Decrease lock contention within the TCP accept case by removing
the INP_INFO lock from tcp_usr_accept. As the PR/patch states
this was following the advice already in the code.
See the PR below for a full discussion of this change and its
measured effects.
Fix problems in the FQ-PIE AQM cleanup code that could leak memory or
cause a crash.
Because dummynet calls pie_cleanup() while holding a mutex, pie_cleanup()
is not able to use callout_drain() to make sure that all callouts are
finished before it returns, and callout_stop() is not sufficient to make
that guarantee. After pie_cleanup() returns, dummynet will free a
structure that any remaining callouts will want to access.
Fix these problems by allocating a separate structure to contain the
data used by the callouts. In pie_cleanup(), call callout_reset_sbt()
to replace the normal callout with a cleanup callout that does the cleanup
work for each sub-queue. The instance of the cleanup callout that
destroys the last flow will also free the extra allocated block of memory.
Protect the reference count manipulation in the cleanup callout with
DN_BH_WLOCK() to be consistent with all of the other usage of the reference
count where this lock is held by the dummynet code.
Fix a copy/paste bug introduced during X86_64 Linuxulator work.
FreeBSD support NX bit on X86_64 processors out of the box, for i386 emulation
use READ_IMPLIES_EXEC flag, introduced in r302515.
While here move common part of mmap() and mprotect() code to the files in compat/linux
to reduce code dupcliation between Linuxulator's.
Implement Linux personality() system call mainly due to READ_IMPLIES_EXEC flag.
In Linux if this flag is set, PROT_READ implies PROT_EXEC for mmap().
Linux/i386 set this flag automatically if the binary requires executable stack.
READ_IMPLIES_EXEC flag will be used in the next Linux mmap() commit.
Updates to EC2 loader.conf:
* Use console=comconsole (r301732) since EC2 now has a "VGA" console;
* Enable blkif indirect segment I/O (r302288) since EC2 now consistently
gets better disk performance with this option enabled.
Support checksum offloading for TCP/IPV6 and UDP/IPV6.
Support SCTP checksum offloading for SCTP/IPV6.
Support SCTP checksum offloading on all controllers except 82575.
Don't check the area that the host has not filled.
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209443
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210425
Submitted by: Hongjiang Zhang <honzhan microsoft com>
Reviewed by: sephe, Dexuan Cui <decui microsoft com>
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D6955
302605
hyperv/stor: Save the response status and xfer length properly.
The current command response handling discards status and xfer
length unconditionally, so that all of the commands would be
considered successful, even if errors happened. When errors
really happens, this causes all kinds of wiredness, since the
buffer will not be filled on the host side and sense data will
be ignored.
Most of the time, errors do not happen, however, error does
happen for the request sent immediately after the disk resizing.
Discarding the SCSI status (SCSI_STATUS_CHECK_COND) and sense
data (capacity changes) prevents the disk resizing from working
properly.
This commit saves the response status and xfer length properly
for later use.
Submitted by: Dexuan Cui <decui microsoft com>
Noticed by: sephe
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D7181
This library uses macros to define fprintf behvavior for several object
types The compiler will see the non-string literal arguments to the fprintf
calls and omit warnings for them. Quiese these warnings in contrib code:
cddl/contrib/opensolaris/lib/libnvpair/libnvpair.c:743:12: warning: format
string is not a string literal (potentially insecure) [-Wformat-security]
ARENDER(pctl, nvlist_array, nvl, name, val, nelem);
cddl/lib/libavl/Makefile
cddl/lib/libctf/Makefile
cddl/lib/libnvpair/Makefile
cddl/lib/libumem/Makefile
cddl/lib/libuutil/Makefile
Increase WARNS to the highest working level for each of these
libraries
Add the ability to print out the module specific information in likely formats.
Among other things this gives us the ability to find out the syscall number of a dynamically loaded syscall that has a dynamicly allocated vector number.
MFC r302402: Fix ahci(4) driver attach to controller with 32 ports.
Incorrect sign expansion in variables that supposed to be a bit fields
caused infinite loop. Fixing this allows system properly detect maximal
possible 32 devices configured on AHCI HBA of BHyVe. That case did not
happen in a wild before due to lack of hardware AHCI HBAs with 32 ports.
- Remove -Wunused-but-set-variable (newcpu)
- Always return VMEXIT_CONTINUE as the code always set retval to that value.
r302363:
Fix gcc warnings
Put cfl/prdt under AHCI_DEBUG #defines as they are only used in
those cases.
r302364:
Fix gcc warnings
Add `WRAPPED_CTASSERT` macro by annotating CTASSERTs with __unused
to deal with -Wunused-local-typedefs warnings from gcc 4.8+.
All other compilers (clang, etc) use CTASSERT as-is. A more generic
solution for this issue will be proposed after ^/stable/11 is forked.
Consolidate all CTASSERTs under one block instead of inlining them in
functions.
r302365:
Fix gcc warnings
Remove -Wunused-but-set-variable (`error`). Cast calls with
`(void)` to note that the return value is explicitly ignored.
r302373:
Fix CTASSERT issue in a more clean way
- Replace all CTASSERT macro instances with static_assert's.
- Remove the WRAPPED_CTASSERT macro; it's now an unnecessary obfuscation.
- Localize all static_assert's to the structures being tested.
- Sort some headers per-style(9).
Skip lastcomm and sa tests on unsupported architectures
usr.bin/lastcom/tests/Makefile
usr.sbin/sa/tests/Makefile
Set allow_architectures appropriately. These tests depend on
golden files that must be generated for each architecture, and
haven't yet been generated for all of them.
Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.
etc/defaults/periodic.conf
Explicitly set defaults for security_show_{success,info,badconfig}
usr.sbin/periodic/periodic.sh
Update usage string
usr.sbin/periodic/periodic.8
Minor man page updates
One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.
Output the diffs to standard error when comparing the expected vs the
obtained output from lastcomm instead of just printing out a summary, e.g.
"they differed".
This will make failures with results more apparent when running kyua debug,
kyua report-html, etc.
MFC r302306:
Fix detection of USB device disconnects in USB host mode when the USB
device is connected directly to the USB port of the DWC OTG, in this
case a RPI-zero.
Allow - in distribution names. This is needed for freebsd-update to work
with 11.0+, where the debugging symbols use a new naming scheme for release
distribution files.
Similar to r300836, cl and ct will always be non-NULL as they're allocated
using the mem_alloc routines, which always use `malloc(..., M_WAITOK)`.
Deobfuscating the cleanup path fixes a leak where if cl was NULL and
ct was not, ct would not be free'd, and also removes a duplicate test for
cl not being NULL.
Sync libarchive with vendor, bugfixes for tests:
- fix tests on filesystems without birthtime support, e.g. UFS1 (1)
- vendor issue #729: avoid use of C99 for-scope declarations in
test_write_format_gnutar_filenames.c
Fix a race condition between the main thread in aqm_pie_cleanup() and the
callout thread that can cause a kernel panic. Always do the final cleanup
in the callout thread by passing a separate callout function for that task
to callout_reset_sbt().
Protect the ref_count decrement in the callout with DN_BH_WLOCK(). All
other ref_count manipulation is protected with this lock.
There is still a tiny window between ref_count reaching zero and the end
of the callout function where it is unsafe to unload the module. Fixing
this would require the use of callout_drain(), but this can't be done
because dummynet holds a mutex and callout_drain() might sleep.
Remove the callout_pending(), callout_active(), and callout_deactivate()
calls from calculate_drop_prob(). They are not needed because this callout
uses callout_init_mtx().
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
Add "camcontrol reprobe" subcommand, and implement it for da(4).
This makes it possible to manually force updating capacity data
after the disk got resized. Without it it might be neccessary to
reboot before FreeBSD notices updated disk size under eg VMWare.
mm [Thu, 30 Jun 2016 12:44:15 +0000 (12:44 +0000)]
MFC r302075:
Update libarchive to 3.2.1 (bugfix and security fix release)
List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
(vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
(vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
(vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes
Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader
hselasky [Wed, 29 Jun 2016 10:43:31 +0000 (10:43 +0000)]
MFC r301842:
Implement code to stop all USB endpoints before executing a USB device
reset command, alternate setting command or set configuration
command. Else LibUSB v1.0 will not re-open the endpoints which the
kernel closes and the USB application might wait infinitely for
transfers to complete.
hselasky [Wed, 29 Jun 2016 10:33:11 +0000 (10:33 +0000)]
MFC r301545:
Add SR-IOV guest support to the mlx5en driver.
This patch adds the missing pieces needed for device setup using the
mlx5en driver inside a virtual machine which is providing hardware
access through SR-IOV.
hselasky [Wed, 29 Jun 2016 10:21:45 +0000 (10:21 +0000)]
MFC r302076:
Update the definition for number of scratch pages to match the latest
version of the XHCI specification. Make sure the code can handle the
maximum number of allowed scratch pages.
dchagin [Wed, 29 Jun 2016 06:04:45 +0000 (06:04 +0000)]
MFC r302213:
Fix a bug introduced in r283433.
[1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
argument is used to record result (the source address of the received message) only.
[2] In Linux the type of msg_namelen member of struct msghdr is signed but native
msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
from userspace and than check the user supplied value and return EINVAL if it is less
than 0 as a Linux do.
Reported by: Thomas Mueller <tmueller at sysgo dot com> [1]
Tested by: Thomas Mueller <tmueller at sysgo dot com> [both]
Reviewed by: kib@
bdrewery [Mon, 27 Jun 2016 22:21:29 +0000 (22:21 +0000)]
MFC r300809,r300890,r300891:
r300809:
filemon exec: Use imgp->execpath rather than vn_fullpath(9).
r300890:
exec: Cease tracing if credentials will change with the new image.
r300891:
Write to the log using the tracer's credentials.
bdrewery [Mon, 27 Jun 2016 22:12:11 +0000 (22:12 +0000)]
MFC r300792,r300851,r301580:
r300792:
exec: Add credential change information into imgp for process_exec hook.
r300851:
exec: get rid of one vnode lock/unlock pair in do_execve
r301580:
Old process credentials for setuid execve must not be dereferenced when the
process credentials were not changed. This can happen if an error occured
trying to activate the setuid binary. And on error, if new credentials
were not yet assigned, they must be freed to not create the leak.
pfg [Mon, 27 Jun 2016 20:54:02 +0000 (20:54 +0000)]
sed(1): convert sed to use REG_STARTEND more explicitly.
Summarizing the findings in the OpenBSD list:
This solves a reproduceable issue with very recent Mesa where REG_NOTBOL
combined with a match at the begin of the string causes our regex library
to treat the word as not begin of word.
Bump __FreeBSD_version: JIC we hit the issue in recent Mesa ports.
PR: 209352, 209387 (exp-run)
Taken from: openbsd-tech (Martijn van Duren)
MFC after: 1 month