Bjoern A. Zeeb [Mon, 22 Jun 2020 10:52:30 +0000 (10:52 +0000)]
MFC r362472:
Rather than zeroing MAXVIFS times size of pointer [r362289] (still better than
sizeof pointer before [r354857]), we need to zero MAXVIFS times the size of
the struct. All good things come in threes; I hope this is it on this one.
Jilles Tjoelker [Sun, 21 Jun 2020 16:06:01 +0000 (16:06 +0000)]
MFC r362182: sh/tests: Add tests for SIGINT in non-jobc background commands
If job control is not enabled, background commands shall ignore SIGINT and
SIGQUIT, and it shall be possible to override that ignore in the same shell.
Bjoern A. Zeeb [Sun, 21 Jun 2020 11:48:55 +0000 (11:48 +0000)]
MFC r362289:
When converting the static arrays to mallocarray() in r356621 I missed
one place where we now need to multiply the size of the struct with the
number of entries. This lead to problems when restarting user space
daemons, as the cleanup was never properly done, resulting in MRT_ADD_VIF
EADDRINUSE.
Properly zero all array elements to avoid this problem.
Dimitry Andric [Sun, 21 Jun 2020 09:24:47 +0000 (09:24 +0000)]
MFC r362341:
Merge commit 0cecafd647cc from llvm git (by Alina Sbirlea):
[BasicAA] Make BasicAA a cfg pass.
Summary:
Part of the changes in D44564 made BasicAA not CFG only due to it
using PhiAnalysisValues which may have values invalidated. Subsequent
patches (rL340613) appear to have addressed this limitation.
BasicAA should not be invalidated by non-CFG-altering passes. A
concrete example is MemCpyOpt which preserves CFG, but we are testing
it invalidates BasicAA.
This fixes an issue with clang's -fintegrated-cc1 feature, which could
make it output slightly different assembly code, depending on the way it
was invoked.
In r361755 we attempted to work around it by disabling the integrated
cc1 stage, but it did not solve the root cause for all situations.
Extensive testing and bisecting showed that the above change finally
makes the output deterministic, even if -fintegrated-cc1 is on.
Mike Karels [Sat, 20 Jun 2020 20:10:42 +0000 (20:10 +0000)]
Allow TCP to reuse local port with different destinations
MFC r361228, r361231:
Previously, tcp_connect() would bind a local port before connecting,
forcing the local port to be unique across all outgoing TCP connections
for the address family. Instead, choose a local port after selecting
the destination and the local address, requiring only that the tuple
is unique and does not match a wildcard binding.
Note that in_pcb_lport and in_pcb_lport_dest can be called with a NULL
local address for IPv6 sockets; handle it.
Emmanuel Vadot [Fri, 19 Jun 2020 18:54:55 +0000 (18:54 +0000)]
MFC r360311:
arm64: rockchip: rk805: Use a tailq for the attached regulator
Store the attached regulator in a tailq to later find them in ofw_map.
While here, do not attempt to attach a regulator without a name, a node
might exists but if it doesn't have a name the regulator is unused.
Emmanuel Vadot [Fri, 19 Jun 2020 18:53:32 +0000 (18:53 +0000)]
MFC r360228:
arm64: rockchip: Fix TSADC on RK3328
The TSADC familiy is a little bit more complex than V2 and V3.
Early revision do not use syscon and do not use qsel (RK3288).
Next revision still do not use syscon but uses qsel (RK3328).
Final revision use both.
r358430:
dts: Update our copy for arm, arm64 and riscv dts to Linux 5.5
r359934:
dts: Import DTS from Linux 5.6
r359935:
allwinner: aw_thermal: Cope with DTS changes
The upstream DTS now include the thermal device node and the SID
calibration entry.
Update our driver to cope with this change and remove the DTB
overlays that aren't needed anymore.
X-MFC-With: r359934
r359936:
modules: dtb: allwinner: Remove non existant files
Emmanuel Vadot [Fri, 19 Jun 2020 18:27:22 +0000 (18:27 +0000)]
MFC r360013, r360018, r360021
r360013:
arm: Fix duplicate ehci DRIVER_MODULE
Name each ehci driver uniquely.
This remove the warning printed at each arm boot :
module_register: cannot register simplebus/ehci from kernel; already loaded from kernel
A similar fix was done in r333074 but imx_ehci wasn't renamed and generic_ehci wasn't
present at that time.
r360018:
arm: Fix duplicate pcib DRIVER_MODULE
Name each pcib driver uniquely.
This remove the warning printed at each arm boot :
module_register: cannot register simplebus/pcib from kernel; already loaded from kernel
r360021:
arm: nvidia: pcie: Rename class name to pcib
Emmanuel Vadot [Fri, 19 Jun 2020 18:25:27 +0000 (18:25 +0000)]
MFC r350166:
arm64: Implement HWCAP
Add HWCAP support for arm64.
defines are the same as in Linux and a userland program can use
elf_aux_info to get the data.
We only save the common denominator for all cores in case the
big and little cluster have different support (this is known to
exists even if we don't support those SoCs in FreeBSD)
Emmanuel Vadot [Fri, 19 Jun 2020 18:05:14 +0000 (18:05 +0000)]
MFC r359924-r359925, r359927, r359932, r359965
r359924:
Those functions are here to help fdt mmc controller drivers to parse
the dts to find the supported speeds and the regulators.
Not all DTS have every settings properly defined so host controller
will still have to add some caps themselves.
It also add a mmc_fdt_gpio_setup function which will read the cd-gpios
property and register it as the CD pin.
If the pin support interrupts one will be registered and the cd_helper
function will be called.
If the pin doesn't support interrupts the internal taskqueue will poll
for change and call the same cd_helper function.
mmc_fdt_gpio_setup will also parse the wp-gpio property and MMC drivers
can know the write-protect pin value by calling the
mmc_fdt_gpio_get_readonly function.
r359925:
arm: allwinner: aw_mmc: Use the mmc_fdt_helper
The fdt properties are now parsed via the help of mmc_fdt_helper functions.
This also adds card detection.
Note that on some boards (like the Pine64) card detection is broken due to
a missing resistor on the cd pin.
Use the mmc_fdt_parse function instead of parsing everything in the
driver.
r359932:
files: Add mmc_fdt_helpers for mmccam enabled config
X-MFC-With: r359924
r359965:
mmc_fdt_helpers: Do not schedule a card detection is there is no cd gpio
If the fdt node doesn't have a cd-gpios properties or if the node is set
as non-removable we do not init the card detection timeout task as it is
useless so don't schedule it too.
Tested on stable r359316 @ Sleep mode on custom hw, Power off on BBB and PB
OFF bit [1] in status register control the pmic behaviour when PWR_EN pin
is pulled low.
On most AM335x hardware [beaglebone *] the desired behaviour are in fact
power off due to some hardware designs - read more in the comments around
pmic in sys/gnu/dts/arm/am335x-bone-common.dtsi
This patch let the device-tree decide with ti,pmic-shutdown-controller[2]
the state of off bit in status register.
Emmanuel Vadot [Fri, 19 Jun 2020 17:56:05 +0000 (17:56 +0000)]
MFC r359805:
gpioctl: Print interrupts capabilities
GPIO drivers who supports interrupts report them in the caps
(obtain via the getcaps method) but gpioctl doesn't know
how to interpret this and print "UNKNOWN" for each one of them.
Even if we don't have userland gpio interrupts support for now
let gpioctl print the supported caps.
Emmanuel Vadot [Fri, 19 Jun 2020 17:52:48 +0000 (17:52 +0000)]
MFC r358450, r358635
r358450:
mmc: dwmmc: Fix off by one error
The IVAR_MAX_DATA is supposed to have the number of descriptor X the mmc
block size and desc_count contain all this information + 1.
Reported by: phk
r358635:
dwmmc: Rework the DMA engine
Each segment can be up to 4096 bytes in chain structure according to the
RK3399 TRM Part 2.
Set the buffers in full ring where the last one point to the first one.
Correctly reports the MMC_IVAR_MAX_DATA.
Use CACHE_LINE_SIZE for bus_dma alignment.
Emmanuel Vadot [Fri, 19 Jun 2020 17:49:49 +0000 (17:49 +0000)]
MFC r356803:
regulator_fixed: Add a get_voltage method
Some consumer cannot know the voltage of the regulator without it.
While here, refuse to attach is min_voltage != max_voltage, it
shouldn't happens anyway.
Ravi Pokala [Fri, 19 Jun 2020 05:54:15 +0000 (05:54 +0000)]
MFC r362078:
Decode the "LACP Fast Timeout" LAGG option flag
r286700 added the "lacp_fast_timeout" option to `ifconfig', but we forgot to
include the new option in the string used to decode the option bits. Add
"LACP_FAST_TIMO" to LAGG_OPT_BITS.
Also, s/LAGG_OPT_LACP_TIMEOUT/LAGG_OPT_LACP_FAST_TIMO/g , to be clearer that
the flag indicates "Fast Timeout" mode.
Alexander Motin [Fri, 19 Jun 2020 00:43:44 +0000 (00:43 +0000)]
MFC r361816: Limit AHCI to only one MSI if more is not needed.
My AMD Ryzen system has 4 AHCI controllers, each supporting 16 MSI vectors.
Since two of the controllers have only one SATA port, limit to single MSI
saves system 30 interrupt vectors for free.
It may be possible to also limit number of MSI vectors to 4 and 8 for the
other two controllers, but according to the AHCI specification after that
controllers may revert to only one vector, that would be a bigger loss to
risk.
Emmanuel Vadot [Thu, 18 Jun 2020 23:31:56 +0000 (23:31 +0000)]
MFC r358555, r358799-r358800
r358555:
cpufreq_dt: Improve multiple opp support
When looking for cpu with the same OPP starts from the root /cpus node
so each instance of cpufreq_dt will now each cpu with the same operating
point.
Also test that the node we are testing have the property "device_type" set
to be equal to "cpu".
While here add more debug printfs (off by defaults).
r358799:
cpufreq_dt: Fix r358555
Before skipping the current cpu when trying to find the ones that
have the same opp, record that this one have this opp.
Emmanuel Vadot [Thu, 18 Jun 2020 23:23:21 +0000 (23:23 +0000)]
MFC r356888, r356891
r356888:
arm: allwinner: Fix padconf for interrupts information
Add a eint_bank member to the allwinner_pins structure.
On Allwinner SoCs not all pins can do interrupt.
Older SoC (A10/A13 and A20) there is a maximum number of interrupts
set to 32 and all the configuration is done in the same registers.
While on "newer" SoCs (>=A31) interrupts registers are splitted per
pin bank (i.e. all interrupts available in bank B will be configured
with a sets of registers and the one in bank G in another set).
While here set the names to all interrupts function to
pX_eintY where X is the bank name and Y the interrupt number.
To whom ever in the future look at the H5 manual and notice that the bank F
have interrupts support : This isn't true, trust me.
r356891:
arm: allwinner: Add GPIO Interrupt support
Not all pins in Allwinner have interrupts support so we rely
on the padconf data to add the proper caps when pin_getcaps is called.
The pin is switch to the specific "eint" function during setup_intr and
switched back to its old function in teardown_intr.
Only INTR_MAP_DATA_GPIO is supported for now.
This is needed when the driver is compiled into the kernel.
When compiled as a module this will be called from another
code path as we also depend on ofw_spibus.
r356609:
twsi: Rework how we handle the i2c messages
We use to handle each message separately in i2c_transfer but that cannot
work with message with NOSTOP as it confuses the controller that we disable
the interrupts and start a new message.
Handle every message in the interrupt handler and fire a new start condition
if the previous message have NOSTOP, the controller understand this as a
repeated start.
This fixes booting on Allwinner A10/A20 platform where before the i2c controller
used to write 0 to the PMIC register that control the regulators as it though that
this was the continuation of the write message.
Tested on: A20 BananaPi, Cubieboard 1 (kevans)
Reported by: kevans
This overlays can be used on A64 board to use spigen and spi(8)
on the spi0 pins.
Tested On: Pine64-LTS, A64-Olinuxino
Submitted by: Gary Otten <gdotten@gmail.com>
r356798:
axp8xx: Add missing voltage regulators offset
This lead to writing the desired voltage value to the wrong register.
r356799:
axp8xx: Add a regnode_init method
This method will set the desired voltaged based on values in the DTS.
It will not enable the regulator, this is the job of either a consumer
or regnode_set_constraint SYSINIT if the regulator is boot_on or always_on.
r356800:
arm: allwinner: Add support for bank supply
Each GPIO bank is powered by a different pin and so can be powered at different
voltage from different regulators.
Add a new config that now hold the pinmux data and the banks available on each
SoCs.
Since the aw_gpio driver being also the pinmux one it's attached before the PMIC
so add a config_intrhook_oneshot function that will enable the needed regulators
when the system is fully functional.
r356802:
arm: allwinner: ahci: target-supply is optional
The target-supply regulator is optional so don't fail if it's not present.
While here disable the clock on detach.
Emmanuel Vadot [Thu, 18 Jun 2020 23:18:47 +0000 (23:18 +0000)]
MFC r353528-r353529
r353528:
arm64: allwinner: Add Allwinner H6 Support
This adds support for H6 SoC.
Add a CCU driver for H6 that support all PLLs and most of the clocks
that we are intersted in for now (i2c, mmc, usb, etc ...)
r349584:
Since r349571 we need all the accessor to be present for set or get
otherwise we panic.
dwmmc don't handle VCCQ (voltage for the IO line of the SD/eMMC) or
TIMING.
Add the needed accessor in the {read,write}_ivar functions.
Reviewed by: imp (previous version)
r349728 by imp:
Implement missing MMCBR ivars
All MMCBR bridges have to implement all the MMCBR variables. This
implements them for everybody that currently doesn't.
A common routine for this should be written.
r349731 by imp:
Fix cut-and-pasto that slipped through my testing.
r350440 by br:
Add support for the SD/MMC controller found in Terasic DE10-Pro
(an Intel Stratix 10 GX/SX FPGA Development Kit).
Set the bus speed manually due to lack of clock management support.
Sponsored by: DARPA, AFRL
r350443 by br:
Fix MMCCAM kernel build.
Sponsored by: DARPA, AFRL
r351185 by mmel:
Enhance support of extres in dwmmc driver.
Handle all clocks, regulators and resets defined by dwmmc bindings.
r353493 by br:
Fix the driver attachment in cases when the external resource devices
(resets, regulators, clocks) are not available.
Rely on a system initialization done by a bootloader in that cases.
This fixes operation on Terasic DE10-Pro (an Intel Stratix 10
development kit).
Sponsored by: DARPA, AFRL
r353575 by br:
Fix dwmmc(4) driver attachment when ext_resources are not present.
Ignore only ENOENT (no DTS properties found) and ENODEV (driver not
present) non-zero return values from ext_resources.
Reviewed by: manu
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D22043
r355625:
dwmmc: Add a detach method
This method will disable the regulators, clocks and assert the reset of
the module. It will also detach it's children (the mmc device) and release
it's resources.
While here enable the regulators on attach as we need them to power up
the sdcard or emmc.
r355627:
dwmmc: Handle the card detect interrupt
The driver used to always add the mmc device as it's child even
it no card was detected. Add a function that will detect if the
card is present or not and that will attach/detach the mmc device.
The function is either call on attach (as we won't have the interrupt
fired) or from two taskqueues. The first taskqueue will directly call
the function when the sdcard was present and is now removed and the other
one will delay a bit the attach when we didn't had a card and now have one.
This is mostly based on comments from the sdhci driver where it describe
a situation when the CD pin is detected before the others pins are connected.
r355629:
dwmmc: Use device_delete_children
Instead of first detaching the children(s) and then delete them,
use the device_delete_children function that does all of that.
Suggested by: ian
r356813:
dwmmc: Remove max_hz from the softc
We never use it so directly set the value to the mmc host structure.
MFC r352925: xen/ctrl: acknowledge all control requests
MFC r357616: xen/console: fix priority of Xen console
MFC r361274: dev/xenstore: fix return with locks held
Note this should be dev/evtchn not dev/xenstore.
MFC r361578: xenpv: do not use low 1MB for Xen mappings on i386
MFC r361580: xen/control: short circuit xctrl_on_watch_event on spurious event
Those are all Xen related fixes or minor improvements that have been sitting on
current for a reasonable time without complaints.
MFC r361828:
Ensure pci_channel_offline() actually queries the PCI register space,
and not only the software cache of that register. Else
pci_channel_offline() won't detect that the PCI device is gone when
using the LinuxKPI.
This function returns NULL if the ring identified by
queue id and direction is in netmap mode. Otherwise
return the corresponding kring.
Use this function to replace vtnet_netmap_queue_on().
If execve fails with ENOEXEC, execvp is expected to rebuild the command
with /bin/sh instead and try again.
The previous version did this, but overlooked two details:
argv[0] can conceivably be NULL, in which case memp would never get
terminated. We must allocate no less than three * sizeof(char *) so we can
properly terminate at all times. For the non-NULL argv standard case, we
count all the non-NULL elements and actually skip the first argument, so we
end up capturing the NULL terminator in our bcopy().
The second detail is that the spec is actually worded such that we should
have been preserving argv[0] as passed to execvp:
"[...] executed command shall be as if the process invoked the sh utility
using execl() as follows:
where <shell path> is an unspecified pathname for the sh utility, file is
the process image file, and for execvp(), where arg0, arg1, and so on
correspond to the values passed to execvp() in argv[0], argv[1], and so on."
So we make this change at this time as well, while we're already touching
it. We decidedly can't preserve a NULL argv[0] as this would be incredibly,
incredibly fragile, so we retain our legacy behavior of using "sh" for
argv[] in this specific instance.
Some light tests are added to try and detect some components of handling the
ENOEXEC fallback; posix_spawnp_enoexec_fallback_null_argv0 is likely not
100% reliable, but it at least won't raise false-alarms and it did result in
useful failures with pre-change libc on my machine.
This is a secondary change in D25038.
r361996:
execvPe: obviate the need for potentially large stack allocations
Some environments in which execvPe may be called have a limited amount of
stack available. Currently, it avoidably allocates a segment on the stack
large enough to hold PATH so that it may be mutated and use strsep() for
easy parsing. This logic is now rewritten to just operate on the immutable
string passed in and do the necessary math to extract individual paths,
since it will be copying out those segments to another buffer anyways and
piecing them together with the name for a full path.
Additional size is also needed for the stack in posix_spawnp(), because it
may need to push all of argv to the stack and rebuild the command with sh in
front of it. We'll make sure it's properly aligned for the new thread, but
future work should likely make rfork_thread a little easier to use by
ensuring proper alignment.
Some trivial cleanup has been done with a couple of error writes, moving
strings into char arrays for use with the less fragile sizeof().
r361999:
Add missing shell script from r361995
r362111:
posix_spawn: fix for some custom allocator setups
libc cannot assume that aligned_alloc and free come from jemalloc, or that
any application providing its own malloc and free is actually providing
aligned_alloc.
Switch back to malloc and just make sure we're passing a properly aligned
stack into rfork_thread, as an application perhaps can't reasonably replace
just malloc or just free without headaches.
This unbreaks ksh93 after r361996, which provides malloc/free but no
aligned_alloc.
r347929:
pci: ecam: Do not warn on mismatch of bus_end
We cannot know the bus end number before parsing the MCFG table
so don't set the bus_end before that. If the MCFG table doesn't
exist we will set the configuration base address based on the _CBA
value and set the bus_end to the maximal number allowed by PCI.
Emmanuel Vadot [Tue, 16 Jun 2020 20:22:56 +0000 (20:22 +0000)]
MFC r346332:
ofw_graph: Add functions for graph bindings
Those functions are helpers to work on graph bindings.
graphs are mostly use with video related devices.
See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/devicetree/bindings/graph.txt?id=4436a3711e3249840e0679e92d3c951bcaf25515
Kyle Evans [Tue, 16 Jun 2020 12:21:55 +0000 (12:21 +0000)]
MFC r361977: libusb: improve compatibility
Specifically, add LIBUSB_CLASS_PHYSICAL and the libusb_has_capability API.
Descriptions and functionality for these derived from the
documentation at [0]. The current set of capabilities are all supported by
libusb.
These were detected as missing after updating net/freerdp to 2.1.1, which
attempted to use both.
[evdev] Add AT translated set1 scancodes for F-unlocked F1-12 keys.
"F lock" is a switch between two sets of scancodes for function keys F1-F12
found on some Logitech and Microsoft PS/2 keyboards [1]. When "F lock" is
pressed, then F1-F12 act as function keys and produce usual keyscans for
these keys. When "F lock" is depressed, F1-F12 produced the same keyscans
but prefixed with E0.
Some laptops use [2] E0-prefixed F1-F12 scancodes for non-standard keys.
CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of
service (segmentation fault) via a malformed window-function query because
the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in
sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a
use-after-free in fts3EvalNextRow, related to the snippet feature
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed
to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a
NULL pointer dereference via a crafted matchinfo() query.
Dimitry Andric [Sun, 14 Jun 2020 17:36:43 +0000 (17:36 +0000)]
Update Subversion and dependencies to 1.14.0 LTS.
MFC r344438 (by emaste):
svn: support building with WITH_PIE
Subversion builds and links against its own .a archives using local
rules, so did not benefit from with the WITH_PIE library support added
in r344179. Apply the same _pie suffix locally.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D19246
MFC r352156 (by imp):
Remove directory empty after r266735
MFC r357299 (by cem):
contrib/apr: Remove scope leak UB
In apr_vformatter, the variable buf was declared inside a limited scope
region, but a pointer to it is leaked outside of that region and used
later. This is undefined behavior. Fix by moving the buf variable to
function scope.
contrib/apr: Rip out bogus [CS]PRNG implementation
This construction used some relatively slow design involving SHA2; even if
it were fed real entropy (unclear; external to the design), it did not
handle fork in a safe way, and it was difficult to audit for correctness.
So just rip it out and use the very simple and known-correct arc4random(3)
interface in its place.
MFC r361677:
Change Makefiles under usr.bin/svn to make them easier to incrementally
update. No functional change intended.
MFC r361678:
Update apr to 1.7.0. See contrib/apr/CHANGES for a summary of changes.
MFC r361681:
Change more Makefiles under usr.bin/svn to make them easier to
incrementally update. No functional change intended.
MFC r361684 (by kevans):
apr: build some needed emulated 64-bit atomic bits after r361678
This should fix the build on armv{6,7}, mips, and mips64, which all need
emulated 64-bit atomics for apr.
MFC r361691:
Follow-up r361678 (update apr to 1.7.0) by also regenerating the apr
internal headers through the upstream configure script, with some minor
custom tweaks.
MFC r361692:
Update apr-util to 1.6.1. See contrib/apr-util/CHANGES for a summary of
changes.
MFC r361693:
Update Subversion to 1.14.0 LTS. See contrib/subversion/CHANGES for a
summary of changes, or for a more thorough overview:
Martin Matuska [Fri, 12 Jun 2020 22:59:59 +0000 (22:59 +0000)]
MFC r361294:
Update libarchive to 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
Alan Somers [Fri, 12 Jun 2020 20:39:42 +0000 (20:39 +0000)]
MFC r361562:
geli: fix a livelock during panic
During any kind of shutdown, kern_reboot calls geli's pre_sync event hook,
which tries to destroy all unused geli devices. But during a panic, geli
can't destroy any devices, because the scheduler is stopped, so it can't
switch threads. A livelock results, and the system never dumps core.
This commit fixes the problem by refusing to destroy any devices during
panic, used or otherwise.
Alan Somers [Fri, 12 Jun 2020 20:32:26 +0000 (20:32 +0000)]
MFC r361401:
Fix issues with FUSE_ACCESS when default_permissions is disabled
This patch fixes two issues relating to FUSE_ACCESS when the
default_permissions mount option is disabled:
* VOP_ACCESS() calls with VADMIN set should never be sent to a fuse server
in the form of FUSE_ACCESS operations. The FUSE protocol has no equivalent
of VADMIN, so we must evaluate such things kernel-side, regardless of the
default_permissions setting.
* The FUSE protocol only requires FUSE_ACCESS to be sent for two purposes:
for the access(2) syscall and to check directory permissions for
searchability during lookup. FreeBSD sends it much more frequently, due to
differences between our VFS and Linux's, for which FUSE was designed. But
this patch does eliminate several cases not required by the FUSE protocol:
* for any FUSE_*XATTR operation
* when creating a new file
* when deleting a file
* when setting timestamps, such as by utimensat(2).
* Additionally, when default_permissions is disabled, this patch removes one
FUSE_GETATTR operation when deleting a file.
PR: 245689
Reported by: MooseFS FreeBSD Team <freebsd@moosefs.pro>
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D24777
Alan Somers [Fri, 12 Jun 2020 20:27:37 +0000 (20:27 +0000)]
MFC r361399:
Disable nullfs cacheing on top of fusefs
Nullfs cacheing can keep a large number of vnodes active. That results in
more active FUSE file handles, causing some FUSE servers to use extra
resources. Disable nullfs cacheing for fusefs, just like we already do for
NFSv4.
PR: 245688
Reported by: MooseFS FreeBSD Team <freebsd@moosefs.pro>
Alan Somers [Fri, 12 Jun 2020 20:11:25 +0000 (20:11 +0000)]
MFC r361223:
fusefs: fix intermittency in some ENOENT tests
When a FUSE operation other than LOOKUP returns ENOENT, the kernel will
reclaim that vnode, resuling in a FUSE_FORGET being sent a short while
later. Many of the ENOENT tests weren't expecting those FUSE_FORGET
operations. They usually passed by luck since FUSE_FORGET is often delayed.
This commit adds appropriate expectations.
Alexander Motin [Fri, 12 Jun 2020 15:37:55 +0000 (15:37 +0000)]
MFC r351516: Announce PCI Segment Groups supported to PCI host _OSC.
According to ACPI 6.3 specification:
The OS sets this bit to 1 if it supports PCI Segment Groups as defined
by the _SEG object, and access to the configuration space of devices
in PCI Segment Groups as described by this specification. Otherwise,
the OS sets this bit to 0.
As far as I see we support both of those as PCI domains for quite a while.
Make ext2fs compatible with changes introduced in e2fsprogs v1.45.2.
Now the tail of inode bitmap is filled with 0xff pattern explicitly during
bitmap initialization phase to avoid e2fsck error like:
"Padding at end of inode bitmap is not set."
Andriy Gapon [Fri, 12 Jun 2020 07:25:40 +0000 (07:25 +0000)]
MFC r361621: do not enable pci bridge decoding on resume until I/O windows are restored
PCI bus driver restores most but not all of a child PCI-PCI bridge
configuration. The bridge's I/O windows are restored by pcib driver and
that happens later in time. This can be problematic because the Command
register is restored before the windows are restored. If the firmware
programs the windows incorrectly or even does not program them at all,
then the bridge can start claiming I/O cycles that are not intended for
it. This will continue until the correct windows are restored.
I have observed this problem with a buggy BIOS where after resuming from
S3 an I/O port window of a PCI-PCI bridge was configured with zero base
and limit causing the bridge to claim 0x0 - 0xFFF port range. That
interfered with ACPI port access including ACPI PM Timer at port 0x808,
thus wreaking havoc in the time keeping.
The solution is to restore the Command register of PCI-PCI bridges after
the windows are restored in pcib driver. While here, I decided that for
other PCI device types (normal and cardbus) it's better to restore the
Command register after their BARs are restored.
Andriy Gapon [Fri, 12 Jun 2020 07:23:27 +0000 (07:23 +0000)]
MFC r361620: corefile_open_last: don't keep a locked vnode while locking other ones
Consider this scenario:
- kern.corefile=/var/coredumps/%N.%U.%I.core
- multiple processes with the same name crash at the same time
It's possible that one process selects existing file N as oldvp while it
keeps looking for an unused file number. Another process scans through
files and stumbles upon N. That process would be blocked on the vnode
lock while holding the directory vnode exclusively locked. The first
process would, thus, get blocked on the directory's vnode lock.
More generally, holding a file's vnode lock (oldvp) while trying to lock
its directory (for the next lookup) is a violation of the vnode locking
order.
I have observed this deadlock in the wild.
So, the change to keep oldvp "opened" but unlocked and to lock it again
only if it's to be returned as the result.
As kib noted, an alternative would be to keep the directory locked and
to use VOP_LOOKUP directly for scanning through existing core files.
Cy Schubert [Fri, 12 Jun 2020 01:03:51 +0000 (01:03 +0000)]
MFC r361957-r361960
r361957:
MFV r361936:
Upstream commit message:
[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
Security: VU#339275 and CVE-2020-12695
r361958:
MFV r361937:
Upstream commit message:
[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
Security: VU#339275 and CVE-2020-12695
r361959:
MFV r361938:
Upstream commit message:
[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Obtained from: https://w1.fi/security/2020-1/\
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
Security: VU#339275 and CVE-2020-12695
Eric Joyner [Fri, 12 Jun 2020 00:42:05 +0000 (00:42 +0000)]
MFC r361805: em(4): Add support for Comet Lake Mobile Platform
This change introduces Comet Lake Mobile Platform support in the e1000
driver along with shared code patches described below.
- Cast return value of e1000_ltr2ns() to higher type to avoid overflow
- Remove useless statement of assigning act_offset
- Add initialization of identification LED
- Fix flow control setup after connected standby:
After connected standby the driver blocks resets during
"AdapterStart" and skips flow control setup. This change adds
condition in e1000_setup_link_ich8lan() to always setup flow control
and to setup physical interface only when there is no need to block
resets.
Kristof Provost [Thu, 11 Jun 2020 16:51:13 +0000 (16:51 +0000)]
MFC r357061:
pf: Apply kif flags to new group members
If we have a 'set skip on <ifgroup>' rule this flag it set on the group
kif, but must also be set on all members. pfctl does this when the rules
are set, but if groups are added afterwards we must also apply the flags
to the new member. If not, new group members will not be skipped until
the rules are reloaded.