Prepare for activation of LinuxKPI module parameters as read-only
tunable SYSCTL's. Linux module parameters are associated with the
module they belong to. FreeBSD does not share this concept of a parent
module. Instead add macros which define the prefix to use for the
module parameters in the LinuxKPI consumers.
While at it convert all "bool" LinuxKPI module parameters to "byte"
type, because we don't have a "bool" type of SYSCTL in FreeBSD.
Add checks for SCHEDULER_STOPPED() so that code using the LinuxKPI can
run after a panic(). This for example allows a LinuxKPI based graphics
stack to receive prints during a panic.
Ed Schouten [Wed, 25 May 2016 08:45:03 +0000 (08:45 +0000)]
Make code compile when basename() is POSIX compliant.
The POSIX basename() function is allowed to modify its input buffer,
which means its argument is "char *". Pull a copy of the input string
before computing the base.
Check for signals when locking the USB enumeration thread from
userspace, so that USB applications can be killed if an enumeration
thread should be stuck for various reasons.
Build etherswitch support for appropriate Ralink/Mediatek SoCs
Etherswitch support is built by default on all SoCs except RT3662/RT3883
as they have no built-in switch and their configurations with external
switches are not yet supported.
Currently all radiotap structures in ral(4) are packed, but are not
aligned, which causes ral based devices to crash when one does
'ifconfig wlan0 up' for a wlan interface with a ral wlandev on arches
that care about structure alignment (e.g., MIPS).
Adding an aligned attribute helps fix this problem and ral devices
can be properly brought up.
Reviewed by: adrian
Sponsored by: Smartcom - Bulgaria AD
There is no need to to call strdup() on the value returned by fmt().
The latter calls fmt_argv() which always returns a dynamically
allocated string, and calling strdup() on that leaks the memory
allocated by fmt_argv(). Wave some const magic on ki_args and
ki_env to make the direct assignment happy. This requires a tweak
to the asprintf() case to avoid a const vs. non-const mismatch.
Kenneth D. Merry [Wed, 25 May 2016 01:37:39 +0000 (01:37 +0000)]
Fix a few ada(4) driver issues:
o Some Samsung drives do not support the ATA READ LOG EXT or READ
LOG DMA EXT commands, despite indicating that they do in their
IDENTIFY data. So, fix this in two ways:
1. Only start the log directory probe (ADA_STATE_LOGDIR) if
the drive claims to be an SMR drive in the first place.
We don't need to do the extra probing for other devices.
This will also serve to prevent problems with other
drives that have the same issue.
2. Add quirks for the two Samsung drives that have been
reported so far (thanks to Oleg Nauman and Alex Petrov).
If there is a reason to do a Read Log later on, we will
know that it doesn't work on these drives.
o Add a quirk entry to mark Seagate Lamarr Drive Managed drives as
drive managed. They don't report this in their Identify data.
sys/cam/ata/ata_da.c:
Add two new quirks:
1. ADA_Q_LOG_BROKEN, for drives that claim to support Read
Log but don't really.
2. ADA_Q_SMR_DM, for drives that are Drive Managed SMR, but
don't report it. This can matter for software that
wants to know when it should make an extra effort to
write sequentially.
Record two Samsung drives that don't support Read Log, and
one Seagate drive that doesn't report that it is a SMR drive.
The Seagate drive is already recorded in the da(4) driver.
We may have to come up with a similar solution in the da(4)
driver for SATA drives that don't properly support Read Log.
In adasetflags(), Dont' set the ADA_FLAG_CAN_LOG bit if the
device has the LOG_BROKEN quirk set. Also, look at the
SMR_DM quirk and set the device type accordingly if it is
actually a drive managed drive.
When deciding whether to go into the LOGDIR probe state,
look to see whether the device claims to be an SMR device.
If not, don't bother with the LOGDIR probe state.
Don Lewis [Wed, 25 May 2016 01:37:25 +0000 (01:37 +0000)]
Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free
At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544). It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails. It looks
like other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is encountered.
Fix these problems by not storing NULL in the array when utoa()
fails, and by freeing ret and returning NULL if nothing is stored
in the array. That way the caller will never see the
ldap_attrs[0] == NULL case, so delete that check.
The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure. When each of its callers
detects failure, they do a goto fail, which then calls ber_free_elements()
with the same pointer (CID 1340543). Fix is to delete the
ber_free_elements() from ber_printf_element()
Justin Hibbits [Wed, 25 May 2016 01:23:19 +0000 (01:23 +0000)]
Set the TLB caching properties for portals at attach time.
This was found while reworking the device tree nodes for dtsec to match the
Linux device tree. Instead of waiting and expecting later code to call
dpaa_portal_map_registers(), do the equivalent immediately upon mapping.
Otherwise, it's possible to access the pages before that function is called, and
hang the CPU.
Don Lewis [Tue, 24 May 2016 23:41:36 +0000 (23:41 +0000)]
Fix acpidb CIDs 1011279 (Buffer not null terminated) and 978405 and 1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
Don Lewis [Tue, 24 May 2016 23:36:43 +0000 (23:36 +0000)]
Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
Adrian Chadd [Tue, 24 May 2016 21:20:17 +0000 (21:20 +0000)]
[bhnd] Normalize bhnd(4) device matching API
This unifies handling of core, chip, and board-level device
matching, and adds support for matching device drivers
against the bus attach type (e.g. SoC vs WiFi adapter).
Core-level quirks on Broadcom's chipsets generally are specific
to some combination of chip model, core revision, chip
package (e.g. 12x9 SMT package), SROM revision, etc.
Unifying the match APIs for all three attribute types (core, chip,
board/srom) allows defining a single device quirk table that
matches across all of those attributes.
John Baldwin [Tue, 24 May 2016 21:09:05 +0000 (21:09 +0000)]
Return the correct status when a partially completed request is cancelled.
After the previous changes to fix requests on blocking sockets to complete
across multiple operations, an edge case exists where a request can be
cancelled after it has partially completed. POSIX doesn't appear to
dictate exactly how to handle this case, but in general I feel that
aio_cancel() should arrange to cancel any request it can, but that any
partially completed requests should return a partial completion rather
than ECANCELED. To that end, fix the socket AIO cancellation routine to
return a short read/write if a partially completed request is cancelled
rather than ECANCELED.
Enji Cooper [Tue, 24 May 2016 20:06:41 +0000 (20:06 +0000)]
Remove unnecessary memset(.., 0, ..)'s
The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO)
under the covers, so zeroing out memory is already handled by the underlying
calls
Enji Cooper [Tue, 24 May 2016 18:44:50 +0000 (18:44 +0000)]
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
Ruslan Bukin [Tue, 24 May 2016 13:59:13 +0000 (13:59 +0000)]
Store the original value of stack pointer to the exception frame
(the value we had before supervisor exception occurred).
This helps consumers (e.g. DTrace) to not proceed additional calculations.
Sean Bruno [Tue, 24 May 2016 13:57:23 +0000 (13:57 +0000)]
Reject ioctl commands for FLSHGCHR and FLSHPCHR if the size is greater
than sc->areq. This is a bounds check to ensure we're not just cramming
arbitrarily sized nonsense into the driver and overflowing the heap.
Andrew Turner [Tue, 24 May 2016 12:06:56 +0000 (12:06 +0000)]
Limit calling pmc_hook to when the interrupt comes while running userspace.
We may enable interrupts from within the callback, e.g. in a data abort
during copyin. If we receive an interrupt at that time pmc_hook will be
called again and, as it is handling userspace stack tracing, will hit a
KASSERT as it checks if the trapframe is from userland.
With this I can run hwpmc with intrng on a ThunderX and have it trace all
CPUs.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
Michael Tuexen [Tue, 24 May 2016 11:47:14 +0000 (11:47 +0000)]
Allow an MTU of 65535 bytes to be set via TUN[SG]IFINFO. This requires
changing the type on the mtu field in struct tuninfo from short to
unsigned short.
This is used, for example, by packetdrill to test with MTUs up to the
maximum value.
In vm_page_alloc_contig(), on vm_page_insert() failure, mark each
freed page as VPO_UNMANAGED. Otherwise vm_pge_free_toq() insists on
owning the page lock.
Previously, VPO_UNMANAGED was only set up to the last processed page.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Remove Giant around allocation of the swap pager with non-NULL handle.
Existing issue of not protecting pager_object_list iteration in
vm_pager_object_lookup() by sw_alloc_mtx is not affected by Giant
removal.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
Don Lewis [Tue, 24 May 2016 05:02:24 +0000 (05:02 +0000)]
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Adrian Chadd [Tue, 24 May 2016 04:58:58 +0000 (04:58 +0000)]
[bwn] begin separating out the attach path from the SIBA specific bits.
* convert phy_getinfo() to take a "gmode" flag, rather than the siba
TGSHIGH flags and then check for 2GHz. This should ensure that
gmode is set correctly even on DUALPHY NICs.
* move the siba_powerup() call and the TGSHIGH decoding into a
call to bwn_is_bus_siba(), and return an error if it's called
on anything else. We don't yet do anything else, but when we do..
Adrian Chadd [Tue, 24 May 2016 04:55:00 +0000 (04:55 +0000)]
[bwn] add BCM43225 to the BHND device list.
This is all for the bhnd(4) work in progress. It's enough to probe/attach
all the bhnd internals, but we're missing OTP support and some cleanup
code. And, well, all the rest of the bhnd(4) migration.
So no, this won't give you BCM43225 support. Sorry!
John Baldwin [Tue, 24 May 2016 03:13:27 +0000 (03:13 +0000)]
Don't prematurely return short completions on blocking sockets.
Always requeue an AIO job at the head of the socket buffer's queue if
sosend() or soreceive() returns EWOULDBLOCK on a blocking socket.
Previously, requests were only requeued if they returned EWOULDBLOCK
and completed no data. Now after a partial completion on a blocking
socket the request is queued and the remaining request is retried when
the socket is ready. This allows writes larger than the currently
available space on a blocking socket to fully complete. Reads on a
blocking socket that satifsy the low watermark can still return a short
read (same as read()).
In order to track previously completed data, the internal 'status'
field of the AIO job is used to store the amount of previously
computed data.
Non-blocking sockets continue to return short completions for both
reads and writes.
Add a test for a "large" AIO write on a blocking socket that writes
twice the socket buffer size to a UNIX domain socket.
Adrian Chadd [Tue, 24 May 2016 01:12:19 +0000 (01:12 +0000)]
[bhnd] Implement pass-through resource management for ChipCommon.
This patchset adds support to bhnd_chipc for sharing SYS_RES_MEMORY
resources with its children, allowing us to hang devices off of
bhnd_chipc that rely on access to a subset of the device register space
that bhnd_chipc itself must also allocate.
We could avoid most of this heavy lifting if RF_SHAREABLE+SYS_RES_MEMORY
wasn't limited to use with allocations at the same size/offset.
As a work-around, I implemented something similar to vga_pci.c, which
implements similar reference counting of of PCI BAR resources for its
children.
With these changes, chipc will use reference counting of SYS_RES_MEMORY
allocation/activation requests, to decide when to allocate/activate/
deactivate/release resources from the parent bhnd(4) bus.
The requesting child device is allocated a new resource from chipc's
rman, pointing to (possibly a subregion of) the refcounted bhnd resources
allocated by chipc.
Other resource types are just passed directly to the parent bhnd bus;
RF_SHAREABLE works just fine with IRQs.
I also lifted the SPROM device code out into a common driver, since this
now allows me to hang simple subclasses off of a common driver off of both
bhndb_pci and bhnd_chipc.
Tested:
* (landonf) Tested against BCM4331 and BCM4312, confirmed that SPROM still
attaches and can be queried.
Don Lewis [Tue, 24 May 2016 00:57:11 +0000 (00:57 +0000)]
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.