (see the review
for some discussion on this), use an explicit SOLISTENING() check after
locking the recv socket buffer.
Otherwise, a concurrent solisten_proto() call can trigger crashes and
memory leaks by wiping out socket buffers as ktls_enable_*() is
modifying them.
Also make sure that a KTLS-enabled socket can't be converted to a
listening socket, and use SOCK_(SEND|RECV)BUF_LOCK macros instead of the
old ones while here.
Add some simple regression tests involving listen(2).
Reported by: syzkaller
MFC after: 2 weeks
Reviewed by: gallatin, glebius, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38504
Kornel Dulęba [Tue, 21 Mar 2023 17:18:59 +0000 (18:18 +0100)]
OpenSSL: aes/asm/bsaes-armv7.pl: Replace adrl with add
"adrl" is a pseudo-instruction used to calculate an address relative
to PC. It's not recognized by clang resulting in a compilation error.
I've stumbled upon it when trying to integrate the bsaes-armv7 assmebly
logic into FreeBSD kernel, which uses clang as it's default compiler.
Note that this affect the build only if BSAES_ASM_EXTENDED_KEY is
defined, which is not the default option in OpenSSL.
The solution here is to replace it with an add instruction.
This mimics what has already been done in !BSAES_ASM_EXTENDED_KEY logic.
Because of that I've marked this as trivial CLA.
Justin Hibbits [Tue, 21 Mar 2023 13:18:18 +0000 (09:18 -0400)]
powerpc/pmap: Account for a potential NULL pmap in pmap_sync_icache
It's apparently possible for pcpu->pc_curpmap to be NULL at some point,
leading to a panic. Account for this as is done with the other 64-bit
AIM pmap.
Reported by: pkubaj
Tested by: pkubaj
Fixes: 6f0b2a235a1 ("Add pmap_sync_icache() for radix pmap")
MFC after: 3 days
linuxkpi: Define `seq_has_overflowed()` and `single_open_size()`
This required non-trivial changes to `linux_seq_file.c` to manage a new
`(struct seq_file)->size` field. This field is read directly by DRM
drivers, so we can't alias it to a call to sbuf_len(9).
`single_open_size()` also depended on the ability to allocate the sbuf
with a specified size instead of relying on `sbuf_new_auto()`.
Reviewed by: manu
Approved by: manu
Differential Revision: https://reviews.freebsd.org/D39056
DRM drivers set some pointers to `ZERO_SIZE_PTR` directly (without
allocating anything), to treat pointers which were "initialized" (set to
`ZERO_SIZE_PTR`) with no memory allocation like really allocated
pointers. NULL isn't used because it represents a third state.
Reviewed by: emaste, manu
Approved by: emaste, manu
Differential Revision: https://reviews.freebsd.org/D39055
This is not the same as querying the PCIE ASPM capability. The function
should return if the feature is actually enabled or not. It always
return false on FreeBSD.
Reviewed by: manu
Approved by: manu
Differential Revision: https://reviews.freebsd.org/D39053
Mitchell Horne [Fri, 10 Feb 2023 14:52:38 +0000 (10:52 -0400)]
x86: nexus code tidy-up
Make a pass at the various nexus implementations, fixing some very minor
style issues, obsolete comments, etc.
The method declaration section has become unwieldy in many respects.
Attempt to tame it by:
- Using generated method typedefs
- Grouping methods roughly by category, and then alphabetically.
Mitchell Horne [Fri, 10 Feb 2023 14:37:08 +0000 (10:37 -0400)]
powerpc: nexus code tidy-up
Make a pass at the various nexus implementations, fixing some very minor
style issues, obsolete comments, etc.
Update the top-level comment to be closer to other nexus
implementations.
The method declaration section has become unwieldy in many respects.
Attempt to tame it by:
- Using generated method typedefs
- Grouping methods roughly by category, and then alphabetically.
Mitchell Horne [Mon, 6 Feb 2023 15:53:09 +0000 (11:53 -0400)]
riscv: nexus code tidy-up
Make a pass at the various nexus implementations, fixing some very minor
style issues, obsolete comments, etc.
The method declaration section has become unwieldy in many respects.
Attempt to tame it by:
- Using generated method typedefs
- Grouping methods roughly by category, and then alphabetically.
Mitchell Horne [Fri, 10 Feb 2023 14:26:53 +0000 (10:26 -0400)]
arm64: nexus code tidy-up
Make a pass at the various nexus implementations, fixing some very minor
style issues, obsolete comments, etc.
The method declaration section has become unwieldy in many respects.
Attempt to tame it by:
- Using generated method typedefs
- Grouping methods roughly by category, and then alphabetically.
Mitchell Horne [Mon, 6 Feb 2023 15:57:33 +0000 (11:57 -0400)]
arm: nexus code tidy-up
Make a pass at the various nexus implementations, fixing some very minor
style issues, obsolete comments, etc.
The method declaration section has become unwieldy in many respects.
Attempt to tame it by:
- Using generated method typedefs
- Grouping methods roughly by category, and then alphabetically.
Mitchell Horne [Mon, 20 Mar 2023 20:01:03 +0000 (17:01 -0300)]
hardclock(9): small cleanups
- Improve the wording that describes cnt and hz (avoid "the long haul")
- Use .Fa for function arguments
- Fix formatting of parenthesis around swi(9) xref
- removed xref to non-existent options(4)
- xref polling(4)
- consistently list xrefs in SEE ALSO
- xref eventtimers(9) in SEE ALSO
Reviewed by: mav, rpokala
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39137
Mitchell Horne [Mon, 20 Mar 2023 19:58:48 +0000 (16:58 -0300)]
kern_reboot(9): describe event handlers
Add more details about the execution and purpose of these shutdown
handlers. Make a point to mention the requirement that they can be run
in a normal or panic context. Add some simple examples.
Add a brief comment to the declaration in sys/eventhandler.h.
Reviewed by: markj
Discussed with: rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39135
Mitchell Horne [Mon, 20 Mar 2023 19:56:54 +0000 (16:56 -0300)]
kern_reboot(9): some updates
- This function no longer disables interrupts
- MLINK to reboot.9
- The mentions of autoconfiguration is more about shutdown_nice(),
coming in the next commit.
- Describe the RB_* flags relevant to this function
- Describe behaviour when shutdown hooks fail the reset
- Describe expected execution contexts
- Add FF copyright
- xref panic(9)
- xref this page in reboot(2)
Reviewed by: markj
Discussed with: rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39133
Mitchell Horne [Mon, 20 Mar 2023 19:54:11 +0000 (16:54 -0300)]
KASSERT(9): some updates
- Add a little bit of introductory text
- Improve the existing example: ANSI C, use a better assertion than a
NULL check (which is discouraged)
- Document the widely used MPASS macro in this page
- Drop the cross-reference to config(8)
Reviewed by: kib, markj, rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39131
Mitchell Horne [Mon, 20 Mar 2023 19:50:50 +0000 (16:50 -0300)]
critical(9): small updates
- Document CRITICAL_ASSERT() in this man page.
- Clarify that a thread may also handle interrupts in a critical
section, not only faults/exceptions.
- Note the negative effects of critical section abuse
- Some other minor clarifications
- Add short SEE ALSO
Reviewed by: kib, markj, rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39130
Kyle Evans [Mon, 20 Mar 2023 19:51:41 +0000 (14:51 -0500)]
pkill: tests: do a pass for case-sensitive conflicts
As in 76b6a59f9d30a5a39a5ed, encode upper-case flag tests with a leading
underbar to avoid collisions (thus, erroneously dirty git repos) on
case-sensitive filesystems.
Kyle Evans [Mon, 20 Mar 2023 19:19:35 +0000 (14:19 -0500)]
pkill: use an ARG_MAX size buffer for argument matching
Right now pkill/pgrep cut off at _POSIX2_LINE_MAX (2048), but argument
strings can be much larger (ARG_MAX is 256K/512K). Stop arbitrarily
cutting the search off at 2K, rather than documenting the limit.
Reviewed by: allanjude (earlier version), des
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38663
Mark Johnston [Mon, 20 Mar 2023 18:16:00 +0000 (14:16 -0400)]
kerneldump: Inline dump_savectx() into its callers
The callers of dump_savectx() (i.e., doadump() and livedump_start())
subsequently call dumpsys()/minidumpsys(), which dump the calling
thread's stack when writing the dump. If dump_savectx() gets its own
stack frame, that frame might be clobbered when its caller later calls
dumpsys()/minidumpsys(), making it difficult for debuggers to unwind the
stack.
Fix this by making dump_savectx() a macro, so that savectx() is always
called directly by the function which subsequently calls
dumpsys()/minidumpsys().
This fixes stack unwinding for the panicking thread from arm64
minidumps. The same happened to work on amd64, but kgdb reports the
dump_savectx() calls as coming from dumpsys(), so in that case it
appears to work by accident.
Fixes: c9114f9f86f9 ("Add new vnode dumper to support live minidumps")
Reviewed by: mhorne, jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39151
Daniel Kolesa [Mon, 20 Mar 2023 16:42:59 +0000 (17:42 +0100)]
sh(1): fix history file write checking
We cannot just compare histsizeval() against 0, since that returns
a string pointer, which is always non-zero (non-null). The logic
in sethistsize() initializes the history size to 100 with values
that are non-number, and an empty string counts as that. Therefore,
the only time we want to not write into history with HISTSIZE val
set is when it's explicitly 0.
Kristof Provost [Mon, 20 Mar 2023 13:29:55 +0000 (14:29 +0100)]
pfsync: fix pfsync_undefer_state() locking
pfsync_undefer_state() takes the bucket lock, but could get called from
places (e.g. from pfsync_update_state() or pfsync_delete_state()) where
we already held the lock.
As it can also be called from places where we don't yet hold the lock
create new locked variant for use when the lock is already held. Keep
using pfsync_undefer_state() where the lock must still be taken.
Kristof Provost [Mon, 20 Mar 2023 13:26:33 +0000 (14:26 +0100)]
pfsync: add missing unlock in pfsync_defer_tmo()
The callout for pfsync_defer_tmo() is created with
CALLOUT_RETURNUNLOCKED, because while the callout framework takes care
of taking the lock we want to run a few operations outside of the lock,
so we unlock ourselves.
However, if `sc->sc_sync_if == NULL` we return without releasing the
lock, and leak the lock, causing later deadlocks.
Ensure we always release the bucket lock when we exit pfsync_defer_tmo()