kevans [Mon, 29 Jan 2018 14:00:33 +0000 (14:00 +0000)]
libregex: Mark gnuext test as an expected fail
The test was added prematurely as a goal to reach with the GNU extension
functionality, but the functionality has not yet been introduced. Mark it as
an expected fail until that point.
emaste [Mon, 29 Jan 2018 13:55:50 +0000 (13:55 +0000)]
lld: Put the header in the first PT_LOAD even if that PT_LOAD has a LMAExpr
The root problem is that we were creating a PT_LOAD just for the header.
That was technically valid, but inconvenient: we should not be making
the ELF discontinuous.
The solution is to allow a section with LMAExpr to be added to a PT_LOAD
if that PT_LOAD doesn't already have a LMAExpr.
LLVM PR: 36017
Obtained from: LLVM r323625 by Rafael Espindola
emaste [Mon, 29 Jan 2018 13:54:51 +0000 (13:54 +0000)]
lld: Move LMAOffset from the OutputSection to the PhdrEntry. NFC.
If two sections are in the same PT_LOAD, their relatives offsets,
virtual address and physical addresses are all the same.
[Rafael] initially wanted to have a single global LMAOffset, on the
assumption that every ELF file was in practiced loaded contiguously in
both physical and virtual memory.
Unfortunately that is not the case. The linux kernel has:
The delta for all but the third PT_LOAD is the same:
0xffffffff80000000. [Rafael] thinks the 3rd one is a hack for implementing
per cpu data, but we can't break that.
ae [Mon, 29 Jan 2018 11:03:29 +0000 (11:03 +0000)]
Do not skip scope zone violation check, when mbuf has M_FASTFWD_OURS flag.
When mbuf has M_FASTFWD_OURS flag, this means that a destination address
is our local, but we still need to pass scope zone violation check,
because protocol level expects that IPv6 link-local addresses have
embedded scope zone indexes. This should fix the problem, when ipfw is
used to forward packets to local address and source address of a packet
is IPv6 LLA.
ae [Mon, 29 Jan 2018 10:33:55 +0000 (10:33 +0000)]
Assign IPv6 link-local address to loopback interfaces whith unit > 0.
When an interface has IFF_LOOPBACK flag in6_ifattach() tries to assing
IPv6 loopback address to this interface. It uses in6ifa_ifpwithaddr()
to check, that interface doesn't already have given address and then
uses in6_ifattach_loopback(). If in6_ifattach_loopback() fails, it just
exits and thus skips assignment of IPv6 LLA.
Fix this using in6ifa_ifwithaddr() function. If IPv6 loopback address is
already assigned in the system, do not call in6_ifattach_loopback().
wma [Mon, 29 Jan 2018 09:24:28 +0000 (09:24 +0000)]
loader: support for mixed-endianness ELF/loader and POWER8
On POWER8 with current petitpoot, the loader.kboot might be
run as little-endian application. The FreeBSD kernel is
always big-endian, so the load_elf_* routines must be aware
of proper endianness of all fields.
wma [Mon, 29 Jan 2018 09:15:38 +0000 (09:15 +0000)]
PPC64: use hwref instead of cpuid
On CHRP and PowerNV, use the interrupt server number in the cpuref and pcpu
hwref field instead of the device-tree phandle and make the CPU IDs reported
to the scheduler dense and with the BSP at 0.
wma [Mon, 29 Jan 2018 08:10:03 +0000 (08:10 +0000)]
PPC64: cleanup APs startup routines
Cleaning up AP startup routines. This is a mix of changes
required to make PowerNV running and to modify the code
to be more robust. Previously, some races were seen if more
than 90CPUs were online.
nwhitehorn [Mon, 29 Jan 2018 04:33:41 +0000 (04:33 +0000)]
Remove hard-coded trap-handling logic involving the segmented memory model
used with hashed page tables on AIM and place it into a new, modular pmap
function called pmap_decode_kernel_ptr(). This function is the inverse
of pmap_map_user_ptr(). With POWER9 radix tables, which mapping to use
becomes more complex than just AIM/BOOKE and it is best to have it in
the same place as pmap_map_user_ptr().
imp [Mon, 29 Jan 2018 00:14:39 +0000 (00:14 +0000)]
Create deprecation management functions.
gone_in(majar, msg); If we're running in FreeBSD major, tell
the user this code may be deleted soon.
If we're running in FreeBSD major - 1,
the the user is deprecated and will
be gone in major.
Otherwise say nothing.
gone_in_dev(dev, major, msg) Just like gone_in, except use device_printf.
New tunable / sysctl debug.oboslete_panic: 0 - don't panic,
1 - panic in major or newer , 2 - panic in major - 1 or newer
default: 0
if NO_OBSOLETE_CODE is defined, then both of these turn into compile
time errors when building for major. Add options NO_OBSOLETE_CODE to
kernel build system.
This lets us tag code that's going away so users know it will be gone,
as well as automatically manage things.
imp [Mon, 29 Jan 2018 00:00:52 +0000 (00:00 +0000)]
Use atomic load and stores to ensure that the compiler doesn't
optimize away these loops. Change boolean to int to match what atomic
API supplies. Remove wmb() since the atomic_store_rel() on status.done
ensure the prior writes to status. It also fixes the fact that there
wasn't a rmb() before reading done. This should also be more efficient
since wmb() is fairly heavy weight.
jhibbits [Sun, 28 Jan 2018 20:35:48 +0000 (20:35 +0000)]
Start building modules for QORIQ64
There's no reason not to build modules for 64-bit QorIQ devices. This
config has evolved to be analogous to the AIM GENERIC64 kernel, so will grow
to match it in more ways as well.
pfg [Sun, 28 Jan 2018 19:37:30 +0000 (19:37 +0000)]
Avoid implicit gcc nonnull attribute in vwarnx().
We removed the nonnull attributes from our headers long ago, but still
__printflike() includes it implicitly. This will cause the NULL check to
be optimized away in higher -O levels and it will also trigger a
-Wnonnull-compare warning.
jhibbits [Sun, 28 Jan 2018 19:18:40 +0000 (19:18 +0000)]
Consolidate trap instruction checks to a single function
Summary:
Rather than duplicating the checks for programmatic traps all over the code, put
it all in one function. This helps to remove some of the #ifdefs between AIM
and Book-E.
mmel [Sun, 28 Jan 2018 15:20:45 +0000 (15:20 +0000)]
diff --git a/sys/dev/extres/clk/clk.c b/sys/dev/extres/clk/clk.c
index c6a1f466ceb..c3708a0ce27 100644
--- a/sys/dev/extres/clk/clk.c
+++ b/sys/dev/extres/clk/clk.c
@@ -642,10 +642,11 @@ clknode_adjust_parent(struct clknode *clknode, int idx)
if (clknode->parent_cnt == 0)
return;
if ((idx == CLKNODE_IDX_NONE) || (idx >= clknode->parent_cnt))
- panic("Invalid clock parent index\n");
+ panic("%s: Invalid parent index %d for clock %s",
+ __func__, idx, clknode->name);
if (clknode->parents[idx] == NULL)
- panic("%s: Attempt to set invalid parent %d for clock %s",
+ panic("%s: Invalid parent index %d for clock %s",
__func__, idx, clknode->name);
/* Remove me from old children list. */
@@ -674,8 +675,8 @@ clknode_init_parent_idx(struct clknode *clknode, int idx)
if ((idx == CLKNODE_IDX_NONE) ||
(idx >= clknode->parent_cnt) ||
(clknode->parent_names[idx] == NULL))
- panic("%s: Invalid clock parent index: %d\n", __func__, idx);
-
+ panic("%s: Invalid parent index %d for clock %s",
+ __func__, idx, clknode->name);
clknode->parent_idx = idx;
}
mmel [Sun, 28 Jan 2018 15:02:49 +0000 (15:02 +0000)]
Fix handling of I-cache sync operations
- pmap_enter_object() can be used for mapping of executable pages, so it's
necessary to handle I-cache synchronization within it.
- Fix race in I-cache synchronization in pmap_enter(). The current code firstly
maps given page to target VA and then do I-cache sync on it. This causes
race, because this mapping become visible to other threads, before I-cache
is synced.
Do sync I-cache firstly (by using DMAP VA) and then map it to target VA.
- ARM64 ARM permits implementation of aliased (AIVIVT, VIPT) I-cache, but we
can use different that final VA for flushing it. So we should use full
I-cache flush on affected platforms. For now, and as temporary solution,
use full flush always.
imp [Sun, 28 Jan 2018 05:13:08 +0000 (05:13 +0000)]
Avoid using \$. It's an unknown escape sequence. Some awks warn about
that. Instead, simply remove the sequence entirely because we never
commit the generated files.
The warning is bogus: GCC8 only looks at the size of the destination.
We shouldn't be fixing imaginary problems, so perhaps its better to deal
with this later on by disabling such warnings.
kevans [Sun, 28 Jan 2018 03:07:22 +0000 (03:07 +0000)]
stand/fdt: Check /compatible property on overlay if it exists
Example overlays seen in other places use a compatible property on root node
of an overlay to specify SOC compatibility. These don't get merged into base
FDT as they're not part of a fragment, but it's expected that consumers of
the overlay may want to check it.
If /compatible on the overlay is missing, just apply it. This is the "I know
what I'm doing" mode for those wanting to whip up a quick overlay and apply
it. An overlay intended for distribution should include /compatible so as
not to break a user's system.
If /compatible on the overlay exists, honor it and cross-check it with
/compatible on the base FDT. If /compatible on the base FDT is missing in
this case, don't apply the overlay rather than risk breaking the system.
Move the COPYOUT of overlay material to before we allocate space for
next_fdtp so that we can avoid the allocation and copy into next_fdtp if we
already know that the overlay can't apply.
This gives way to the possibility of autoloading overlays found in
/boot/overlays, since this provides a means of filtering out overlays not
applicable to the current board.
kevans [Sun, 28 Jan 2018 01:22:15 +0000 (01:22 +0000)]
stand/fdt: Consolidate overlay handling a little further
This should have been done as part of r327350, but due to lack of foresight
it came later. In the different places we apply overlays, we duplicate the
bits that check for fdt_overlays in the environment and supplement that with
any other places we need to check for overlays to load. These "other places"
will be loader specific and are not candidates for consolidation.
Provide an fdt_load_dtb_overlays to capture the common logic, allow passing
in an additional list of overlays to be loaded. This additional list of
overlays is used in practice for ubldr to pull in any fdt_overlays passed to
it from U-Boot environment, but it can be used for any other source of
overlays.
These additional overlays supplement loader.conf(5) fdt_overlays, rather
than replace, so that we're not restricted to specifying overlays in only
one place. This is a change from previous behavior where loader.conf(5)
supplied fdt_overlays would cause us to ignore U-Boot environment, and this
seems nonsensical- user should have sufficient control over both of these
aspects, or lack of control for good reasons.
A knob could be considered in the future to ignore U-Boot supplied overlays,
but the supplemental treatment seems like a good start.
jah [Sat, 27 Jan 2018 20:13:36 +0000 (20:13 +0000)]
Remove system makefile path directives from env passed to PORTS_MODULES step
Previously, MAKESYSPATH as well as '-m' directives in MAKEFLAGS would cause
any port rebuilt during the PORTS_MODULES stage to consume system makefiles
from $(SRCROOT)/share/mk instead of those installed under /usr/share/mk.
For kernel modules that need to build against an updated src tree this
makes sense; less so for <bsd.port.mk> or any userspace library or utility
the port may also happen to install.
Before 11.0, this probably didn't matter much in practice. But the addition
of src.libnames.mk under $(SRCROOT)/share/mk in 11.0 breaks any consumer of
bsd.prog.mk and DPADD/LDADD during PORTS_MODULES.
Address the build breakage by removing MAKESYSPATH and any occurrence of
'-m' from MAKEFLAGS in the environment created for the port build.
Instead set SYSDIR so that any kmod built by the port will still consume
conf/kmod.mk from the updated src tree, assuming it uses <bsd.kmod.mk>
tuexen [Sat, 27 Jan 2018 19:23:42 +0000 (19:23 +0000)]
When using SCTP for sending probe packets, use INIT chunks for payloads
larger than or equal to 32 bytes. For smaller probe packets, keep using
SHUTDOWN-ACK chunks, possibly bundled with a PAD chunk.
Packets with INIT chunks more likely pass through firewalls. Therefore,
use them when possible.
pfg [Sat, 27 Jan 2018 15:33:52 +0000 (15:33 +0000)]
{ext2|ufs}_readdir: Set limit on valid ncookies values.
Sanitize the values that will be assigned to ncookies so that we ensure
they are sane and we can handle them.
Let ncookies signed as it was before r328346. The valid range is such
that unsigned values are not required and we are not able to avoid at
least one cast anyways.
kib [Sat, 27 Jan 2018 11:49:37 +0000 (11:49 +0000)]
Use PCID to optimize PTI.
Use PCID to avoid complete TLB shootdown when switching between user
and kernel mode with PTI enabled.
I use the model close to what I read about KAISER, user-mode PCID has
1:1 correspondence to the kernel-mode PCID, by setting bit 11 in PCID.
Full kernel-mode TLB shootdown is performed on context switches, since
KVA TLB invalidation only works in the current pmap. User-mode part of
TLB is flushed on the pmap activations as well.
Similarly, IPI TLB shootdowns must handle both kernel and user address
spaces for each address. Note that machines which implement PCID but
do not have INVPCID instructions, cause the usual complications in the
IPI handlers, due to the need to switch to the target PCID temporary.
This is racy, but because for PCID/no-INVPCID we disable the
interrupts in pmap_activate_sw(), IPI handler cannot see inconsistent
state of CPU PCID vs PCPU pmap/kcr3/ucr3 pointers.
On the other hand, on kernel/user switches, CR3_PCID_SAVE bit is set
and we do not clear TLB.
I can imagine alternative use of PCID, where there is only one PCID
allocated for the kernel pmap. Then, there is no need to shootdown
kernel TLB entries on context switch. But copyout(3) would need to
either use method similar to proc_rwmem() to access the userspace
data, or (in reverse) provide a temporal mapping for the kernel buffer
into user mode PCID and use trampoline for copy.
mmel [Sat, 27 Jan 2018 11:19:41 +0000 (11:19 +0000)]
Implement mitigation for Spectre version 2 attacks on ARMv7.
Similarly as we already do for arm64, for mitigation is necessary to
flush branch predictor when we:
- do task switch
- receive prefetch abort on non-userspace address
The user can disable this mitigation by setting 'machdep.disable_bp_hardening'
sysctl variable, or it can check actual system status by reading
'machdep.spectre_v2_safe'
The situation is complicated by fact that:
- for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit
in ACTLR is set.
- for Cortex-A15, the BPIALL is always NOP. The branch predictor can be
only flushed by doing ICIALLU with special bit (Enable invalidates of BTB)
set in ACTLR.
Since access to the ACTLR register is locked to secure monitor/firmware on
most boards, they will also need update of firmware / U-boot.
In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard),
the board is unfixable.
mmel [Sat, 27 Jan 2018 09:49:47 +0000 (09:49 +0000)]
Fix pmap_fault().
- special fault handling for break-before-make mechanism should be also
applied for instruction translation faults, not only for data translation
faults.
- since arm64_address_translate_...() functions are not atomic,
use these with disabled interrupts.
jhb [Sat, 27 Jan 2018 00:39:49 +0000 (00:39 +0000)]
Clarify some comments in the MIPS makecontext().
- N32 and N64 do not have a $a0-3 gap.
- Use 'sp += 4' to skip over the gap for O32 rather than '+= i'. It
doesn't make a functional change, but makes the code match the comment.
jhb [Fri, 26 Jan 2018 23:21:50 +0000 (23:21 +0000)]
Move per-operation data out of the csession structure.
Create a struct cryptop_data which contains state needed for a single
symmetric crypto operation and move that state out of the session. This
closes a race with the CRYPTO_F_DONE flag that can result in use after
free.
While here, remove the 'cse->error' member. It was just a copy of
'crp->crp_etype' and cryptodev_op() and cryptodev_aead() checked both
'crp->crp_etype' and 'cse->error'. Similarly, do not check for an
error from mtx_sleep() since it is not used with PCATCH or a timeout
so cannot fail with an error.
imp [Fri, 26 Jan 2018 23:14:46 +0000 (23:14 +0000)]
Fix a sleepable malloc in ndastart. We shouldn't be sleeping
here. Return ENOMEM when we can't malloc a buffer for the DSM
TRIM. This should fix the WITNESS warnings similar to the following:
uma_zalloc_arg: zone "16" with the following non-sleepable locks held:
exclusive sleep mutex CAM device lock (CAM device lock) r = 0 (0xfffff800080c34d0) locked @ /usr/src/sys/cam/nvme/nvme_da.c:351
imp [Fri, 26 Jan 2018 21:50:59 +0000 (21:50 +0000)]
Now that exit is __dead2, we need to tag ub_exit() as __dead2. To do
that, we have to put a while (1); after the syscall that will never
return to fake out the compiler....
mckusick [Fri, 26 Jan 2018 18:17:11 +0000 (18:17 +0000)]
For many years the message "fsync: giving up on dirty" has occationally
appeared on UFS/FFS filesystems. In some cases it was promptly followed
by a panic of "softdep_deallocate_dependencies: dangling deps". This fix
should eliminate both of these occurences.
Submitted by: Andreas Longwitz <longwitz at incore.de>
Reviewed by: kib
Tested by: Peter Holm (pho)
PR: 225423
MFC after: 1 week
imp [Fri, 26 Jan 2018 17:56:20 +0000 (17:56 +0000)]
Gross hack to omit printing hex floating point when the lua number
type is int64. While lua is setup for the representation, it's not
setup to properly print the numbers as ints. This is the least-gross
way around that, and won't affect the bootloader where we do this.
ian [Fri, 26 Jan 2018 17:55:17 +0000 (17:55 +0000)]
Add support to the imx5/6 watchdog for the external reset signal. Also, if
the "power down" watchdog used by the ROM boot code is still active when the
regular watchdog is activated, turn off the power-down watchdog.
This adds support for the "fsl,ext-reset-output" FDT property. When
present, that property indicates that a chip reset is accomplished by
asserting the WDOG1_B external signal, which is supposed to trigger some
external component such as a PMIC to ready the hardware for reset (for
example, adjusting voltages from idle to full-power levels), and assert the
POR signal to SoC when ready. To guard against misconfiguation leading to a
non-rebootable system, the external reset signal is backstopped by code
that asserts a normal internal chip reset if nothing responds to the
external reset signal within one second.
imp [Fri, 26 Jan 2018 17:24:25 +0000 (17:24 +0000)]
Preserve the original luaconf.h in a convenient place. Clients will
almost certainly need to override this, so reinforce that. If that's
not hte case, clients can always do a #include luaconf.h.dist.
hselasky [Fri, 26 Jan 2018 10:49:02 +0000 (10:49 +0000)]
Decouple Linux files from the belonging character device right after open
in the LinuxKPI. This is done by calling finit() just before returning a magic
value of ENXIO in the "linux_dev_fdopen" function.
The Linux file structure should mimic the BSD file structure as much as
possible. This patch decouples the Linux file structure from the belonging
character device right after the "linux_dev_fdopen" function has returned.
This fixes an issue which allows a Linux file handle to exist after a
character device has been destroyed and removed from the directory index
of /dev. Only when the reference count of the BSD file handle reaches zero,
the Linux file handle is destroyed. This fixes use-after-free issues related
to accessing the Linux file structure after the character device has been
destroyed.
While at it add a missing NULL check for non-present file operation.
Calling a NULL pointer will result in a segmentation fault.
mckusick [Fri, 26 Jan 2018 00:58:32 +0000 (00:58 +0000)]
Refactoring of reading and writing of the UFS/FFS superblock.
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.
jhibbits [Fri, 26 Jan 2018 00:58:02 +0000 (00:58 +0000)]
Minimum changes for ctl to build on architectures with non-matching physical and
virtual address sizes
Summary:
Some architectures use physical addresses larger than virtual. This is the
minimal changeset needed to get CAM/CTL to build on these targets. No
functional changes. More changes would likely be needed for this to be fully
functional on said platforms, but they can be made when needed.
jhibbits [Fri, 26 Jan 2018 00:56:09 +0000 (00:56 +0000)]
Minimal change to build linuxkpi on architectures with physical addresses larger
than virtual
Summary:
Some architectures have physical/bus addresses that are much larger
than virtual addresses. This change just quiets a warning, as DMAP is not used
on those architectures, and on 64-bit platforms uintptr_t is the same size as
vm_paddr_t and void *.