ian [Wed, 25 May 2016 19:44:26 +0000 (19:44 +0000)]
Include machine/acle-compat.h in cdefs.h on arm if the compiler doesn't
have ACLE support built in. The ACLE (ARM C Language Extensions) defines
a set of standardized symbols which indicate the architecture version and
features available. ACLE support is built in to modern compilers (both
clang and gcc), but absent from gcc prior to 4.4.
ARM (the company) provides the acle-compat.h header file to define the
right symbols for older versions of gcc. Basically, acle-compat.h does
for arm about the same thing cdefs.h does for freebsd: defines
standardized macros that work no matter which compiler you use. If ARM
hadn't provided this file we would have ended up with a big #ifdef __arm__
section in cdefs.h with our own compatibility shims.
Remove #include <machine/acle-compat.h> from the zillion other places (an
ever-growing list) that it appears. Since style(9) requires sys/types.h
or sys/param.h early in the include list, and both of those lead to
including cdefs.h, only a couple special cases still need to include
acle-compat.h directly.
kib [Wed, 25 May 2016 18:10:44 +0000 (18:10 +0000)]
Fix issues found by Coverity in the rtld-elf.c:gethints().
Check that the dirlist path string specification does not cause
overflow and is fully contained in the hints file.
Check that the dirlist string is nul-terminated.
Make 'hdr' static variable, so that hdr.dirlistlen is available when
hints cached value is used on next function calls. Reset hdr.dirlistlen
to zero if error was detected, so that allocations use reasonable size.
Use 'hints', and not 'p' in the body, since p is only initialized on the
first call.
Reported and reviewed by: truckman (previous version)
Sponsored by: The FreeBSD Foundation
CIDs: 1006503, 1006504, 1006676, 1008488, 1007263
MFC after: 2 weeks
truckman [Wed, 25 May 2016 15:49:29 +0000 (15:49 +0000)]
Fix a couple of Coverity Unintended sign extension sign extension
defects. When shifting an unsigned byte into the upper 8 bits of
an int and the resulting value is greater than 0x7FFFFFF, the result
will be sign extended when converting to a 64 bit unsigned long.
Fix by casting to (uint64_t) before the shift.
Reported by: Coverity
CID: 1356044, 1356045
Reviewed by: ken
truckman [Wed, 25 May 2016 15:43:01 +0000 (15:43 +0000)]
Fix a couple of new instances of a false positive Coverity buffer
overflow defect. Use the new CCB_CLEAR_ALL_EXCEPT_HDR() macro
instead of the calling bzero() on the pointer to the header used
as an array and indexed by 1.
Don't leak a buffer after executing "goto restart_report" by
overwriting its pointer with the results of another calloc().
Be sure to clear the buffer before reusing it. (CID 1356042)
pfg [Wed, 25 May 2016 15:42:39 +0000 (15:42 +0000)]
sed: convert sed to use REG_STARTEND more explicitly.
Summarizing the findings in the OpenBSD list:
This solves a reproduceable issue with very recent Mesa where REG_NOTBOL
combined with a match at the begin of the string causes our regex library
to treat the word as not begin of word.
Thanks to Martijn van Duren and Ingo Schwarze for taking the time to
solve this in the least invasive way.
PR: 209352, 209387
Taken from: openbsd-tech (Martijn van Duren)
MFC after: 1 month
pfg [Wed, 25 May 2016 15:35:23 +0000 (15:35 +0000)]
libc: regexec(3) adjustment.
Change the behavior of when REG_STARTEND is combined with REG_NOTBOL.
From the original posting[1]:
"Enable the assumption that pmatch[0].rm_so is a continuation offset
to a string and allows us to do a proper assessment of the character
in regards to it's word position ('^' or '\<'), without risking going
into unallocated memory."
This change makes us similar to how glibc handles REG_STARTEND |
REG_NOTBOL, and is closely related to a soon-to-land fix to sed.
Special thanks to Martijn van Duren and Ingo Schwarze for working
out some consistent behaviour.
Differential Revision: https://reviews.freebsd.org/D6257
Taken from: openbsd-tech 2016-05-24 [1] (Martijn van Duren)
Relnotes: yes
MFC after: 1 month
hselasky [Wed, 25 May 2016 12:03:21 +0000 (12:03 +0000)]
Prepare for activation of LinuxKPI module parameters as read-only
tunable SYSCTL's. Linux module parameters are associated with the
module they belong to. FreeBSD does not share this concept of a parent
module. Instead add macros which define the prefix to use for the
module parameters in the LinuxKPI consumers.
While at it convert all "bool" LinuxKPI module parameters to "byte"
type, because we don't have a "bool" type of SYSCTL in FreeBSD.
hselasky [Wed, 25 May 2016 09:04:06 +0000 (09:04 +0000)]
Add checks for SCHEDULER_STOPPED() so that code using the LinuxKPI can
run after a panic(). This for example allows a LinuxKPI based graphics
stack to receive prints during a panic.
ed [Wed, 25 May 2016 08:45:03 +0000 (08:45 +0000)]
Make code compile when basename() is POSIX compliant.
The POSIX basename() function is allowed to modify its input buffer,
which means its argument is "char *". Pull a copy of the input string
before computing the base.
hselasky [Wed, 25 May 2016 07:48:36 +0000 (07:48 +0000)]
Check for signals when locking the USB enumeration thread from
userspace, so that USB applications can be killed if an enumeration
thread should be stuck for various reasons.
sgalabov [Wed, 25 May 2016 06:47:28 +0000 (06:47 +0000)]
Build etherswitch support for appropriate Ralink/Mediatek SoCs
Etherswitch support is built by default on all SoCs except RT3662/RT3883
as they have no built-in switch and their configurations with external
switches are not yet supported.
sgalabov [Wed, 25 May 2016 06:29:23 +0000 (06:29 +0000)]
Align radiotap structures in ral(4)
Currently all radiotap structures in ral(4) are packed, but are not
aligned, which causes ral based devices to crash when one does
'ifconfig wlan0 up' for a wlan interface with a ral wlandev on arches
that care about structure alignment (e.g., MIPS).
Adding an aligned attribute helps fix this problem and ral devices
can be properly brought up.
Reviewed by: adrian
Sponsored by: Smartcom - Bulgaria AD
There is no need to to call strdup() on the value returned by fmt().
The latter calls fmt_argv() which always returns a dynamically
allocated string, and calling strdup() on that leaks the memory
allocated by fmt_argv(). Wave some const magic on ki_args and
ki_env to make the direct assignment happy. This requires a tweak
to the asprintf() case to avoid a const vs. non-const mismatch.
ken [Wed, 25 May 2016 01:37:39 +0000 (01:37 +0000)]
Fix a few ada(4) driver issues:
o Some Samsung drives do not support the ATA READ LOG EXT or READ
LOG DMA EXT commands, despite indicating that they do in their
IDENTIFY data. So, fix this in two ways:
1. Only start the log directory probe (ADA_STATE_LOGDIR) if
the drive claims to be an SMR drive in the first place.
We don't need to do the extra probing for other devices.
This will also serve to prevent problems with other
drives that have the same issue.
2. Add quirks for the two Samsung drives that have been
reported so far (thanks to Oleg Nauman and Alex Petrov).
If there is a reason to do a Read Log later on, we will
know that it doesn't work on these drives.
o Add a quirk entry to mark Seagate Lamarr Drive Managed drives as
drive managed. They don't report this in their Identify data.
sys/cam/ata/ata_da.c:
Add two new quirks:
1. ADA_Q_LOG_BROKEN, for drives that claim to support Read
Log but don't really.
2. ADA_Q_SMR_DM, for drives that are Drive Managed SMR, but
don't report it. This can matter for software that
wants to know when it should make an extra effort to
write sequentially.
Record two Samsung drives that don't support Read Log, and
one Seagate drive that doesn't report that it is a SMR drive.
The Seagate drive is already recorded in the da(4) driver.
We may have to come up with a similar solution in the da(4)
driver for SATA drives that don't properly support Read Log.
In adasetflags(), Dont' set the ADA_FLAG_CAN_LOG bit if the
device has the LOG_BROKEN quirk set. Also, look at the
SMR_DM quirk and set the device type accordingly if it is
actually a drive managed drive.
When deciding whether to go into the LOGDIR probe state,
look to see whether the device claims to be an SMR device.
If not, don't bother with the LOGDIR probe state.
truckman [Wed, 25 May 2016 01:37:25 +0000 (01:37 +0000)]
Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free
At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544). It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails. It looks
like other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is encountered.
Fix these problems by not storing NULL in the array when utoa()
fails, and by freeing ret and returning NULL if nothing is stored
in the array. That way the caller will never see the
ldap_attrs[0] == NULL case, so delete that check.
The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure. When each of its callers
detects failure, they do a goto fail, which then calls ber_free_elements()
with the same pointer (CID 1340543). Fix is to delete the
ber_free_elements() from ber_printf_element()
jhibbits [Wed, 25 May 2016 01:23:19 +0000 (01:23 +0000)]
Set the TLB caching properties for portals at attach time.
This was found while reworking the device tree nodes for dtsec to match the
Linux device tree. Instead of waiting and expecting later code to call
dpaa_portal_map_registers(), do the equivalent immediately upon mapping.
Otherwise, it's possible to access the pages before that function is called, and
hang the CPU.
truckman [Tue, 24 May 2016 23:41:36 +0000 (23:41 +0000)]
Fix acpidb CIDs 1011279 (Buffer not null terminated) and 978405 and 1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
truckman [Tue, 24 May 2016 23:36:43 +0000 (23:36 +0000)]
Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
adrian [Tue, 24 May 2016 21:20:17 +0000 (21:20 +0000)]
[bhnd] Normalize bhnd(4) device matching API
This unifies handling of core, chip, and board-level device
matching, and adds support for matching device drivers
against the bus attach type (e.g. SoC vs WiFi adapter).
Core-level quirks on Broadcom's chipsets generally are specific
to some combination of chip model, core revision, chip
package (e.g. 12x9 SMT package), SROM revision, etc.
Unifying the match APIs for all three attribute types (core, chip,
board/srom) allows defining a single device quirk table that
matches across all of those attributes.
jhb [Tue, 24 May 2016 21:09:05 +0000 (21:09 +0000)]
Return the correct status when a partially completed request is cancelled.
After the previous changes to fix requests on blocking sockets to complete
across multiple operations, an edge case exists where a request can be
cancelled after it has partially completed. POSIX doesn't appear to
dictate exactly how to handle this case, but in general I feel that
aio_cancel() should arrange to cancel any request it can, but that any
partially completed requests should return a partial completion rather
than ECANCELED. To that end, fix the socket AIO cancellation routine to
return a short read/write if a partially completed request is cancelled
rather than ECANCELED.
ngie [Tue, 24 May 2016 20:06:41 +0000 (20:06 +0000)]
Remove unnecessary memset(.., 0, ..)'s
The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO)
under the covers, so zeroing out memory is already handled by the underlying
calls
ngie [Tue, 24 May 2016 18:44:50 +0000 (18:44 +0000)]
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
br [Tue, 24 May 2016 13:59:13 +0000 (13:59 +0000)]
Store the original value of stack pointer to the exception frame
(the value we had before supervisor exception occurred).
This helps consumers (e.g. DTrace) to not proceed additional calculations.
sbruno [Tue, 24 May 2016 13:57:23 +0000 (13:57 +0000)]
Reject ioctl commands for FLSHGCHR and FLSHPCHR if the size is greater
than sc->areq. This is a bounds check to ensure we're not just cramming
arbitrarily sized nonsense into the driver and overflowing the heap.
andrew [Tue, 24 May 2016 12:06:56 +0000 (12:06 +0000)]
Limit calling pmc_hook to when the interrupt comes while running userspace.
We may enable interrupts from within the callback, e.g. in a data abort
during copyin. If we receive an interrupt at that time pmc_hook will be
called again and, as it is handling userspace stack tracing, will hit a
KASSERT as it checks if the trapframe is from userland.
With this I can run hwpmc with intrng on a ThunderX and have it trace all
CPUs.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
tuexen [Tue, 24 May 2016 11:47:14 +0000 (11:47 +0000)]
Allow an MTU of 65535 bytes to be set via TUN[SG]IFINFO. This requires
changing the type on the mtu field in struct tuninfo from short to
unsigned short.
This is used, for example, by packetdrill to test with MTUs up to the
maximum value.
kib [Tue, 24 May 2016 10:21:39 +0000 (10:21 +0000)]
In vm_page_alloc_contig(), on vm_page_insert() failure, mark each
freed page as VPO_UNMANAGED. Otherwise vm_pge_free_toq() insists on
owning the page lock.
Previously, VPO_UNMANAGED was only set up to the last processed page.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
kib [Tue, 24 May 2016 10:16:03 +0000 (10:16 +0000)]
Remove Giant around allocation of the swap pager with non-NULL handle.
Existing issue of not protecting pager_object_list iteration in
vm_pager_object_lookup() by sw_alloc_mtx is not affected by Giant
removal.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
truckman [Tue, 24 May 2016 05:02:24 +0000 (05:02 +0000)]
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
adrian [Tue, 24 May 2016 04:58:58 +0000 (04:58 +0000)]
[bwn] begin separating out the attach path from the SIBA specific bits.
* convert phy_getinfo() to take a "gmode" flag, rather than the siba
TGSHIGH flags and then check for 2GHz. This should ensure that
gmode is set correctly even on DUALPHY NICs.
* move the siba_powerup() call and the TGSHIGH decoding into a
call to bwn_is_bus_siba(), and return an error if it's called
on anything else. We don't yet do anything else, but when we do..
adrian [Tue, 24 May 2016 04:55:00 +0000 (04:55 +0000)]
[bwn] add BCM43225 to the BHND device list.
This is all for the bhnd(4) work in progress. It's enough to probe/attach
all the bhnd internals, but we're missing OTP support and some cleanup
code. And, well, all the rest of the bhnd(4) migration.
So no, this won't give you BCM43225 support. Sorry!