Exit with usage when extra arguments are on command line
preventing mistakes such as "halt 0p" for "halt -p".
Approved by: bde (mentor), phk (mentor)
MFC after: 1 week
So that it doesn't rely on physmap[1] containing an address below
1MiB. Instead scan the full physmap and search for a suitable address
to place the trampoline code (below 1MiB) and the initial memory pages
(below 4GiB).
Make the INTO instruction operational in 32bit mode.
Having the IDT entry specify ring 0 DPL caused delivery of #GP instead
of #OF.
The instruction is not valid in 64bit mode, which probably explains
why the IDT entry for #OF was initially set this way. It is
interesting to note that the BOUND instruction works with the IDT #BR
entry DPL 0, most likely CPU considers #BR from BOUND as generated by
a machine, not user.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Ed Maste [Thu, 5 Apr 2018 03:26:42 +0000 (03:26 +0000)]
remove special handling for stale ptrace dependencies
r318957 added special handling for stale ptrace dependency files to
support a -DNO_CLEAN build in a tree last built before r305012. That
revision is now over a year and a half old, so retire the special case.
cxgbe(4): Always display an error message if SIOCSIFFLAGS will leave
IFF_UP and IFF_DRV_RUNNING out of sync. ifhwioctl in the kernel pays no
attention to the return code from the driver ioctl during SIOCSIFFLAGS
so these messages are the only indication that the ioctl was called but
failed.
netmap: align if_ptnet guest driver to the upstream code (commit 0e15788)
The change upgrades the driver to use the split Communication Status
Block (CSB) format. In this way the variables written by the guest
and read by the host are allocated in a different cacheline than
the variables written by the host and read by the guest; this is
needed to avoid cache thrashing.
Ed Maste [Wed, 4 Apr 2018 21:12:35 +0000 (21:12 +0000)]
Fix kernel memory disclosure in tcp_ctloutput
strcpy was used to copy a string into a buffer copied to userland, which
left uninitialized data after the terminating 0-byte. Use the same
approach as in tcp_subr.c: strncpy and explicit '\0'.
admbugs: 765, 822
MFC after: 1 day
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by: Vlad Tsyrklevich
Security: Kernel memory disclosure
Sponsored by: The FreeBSD Foundation
Ed Maste [Wed, 4 Apr 2018 19:58:25 +0000 (19:58 +0000)]
Fix kernel memory disclosure in linux_ioctl_socket
strlcpy is used to copy a string into a buffer to be copied to userland,
previously leaving uninitialized data after the terminating NUL. Zero
the buffer first to avoid a kernel memory disclosure.
admbugs: 765, 811
MFC after: 1 day
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by: Vlad Tsyrklevich
Sponsored by: The FreeBSD Foundation
Marcin Wojtas [Wed, 4 Apr 2018 13:20:29 +0000 (13:20 +0000)]
Enable Marvell gpio driver to work with many controllers
This patch moves all global data structures into mv_gpio_softc,
and puts device_t parameter to functions calls everywhere where needed.
As a result, we can create multiple driver instances.
Removed names in function declaration to keep style.
Marcin Wojtas [Wed, 4 Apr 2018 13:12:49 +0000 (13:12 +0000)]
Improve interrupt and resource allocation in Marvell GPIO driver
This patch adds support for more than one interrupts
in GPIO controller. It reads necessary information (such as cell size)
from FDT, so there are no magic numbers.
Note that interrupts are still not working, but this patch makes
one good step in correct direction
Marcin Wojtas [Wed, 4 Apr 2018 13:08:51 +0000 (13:08 +0000)]
Introduce port debouncing mechanism in mv_gpio driver
This patch introduces gpio debouncing mechanism
with fixed memory allocation in critical section.
When you press button, value at gpio pin connected to button
is changing many times which will cause in unexpected behaviour.
Debouncing mechanism will prevent this phenomenon
Marcin Wojtas [Wed, 4 Apr 2018 12:54:18 +0000 (12:54 +0000)]
Change reg in Marvell Armada38X pcie FDT
Ranges in pcie-controller are unused, so could be changed to match Linux
device tree represntation. Same with interrupt-cells and interrupt-parent.
In PCI controller driver ocd_data are used for matching driver and
choose proper resources acquisition function.
fdt_win_process_child have new argument which provide information
about fdt node containing addresses of MMIO registers.
Marcin Wojtas [Wed, 4 Apr 2018 12:47:41 +0000 (12:47 +0000)]
Add api for creating resource list based on 'assigned-addresses'
According to device tree binding 'assigned-addresses' can refer to PCIE MMIO
register space. New function ofw_bus_assigned_addresses_to_rl is
provided to support it.
Marcin Wojtas [Wed, 4 Apr 2018 12:41:42 +0000 (12:41 +0000)]
Match Marvell Armada38X PCI compatible with Linux
In Linux FDT pcie does not have compatible string.
Configuration of windows in mv_common was based on fdt compatible.
Now pcie windows are configured by their parent: pcie_controller.
Processing is moved to fdt_win_process_child. fdt_win_process now
only walk through the tree. SOC_NODE_PCI is position of pcie function in
soc_node_spec array.
PCIe probe cannot use ofw_bus_search_compatible, because it needs to
check also device type and parents compatible.
Marcin Wojtas [Wed, 4 Apr 2018 12:36:55 +0000 (12:36 +0000)]
Add support of PCI_RES_BUS to Marvell PCI driver
GENERIC ARM config use NEW_PCIB driver (https://wiki.freebsd.org/NEW_PCIB).
To satisfy it, allocation and deallocation of PCI_RES_BUS is necessary.
Conditional compilation is added for backward compatibility with ARMv5
configs.
Marcin Wojtas [Wed, 4 Apr 2018 12:30:52 +0000 (12:30 +0000)]
Make Marvell armv7 timer and wdt registers definitions common
Define timers registers for both SoCs and choose proper one during runtime
based on information from FDT.
In WDT driver there are different function for ArmadaXP and other ARMv5 SoCs.
In timer driver registers definitions are stored in resource_spec structure
and chosen during runtime.
Marcin Wojtas [Wed, 4 Apr 2018 08:40:49 +0000 (08:40 +0000)]
Use PLATFORM for initializing Marvell ArmadaXP and Armada38X
Spliting armv5 and armv7 machdep is necessary for adding Armada38X and
ArmadaXP to GENERIC config.
PLATFORM framework checks SOC type in FDT and will select proper
initialization function implementation during runtime.
Pointers to SoC specific implementation are stored in array of
platform_method_t and provided to framework by FDT_PLATFORM_DEF macro.
PLATFORM framework supports also reset function. To simplify implementation
cpu_reset is moved from mv_common to armv5 and armv7 machdep.
Armada38X and ArmadaXP share now common list of files, so resolve all
dependencies as well.
bootloaders such as u-boot might enable regulators, or simply regulators could
be enabled by default by the PMIC, even if we don't have a driver for
the device or subsystem.
Disable unused regulators just before going to userland.
A tunable hw.regulator.disable_unused is added to not disable them in case
this causes problems on some board but the default behavior is to disable
everything unused.
I prefer to break thinks now and fix them rather than never switch to the
case were we disable regulators.
Tested on : Pine64-LTS (an idle board goes from ~0.33A to ~0.27A)
Tested on : BananaPi M2
Differential Revision: https://reviews.freebsd.org/D14781
Gordon Tetlow [Wed, 4 Apr 2018 05:21:46 +0000 (05:21 +0000)]
Limit glyph count in vtfont_load to avoid integer overflow.
Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize. Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.
Submitted by: emaste
Reported by: Dr. Silvio Cesare of InfoSect
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
TLB1 can handle ranges up to 4GB (through e5500, larger in e6500), but
ilog2() took a unsigned int, which maxes out at 4GB-1, but truncates
silently. Increase the input range to the largest supported, at least for
64-bit targets. This lets the DMAP be completely mapped, instead of only
1GB blocks with it assuming being fully mapped.
These have been found to be practically useless. We were actually
following the Android bionic library and had some interest in replicating
the same warnings and behaviour but Android has since removed them.
We are still keeping some uses of nullability attributes in other headers,
somewhat in line with Apple's libc.
Marcin Wojtas [Tue, 3 Apr 2018 23:49:35 +0000 (23:49 +0000)]
Fix kernel modules names for Marvell armv7
Two modules with the same name cannot be loaded, so Marvell specific drivers
cannot have the same name as the generic drivers.
Files with the same name, even in different folders overlaps their .o files,
so in order to prepare for supporting Marvell platforms in GENERIC armv7
config, modify conflicting names.
Marcin Wojtas [Tue, 3 Apr 2018 23:29:34 +0000 (23:29 +0000)]
Split out delay code in Marvell timer driver for PLATFORM
The PLATFORM code will perform the software loop in the early boot,
so extract the actual delay code to handle situation, when
the timers are already initialized.
Marcin Wojtas [Tue, 3 Apr 2018 22:21:12 +0000 (22:21 +0000)]
Make Marvell AmadaXP timer driver more generic
Store pointers to SoC specific functions in mv_timer_config structure
and determine proper config in runtime based on compatible string from FDT.
Compatible string for ArmadaXP timers is changed to match Linux FDT.
Armada 38x uses generic Cortex-A9 timer and separate watchdog drivers, so
it does not need to be supported by timer driver.
Marcin Wojtas [Tue, 3 Apr 2018 22:15:53 +0000 (22:15 +0000)]
Make Marvell Armada watchdog driver more generic
Store platform dependent functions and constants in mv_wdt_config
structure and select proper configuration on runtime based on
compatible string provided in FDT.
Marvell Armada38X and ArmadaXP non-repetitive registers are moved to
generic part of code.
To support armv5 as well, use proper compatible string:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/watchdog/orion_wdt.c?h=v4.13-rc3#n456
Marcin Wojtas [Tue, 3 Apr 2018 22:10:50 +0000 (22:10 +0000)]
Make get_tclk and get_cpu_freq generic for Marvell armv7 SoCs
In GENERIC kernel choosing proper get_tclk and get_cpu_freq implementation must
be done in runtime. Kernel for both SoC need to have implementation of each
other functions, so common file list mv/files.arm7 is added.
Marvell armv5 SoC have their own non-generic implementation of those function.
Marcin Wojtas [Tue, 3 Apr 2018 21:54:36 +0000 (21:54 +0000)]
Make mv_common.c generic for Marvell Armada38X and ArmadaXP
Preparation for adding Armada38X and ArmadaXP SoC to GENERIC config.
Supported platform are listed in soc_family enum.
struct decode_win_spec contains platform specific functions and constants.
Function mv_check_soc_family checks SoC type and chooses proper structure
in runtime, as well as platform-dependent functions.
Unnecessary dummy functions are removed.
Because of changing registers name to more generic new definition of
FDT_DEVMAP_MAX in mv_machdep is added.
Marcin Wojtas [Tue, 3 Apr 2018 21:38:11 +0000 (21:38 +0000)]
Split get_sar_value function for Marvell ArmadaXP and Armada38X
get_sar_value is implemented only for ArmadaXP and Armada38X. Splitting it for
two different functions and change registers names result in more generic code.
Marcin Wojtas [Tue, 3 Apr 2018 21:25:15 +0000 (21:25 +0000)]
Make Marvell mv_pci.c driver generic
PCI ports differ between Marvell SoCs, but have the same compatible in FDT.
Identification is made based on parent compatible during attach.
For ArmadaXP skipping enable procedure is necessary. To achieve it
sc_skip_enable_procedure flag is used.
For Armada38x find root procedure is necessary. For other SoCs root link is
always at slot 0. sc_enable_find_root_slot flag is used to select proper
behaviour.
Marvell armv5 platforms does not support msi.
Marcin Wojtas [Tue, 3 Apr 2018 21:17:19 +0000 (21:17 +0000)]
Enable ArmadaXP using INTRNG interrupt controller
Defining INTRNG remove some necessary registers and declarations of
pic_init_secondary, pic_ipi_send, pic_ipi_read and pic_ipi_clear.
Because Marvell ArmadaXP and Armada38X always use INTRNG, include all
INTRNG code and remove code that does not use it.
Separate pic registers declarations for Armada38X are unnecessary, it
works properly with ArmadaXP config.
Alexander Motin [Tue, 3 Apr 2018 21:16:41 +0000 (21:16 +0000)]
9434 Speculative prefetch is blocked by device removal code.
Device removal code does not set spa_indirect_vdevs_loaded for pools
that never experienced device removal. At least one visual consequence
of it is completely blocked speculative prefetcher. This patch sets
the variable in such situations.
Add the etdump utility for dumping El Torito boot catalog information.
This can be used to check existing images but will be used in the future to
find EFI ESP images placed in El Torito catalogs so they can be used for
hybrid boot purposes.
fix i386 build with CPU_ELAN (LINT for instance) after r331878
x86/cpu_machdep.c now needs to include elan_mmcr.h when CPU_ELAN is set.
While here, also remove the now unneeded inclusion of isareg.h in i386
and amd64 vm_machdep.c.
Reported by: lwhsu
MFC after: 14 days
X-MFC with: r331878
r330675 introduced an extra window check in the LRO code to ensure it
captured and reported the highest window advertisement with the same
SEQ/ACK. However, the window comparison uses modulo 2**16 math, rather
than directly comparing the absolute values. Because windows use
absolute values and not modulo 2**16 math (i.e. they don't wrap), we
need to compare the absolute values.
Reviewed by: gallatin
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D14937
Andrew Turner [Tue, 3 Apr 2018 11:01:50 +0000 (11:01 +0000)]
Switch users of fdt_is_enabled to use ofw_bus_node_status_okay. These are
equivalent, so to prepare to remove the former move users to call the
latter.
fix signatures of cpu_reset_real and cpu_reset_proxy, broken in r331878
When I moved these functions from i386 and amd64 to x86 I dropped their
prototype declarations (that were correct) and left only their definitions
that became incorrect.
Reported by: bde
MFC after: 15 days
X-MFC with: r331878
Fix accidental USB port resets by GPIO on Zynq/Zedboard boards
The Zynq/Zedboard GPIO driver attempts to tri-state all GPIO pins on
boot up but the order in which I reset the hardware can cause the pins
to be briefly held low before being tri-stated. This is a problem on
boards that use GPIO pins to reset devices.
In particular, the Zybo and ZC-706 boards use a GPIO pin as a USB PHY
reset. If U-boot enables the USB port before booting the kernel, the
GPIO driver attach causes a glitch on the USB PHY reset and the USB
port loses power. My fix is to have the GPIO driver leave the pins in
whatever configuration U-boot placed them.
Default loader.conf: Drop efi_max_resolution to 1x1
Effectively disabling the mode changing bits in the loader. No matter which
way we go with it, it seems to be wrong- either the firmware doesn't change
the resolution and reports the resolution we requested, or the firmware
changes the resolution and doesn't report the resolution we requested. It
some cases, it does the right thing, but the bad cases outweight those.
Interested individuals can still set efi_max_resolution to 1080p or whatnot
in loader.conf(5) to restore the new behavior, but the new behavior does not
work out well for many cases.
cxgbe: Implement tcp_info handler for connections handled by t4_tom.
The TCB is read using a memory window right now. A better alternate to
get self-consistent, uncached information would be to use a GET_TCB
request but waiting for a reply from hw while holding non-sleepable
locks is quite inconvenient.
Import CK as of commit b19ed4c6a56ec93215ab567ba18ba61bf1cfbac8
It should fix ck_pr_[load|store]_ptr on mips and riscv, make sure no
*fence instructions are used on i386, as older cpus don't support it, and
make sure we don't rely on gcc builtins that can lead to calls to
libatomic when linked with -O0.
Import CK as of commit b19ed4c6a56ec93215ab567ba18ba61bf1cfbac8
It should fix ck_pr_[load|store]_ptr on mips and riscv, make sure no
*fence instructions are used on i386, as older cpus don't support it, and
make sure we don't rely on gcc builtins that can lead to calls to
libatomic when linked with -O0.
Mark Johnston [Mon, 2 Apr 2018 15:07:41 +0000 (15:07 +0000)]
Ensure the background laundering threshold is positive after a scan.
The division added in r331732 meant that we wouldn't attempt a
background laundering until at least v_free_target - v_free_min clean
pages had been freed by the page daemon since the last laundering. If
the inactive queue is depleted but not completely empty (e.g., because
it contains busy pages), it can thus take a long time to meet this
threshold. Restore the pre-r331732 behaviour of using a non-zero
background laundering threshold if at least one inactive queue scan has
elapsed since the last attempt at background laundering.
unify amd64 and i386 cpu_reset() in x86/cpu_machdep.c
Because I didn't see any reason not too.
I've been making some changes to the code and couldn't help but notice
that the i386 and am64 code was nearly identical.
x86 cpu_reset: if failed to switch to BSP proceed to cpu_reset_real
If cpu_reset() is called on an AP and if it somehow fails to wake the
BSP, then it's better to attempt the reset on the AP than just sit there
spinning on an unusable and undebuggable system.
x86 cpu_reset_proxy: no need to stop_cpus() the original processor
The processor is "parked" in a spin-loop already and that's sufficient
for the reset. There is nothing that stop_cpus() would add here, only
extra complexity and fragility.
The original processor does not need to enable interrupts now, in fact,
it must not do that.
In uma_startup_count() handle special case when zone will fit into
single slab, but with alignment adjustment it won't. Again, when
there is only one item in a slab alignment can be ignored. See
previous revision of this file for more info.
Handle a special case when a slab can fit only one allocation,
and zone has a large alignment. With alignment taken into
account uk_rsize will be greater than space in a slab. However,
since we have only one item per slab, it is always naturally
aligned.
Code that will panic before this change with 4k page:
Ian Lepore [Sun, 1 Apr 2018 18:53:27 +0000 (18:53 +0000)]
Fix the build on arches with default unsigned char. Capture the fubyte()
return value in an int as well as the char, and test the full int value
for fubyte() failure.
Jeff Roberson [Sun, 1 Apr 2018 04:50:05 +0000 (04:50 +0000)]
Add a uma cache of free pages in the DEFAULT freepool. This gives us
per-cpu alloc and free of pages. The cache is filled with as few trips
to the phys allocator as possible by the use of a new
vm_phys_alloc_npages() function which allocates as many as N pages.
This code was originally by markj with the import function rewritten by
me.
This commit splits all of the logodefs/graphics out into their own own files
and provides a method for these files to register their logodefs with the
drawer. Graphics are now loaded on demand if they don't exist in the current
set of logodefs.
The drawer module becomes a little easier to navigate through without all of
the graphics mixed in. It's also easy to do one-off graphics like the
9.2 Die Hard tribute by dteske@ without adding even more to our memory
requirements.
- No need for a 'goto' when our entire loop body is then wrapped in a
conditional.
- No need to leave commented out prints laying around
- If an expression is clearly going to be either nil or an expression that
isn't likely to be a boolean, we might as well use `or` to specify a
default value for the expression. e.g. `loader.getenv(...) or "no"`
Kyle Evans [Sat, 31 Mar 2018 23:49:00 +0000 (23:49 +0000)]
lualoader: Don't assume that {module}_load is set
The previous iteration of this assumed that {module}_load was set. In the
old world order of default loader.conf(5), this was probably a safe
assumption given that we had almost every module explicitly not-loaded in
it.
In the new world order, this is no longer the case, so one could delete a
_load line inadvertently while leaving a _name, _type, _flags, _before,
_after, or _error. This would have caused a confusing Lua error and borked
module loading.