Don Lewis [Tue, 24 May 2016 05:02:24 +0000 (05:02 +0000)]
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Adrian Chadd [Tue, 24 May 2016 04:58:58 +0000 (04:58 +0000)]
[bwn] begin separating out the attach path from the SIBA specific bits.
* convert phy_getinfo() to take a "gmode" flag, rather than the siba
TGSHIGH flags and then check for 2GHz. This should ensure that
gmode is set correctly even on DUALPHY NICs.
* move the siba_powerup() call and the TGSHIGH decoding into a
call to bwn_is_bus_siba(), and return an error if it's called
on anything else. We don't yet do anything else, but when we do..
Adrian Chadd [Tue, 24 May 2016 04:55:00 +0000 (04:55 +0000)]
[bwn] add BCM43225 to the BHND device list.
This is all for the bhnd(4) work in progress. It's enough to probe/attach
all the bhnd internals, but we're missing OTP support and some cleanup
code. And, well, all the rest of the bhnd(4) migration.
So no, this won't give you BCM43225 support. Sorry!
John Baldwin [Tue, 24 May 2016 03:13:27 +0000 (03:13 +0000)]
Don't prematurely return short completions on blocking sockets.
Always requeue an AIO job at the head of the socket buffer's queue if
sosend() or soreceive() returns EWOULDBLOCK on a blocking socket.
Previously, requests were only requeued if they returned EWOULDBLOCK
and completed no data. Now after a partial completion on a blocking
socket the request is queued and the remaining request is retried when
the socket is ready. This allows writes larger than the currently
available space on a blocking socket to fully complete. Reads on a
blocking socket that satifsy the low watermark can still return a short
read (same as read()).
In order to track previously completed data, the internal 'status'
field of the AIO job is used to store the amount of previously
computed data.
Non-blocking sockets continue to return short completions for both
reads and writes.
Add a test for a "large" AIO write on a blocking socket that writes
twice the socket buffer size to a UNIX domain socket.
Adrian Chadd [Tue, 24 May 2016 01:12:19 +0000 (01:12 +0000)]
[bhnd] Implement pass-through resource management for ChipCommon.
This patchset adds support to bhnd_chipc for sharing SYS_RES_MEMORY
resources with its children, allowing us to hang devices off of
bhnd_chipc that rely on access to a subset of the device register space
that bhnd_chipc itself must also allocate.
We could avoid most of this heavy lifting if RF_SHAREABLE+SYS_RES_MEMORY
wasn't limited to use with allocations at the same size/offset.
As a work-around, I implemented something similar to vga_pci.c, which
implements similar reference counting of of PCI BAR resources for its
children.
With these changes, chipc will use reference counting of SYS_RES_MEMORY
allocation/activation requests, to decide when to allocate/activate/
deactivate/release resources from the parent bhnd(4) bus.
The requesting child device is allocated a new resource from chipc's
rman, pointing to (possibly a subregion of) the refcounted bhnd resources
allocated by chipc.
Other resource types are just passed directly to the parent bhnd bus;
RF_SHAREABLE works just fine with IRQs.
I also lifted the SPROM device code out into a common driver, since this
now allows me to hang simple subclasses off of a common driver off of both
bhndb_pci and bhnd_chipc.
Tested:
* (landonf) Tested against BCM4331 and BCM4312, confirmed that SPROM still
attaches and can be queried.
Don Lewis [Tue, 24 May 2016 00:57:11 +0000 (00:57 +0000)]
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
sys/kern/subr_unit.c
Use bit_count instead of a naive counting loop in check_unrhdr, used
when INVARIANTS are enabled. The userland test runs about 6x faster
in a generic build, or 8.5x faster when built for Nehalem, which has
the POPCNT instruction.
sys/sys/param.h
Bump __FreeBSD_version due to the addition of bit_alloc
UPDATING
Add a note about the ABI incompatibility of the bitstring(3)
changes, as suggested by lidl.
Ian Lepore [Mon, 23 May 2016 20:07:17 +0000 (20:07 +0000)]
Use the new(-ish) CP15_SCTLR macro to generate system control reg accesses
where possible. In the places that doesn't work (multi-line inline asm,
and places where the old armv4 cpufuncs mechanism is used), annotate the
accesses with a comment that includes SCTLR. Now a grep -i sctlr can find
all the system control register manipulations.
Allan Jude [Mon, 23 May 2016 15:11:01 +0000 (15:11 +0000)]
Fix error in bsdinstall where additional filesystems cannot be mounted
Do not set canmount=noauto on the boot environment at create time, because
this causes / to not be mounted, and since the chroot is read only, new
mountpoints cannot be created.
The property is set later, when other properties are adjusted
Reported by: HardenedBSD
Sponsored by: ScaleEngine Inc.
The EFSYS_PREEMPT_DISABLE() and EFSYS_PREEMPT_ENABLE() macros
were used to ensure correct timing of I2C operations. The APIs
for I2C operations have been removed, so these macros have no
callers.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
MFC after: 1 week
Use DELAY() instead of _sleep() when SCHEDULER_STOPPED() is set inside
pause_sbt(). This allows pause() to continue working during a panic()
which is not invoking KDB. This is useful when debugging graphics
drivers using the LinuxKPI.
Adrian Chadd [Mon, 23 May 2016 03:51:15 +0000 (03:51 +0000)]
[nvram2env] fix nvram2env to scan all of memory, not 1/4th
The variable "size" stores number of words (4bytes). But the loop over
memory uses size as number of bytes to scan memory. As result it fetches
only 1/4th of memory.
This patch solves this problem and nvram2env fetches all NVRAM variables.
Test plan:
Pre-requisites: any MIPS board with ASCII-based NVRAM mapped into memory
* Add "device nvram2env" into kernel configuration
* Specify hints: base is mandatory (according to nvram2env(4))
hint.nvram.0.base=0x1c7f8000 (it's valid address for Asus RT-N53 with
flags = 0x4)
* Build & load kernel with bootverbose
Actual result: only part of nvram variables are found
Expected result: all variables are found
Submitted by: Michael Zhilin <mizhka@gmail.com>
Differential Revision: https://reviews.freebsd.org/D6466
Adrian Chadd [Mon, 23 May 2016 03:47:44 +0000 (03:47 +0000)]
[bhnd] Add support for querying the attachment type of the bhnd bus.
This adds a BHND_BUS_GET_ATTACH_TYPE(); the primary use-case is to let
chipc make a coarse-grained determination as to whether UART, SPI, etc
drivers ought to be attached, and on fullmac devices, whether a real
CPU driver ought to be skipped for the ARM core, etc.
This diff updates DEFINE_CLASS_2/_3 to support the specification of class
name separately from the class variable name, bringing them into sync
with their API documentation, as well as the behavior of DEFINE_CLASS_0/_1.
Nothing in the tree currently uses the _2/_3 variants, and I can't
find any references to the API outside of commits to the kobj.h
header itself; given the limitation that currently exists, I'd
be surprised if they've ever been used.
Don Lewis [Mon, 23 May 2016 01:01:23 +0000 (01:01 +0000)]
Hopefully fix Coverity CID 1008328 (Out-of-bounds write) in /bin/sh.
Replace the magic constant 127 in the loop interation count with
"PROMPTLEN - 1".
gethostname() is not guaranteed to NUL terminate the destination
string if it is too short. Decrease the length passed to gethostname()
by one, and add a NUL at the end of the buffer to make sure the
following loop to find the end of the name properly terminates.
The default: case is the likely cause of Coverity CID 1008328. If
i is 126 at the top of the loop interation where the default case
is triggered, i will be incremented to 127 by the default case,
then incremented to 128 at the top of the loop before being compared
to 127 (PROMPTLENT - 1) and terminating the loop. Then the NUL
termination code after the loop will write to ps[128]. Fix by
checking for overflow before incrementing the index and storing the
second character in the buffer.
These fixes are not guaranteed to satisfy Coverity. The code that
increments i in the 'h'/'H' and 'w'/'W' cases may be beyond its
capability to analyze, but the code appears to be safe.
Ian Lepore [Sun, 22 May 2016 21:31:20 +0000 (21:31 +0000)]
Restore the translation of armv6hf->arm when generating MACHINE_CPUARCH.
It turns out we need to leave this in place for a while so that people
running self-hosting armv6hf systems can do the builds necessary to update
to armv6 (which is now hardfloat by default).
Enji Cooper [Sun, 22 May 2016 19:06:38 +0000 (19:06 +0000)]
Wrap EXPAND(..) macro with a do-while(0) loop and put a single statement on each line
As a positive side-effect, this eliminates the double semicolons reported by Coverity:
the macro contained a trailing semicolon, in addition to the semicolon placed on
each line where EXPAND(..) was called.