se [Wed, 23 Jan 2019 10:05:27 +0000 (10:05 +0000)]
Silence Clang Scan warning about use of unitialized variable.
While the warning is a false positive, it is possible to clarify the code by
always initializing the variable. This does also allow to make the sending
of the "beep" control sequence depend on the validity of its parameters.
I have left the redundant assignment of 0 to the now initialized variables
in place since this makes the code simpler to understand and does not add
any run-time overhead (the compiler completely removes the "else if" test
and the assignments).
There was an embedded literal escape character in a string, which messes up
diplaying the source code on a terminal that interprets ANSI sequences. The
literal escape has been replaced by \e (non-standard, but supported by all
relevant compilers, and already used in other source files in base).
gonzo [Wed, 23 Jan 2019 02:46:35 +0000 (02:46 +0000)]
Fix systat's :only command parser for the multiple arguments case
According to systat(1) :only option is supposed to accept multiple drives
but the parser for its arguments stops after first entry. Fix the parser
logic to accept multiple drives.
PR: 59220
Reported by: Andy Farkas <andyf@speednet.com.au>
MFC after: 1 week
Previously, we directly used libzfs_core's lzc_receive to import to a
temporary snapshot, then cloned the snapshot and setup the properties. This
failed when attempting to import replication streams with questionable
error.
libzfs's zfs_receive is a much better fit here, so we now use it instead
with the destination dataset and let libzfs take care of the dirty details.
be_import is greatly simplified as a result.
Reported by: Marie Helene Kvello-Aune <freebsd@mhka.no>
MFC after: 1 week
se [Tue, 22 Jan 2019 13:11:15 +0000 (13:11 +0000)]
Silence a CI warning regarding the use of strcpy().
While this is a false positive (a sufficiently large buffer has been
allocated in the line above), the use of strdup() simplifies and clarifies
the code.
gonzo [Tue, 22 Jan 2019 03:53:42 +0000 (03:53 +0000)]
[ndis] Fix unregistered use of FPU by NDIS in kernel on amd64
amd64 miniport drivers are allowed to use FPU which triggers "Unregistered use
of FPU in kernel" panic.
Wrap all variants of MSCALL with fpu_kern_enter/fpu_kern_leave. To reduce
amount of allocations/deallocations done via
fpu_kern_alloc_ctx/fpu_kern_free_ctx maintain cache of fpu_kern_ctx elements.
kp [Tue, 22 Jan 2019 02:13:33 +0000 (02:13 +0000)]
pf: Validate psn_len in DIOCGETSRCNODES
psn_len is controlled by user space, but we allocated memory based on it.
Check how much memory we might need at most (i.e. how many source nodes we
have) and limit the allocation to that.
pkelsey [Tue, 22 Jan 2019 00:50:24 +0000 (00:50 +0000)]
Reduce pf.conf parsing cost for configs that define N queues from O(N^2) to O(N)
The number of syscalls made during parsing of any config that
defines tables is also reduced, and incorrect warnings that HFSC
parent queue bandwidths were smaller than the sum of their child
bandwidths have been fixed.
markj [Mon, 21 Jan 2019 19:38:53 +0000 (19:38 +0000)]
Optimize RISC-V copyin(9)/copyout(9) routines.
The existing copyin(9) and copyout(9) routines on RISC-V perform only a
simple byte-by-byte copy. Improve their performance by performing
word-sized copies where possible.
np [Mon, 21 Jan 2019 18:42:16 +0000 (18:42 +0000)]
cxgbe(4): Allow negative values in hw.cxgbe.fw_install and take them to
mean that the driver should taste the firmware in the KLD and use that
firmware's version for all its fw_install checks.
The driver gets firmware version information from compiled-in values by
default and this change allows custom (or older/newer) firmware modules
to be used with the stock driver.
emaste [Mon, 21 Jan 2019 17:12:16 +0000 (17:12 +0000)]
linuxulator: fix stack memory disclosure in linux_sigaltstack
Most siginfo_to_lsiginfo callers already zeroed the l_siginfo_t before
callit it, but linux_waitid did not. Instead of zeroing in the called
function to address linux_waitid (as in commit 2e6ebe70), just do it in
linux_waitid.
admbugs: 765
Reported by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
Reviewed by: Andrew
MFC after: 1 day
Security: Kernel stack memory disclosure
Sponsored by: The FreeBSD Foundation
kevans [Mon, 21 Jan 2019 14:35:36 +0000 (14:35 +0000)]
awg: fix soft reset failure with no link
U-Boot will leave the ephy reset de-asserted and the MAC soft reset will
fail on these boards with internal PHY and no link established. Toggle reset
again before proceeding to attach/init.
avos [Mon, 21 Jan 2019 04:50:56 +0000 (04:50 +0000)]
Fix duplicate wpa_supplicant(8) / hostapd(8) startup with devd(8)
Do not invoke 'wlan_up' function from devd(8) on interface
creation event (an example to create such event:
'ifconfig wlan0 create wlandev rtwn0');
they're typically produced during 'service netif (re)start'
and result in duplicate interface initialization.
From the user side if WPA option is used, this result in messages like:
- /etc/rc.d/wpa_supplicant: WARNING: failed to start wpa_supplicant
or
- wpa_supplicant already running? (pid=xxxx).
(for HOSTAP interfaces this race may result in startup failure).
As a side effect, wpa_supplicant(8) / hostapd(8) will not be
invoked when new wlan(4) interface is created manually and
corresponding configuration for it is present in rc.conf(5).
This change does not affect device attach / removal events.
avos [Mon, 21 Jan 2019 00:53:38 +0000 (00:53 +0000)]
urtw(4): add length checks in Rx path.
- Check if buffer can contain Rx descriptor before accessing it.
- Verify upper / lower bounds for frame length.
- Do not pass too short frames into ieee80211_find_rxnode().
While here:
- Move cleanup to the function end.
- Reuse IEEE80211_IS_DATA() macro.
avos [Mon, 21 Jan 2019 00:03:35 +0000 (00:03 +0000)]
run(4): add more length checks in Rx path.
- Discard frames that are bigger than MCLBYTES (to prevent buffer overrun).
- Check buffer length before accessing its contents.
- Fix len <-> dmalen check - the last includes Rx Wireless information
structure size.
- Fix out-of-bounds read during Rx node search for ACK / CTS frames
(monitor mode only).
While here:
- Mark few suspicious places with comments.
- Move common cleanup to the function end.
np [Sun, 20 Jan 2019 23:30:16 +0000 (23:30 +0000)]
cxgbe(4): Clear the reply-pending status of a hashfilter when the reply
indicates an error. Also, do not remove it twice from the hf list in
this case.
trasz [Sun, 20 Jan 2019 22:08:49 +0000 (22:08 +0000)]
Don't mess with BLOCKSIZE in shell startup files - it's set by login.conf(5);
there's no need to even mention it in shell rc files. Not that it's wrong;
just pointless and somewhat misleading.
jilles [Sun, 20 Jan 2019 14:25:25 +0000 (14:25 +0000)]
sh: Send libedit "ferr" output to fd 2
The libedit "fout" output must be sent to fd 2 since it contains prompts
that POSIX says must be sent to fd 2. However, the libedit "ferr" output
receives error messages such as from "bind" that make no sense to send to fd
1.
avos [Sun, 20 Jan 2019 13:39:18 +0000 (13:39 +0000)]
net80211: resolve ioctl <-> detach race for ieee80211com structure
Since r287197 ieee80211com is a part of drivers softc; as a result,
after detach all pointers to it (iv_ic, ni_ic) are invalid. Most
possible users (tasks, interrupt handlers) are blocked / removed
when device is stopped; however, ioctl handlers were not tracked
and may crash if ieee80211com structure is accessed.
Since ieee80211com pointer access from ieee80211vap structure is not
protected by lock (constant after interface creation) and used in
many other places just use reference counting for ioctl handlers;
on detach set 'detached' flag and wait until reference counter goes to 0.
For HEAD ieee80211vap size was changed (__FreeBSD_version bumped);
however, in stable branches I'm going to split / reuse the last
iv_spare field for KBI stability.
tsoome [Sat, 19 Jan 2019 20:45:41 +0000 (20:45 +0000)]
ixgbe: this statement may fall through warnings with gcc
The recent gcc versions (7 and 8 at least) can check for switch case
statements for fall through (implicit-fallthrough). When fall through
is intentional, the default method for warning suppression is to place
comment /* FALLTHROUGH */ exactly before next case statement.
avos [Sat, 19 Jan 2019 16:04:26 +0000 (16:04 +0000)]
net80211: drop m_pullup call from ieee80211_crypto_decap.
For most wireless drivers Rx mbuf is allocated as one
contiguous chunk; only few are using chains for allocations -
but even then at least MCLBYTES (minus Rx descriptor size) is
available in the first mbuf.
In addition to the above, m_pullup was never called here - otherwise,
reallocation will break post-crypto_decap logic (ieee80211_decap,
ieee80211_deliver_data...), so just remove it; length check is left
in case if some truncated frame appears here.
jhibbits [Sat, 19 Jan 2019 05:20:31 +0000 (05:20 +0000)]
dpaa: fix 32-bit build
Book-E powerpc uses 64-bit vm_paddr_t, and 32-bit powerpc has 32-bit pointers,
so gcc errors with cast to pointer from integer of different size. As this will
not actually be used in reality anyway, simply quiet the warning by casting
through uintptr_t.
jhibbits [Sat, 19 Jan 2019 04:54:12 +0000 (04:54 +0000)]
powerpc/dpaa: Handle DMAP virtual addresses in DPAA
sendfile(2) appears to now use DMAP wherever possible. These addresses are not
managed by pmap, so pmap_kextract() returns a 0 physical address, causing
failure.
jhibbits [Sat, 19 Jan 2019 04:47:19 +0000 (04:47 +0000)]
powerpc: Fix opaque irq data initialization
The powerpc_intr structure is not zero-initialized, so on an invariants
build would panic in the xics driver with an invalid pointer. Also fix the
xics driver to share the private data setup code between xics_enable() and
xics_bind().
cem [Fri, 18 Jan 2019 23:54:51 +0000 (23:54 +0000)]
vmm(4): Mask Spectre feature bits on AMD hosts
For parity with Intel hosts, which already mask out the CPUID feature
bits that indicate the presence of the SPEC_CTRL MSR, do the same on
AMD.
Eventually we may want to have a better support story for guests, but
for now, limit the damage of incorrectly indicating an MSR we do not yet
support.
Eventually, we may want a generic CPUID override system for
administrators, or for minimum supported feature set in heterogenous
environments with failover. That is a much larger scope effort than
this bug fix.
jhibbits [Fri, 18 Jan 2019 23:26:31 +0000 (23:26 +0000)]
Fix top(1) long options handling
getopt_long(3) requires the long options be terminated by a NULL block.
Without the terminator, an invalid long option results in a segmentation
fault.
wulf [Fri, 18 Jan 2019 22:20:29 +0000 (22:20 +0000)]
psm(4): detect Lenovo top-button clickpads
libinput has special handling for Lenovo ThinkPad *40 series, where it
treats clicks on the top button area as if they came from the TrackPoint:
https://wayland.freedesktop.org/libinput/doc/latest/t440-support.html
Detect these devices and set the corresponding evdev property.
brooks [Fri, 18 Jan 2019 21:46:38 +0000 (21:46 +0000)]
Make SIFTR work again after r342125 (D18443).
Correct a logic error.
Only disable when already enabled or enable when disabled.
Submitted by: Richard Scheffenegger
Reviewed by: Cheng Cui
Obtained from: Cheng Cui
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D18885
dim [Fri, 18 Jan 2019 20:35:24 +0000 (20:35 +0000)]
Remove leading slash from OLD_DIRS assignment in ObsoleteFiles.inc. The
"make delete-old" mechanism will already take care of such prefixes, and
this prevents a double leading slash from being displayed.
kib [Fri, 18 Jan 2019 13:43:11 +0000 (13:43 +0000)]
i386/PAE busdma: allow more bounce pages.
If i386 has more than 4G of memory, allow the same number of busdma
bounce pages as for amd64. In fact, in this case bouncing sometimes
is much heavier than on amd64.
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D18854
kib [Fri, 18 Jan 2019 13:38:56 +0000 (13:38 +0000)]
x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.
Right now bus_addr_t and vm_paddr_t are always aliased to the same
underlying integer type on x86, which makes the interchange hard to
detect. Shortly, i386 kernel would use uint64_t for vm_paddr_t to
enable automatic use of PAE paging structures if hardware allows it,
while bus_addr_t would be extended to 64bit only when PAE option is
specified.
Fix all places that were identified as using bus_addr_t while page
address was assumed. This was performed by testing the complete PAE
merging patch on machine with > 4G of RAM enabled.
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D18854
kib [Fri, 18 Jan 2019 13:35:06 +0000 (13:35 +0000)]
MI VM: Make it possible to set size of superpage at boot instead of compile time.
In order to allow single kernel to use PAE pagetables on i386 if
hardware supports it, and fall back to classic two-level paging
structures if not, superpage code should be able to adopt to either 2M
or 4M superpages size. There I make MI VM structures large enough to
track the biggest possible superpage, by allowing architecture to
define VM_NFREEORDER_MAX and VM_LEVEL_0_ORDER_MAX constants.
Corresponding VM_NFREEORDER and VM_LEVEL_0_ORDER symbols can be
defined as runtime values and must be less than the _MAX constants.
If architecture does not define _MAXs, it is assumed that _MAX ==
normal constant.
Reviewed by: markj
Tested by: pho (as part of the larger patch)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D18853
kib [Fri, 18 Jan 2019 10:45:27 +0000 (10:45 +0000)]
nvdimm: add a driver for the NVDIMM root device
The NVDIMM root device is parent to the individual ACPI NVDIMM
devices. Add a driver for the NVDIMM root device that can own
enumeration of NVDIMM devices as well as NVDIMM SPA ranges that the
system has.
Submitted by: D Scott Phillips <d.scott.phillips@intel.com>
Sponsored by: Intel Corporation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D18346
cem [Thu, 17 Jan 2019 23:21:02 +0000 (23:21 +0000)]
ioat(4): Set __result_use_check on ioat_acquire_reserve
Even M_WAITOK callers must check for failure. For example, if the device is
quiescing, either due to automatic error-recovery induced reset, or due to
administrative detach, the routine will return ENXIO and the acquire
reference will not be held. So, there is no mode in which it is safe to
assume the routine succeeds without checking.
cem [Thu, 17 Jan 2019 19:44:47 +0000 (19:44 +0000)]
Add definitions for AMD Spectre/Meltdown CPUID information
No functional change, aside from printing recognized bits in CPU
identification.
The bits are documented in 111006-B "Indirect Branch Control Extension"[1] and
124441 "Speculative Store Bypass Disable."[2]
Notably missing (left as future work):
* Integration with hw.spec_store_bypass_disable and hw_ssb_active flag,
which are currently Intel-specific
* Integration with hw_ibrs_active global flag, which are currently
Intel-specific
* SSB_NO integration in hw_ssb_recalculate()
* Bhyve integration (PR 235010)
kevans [Thu, 17 Jan 2019 18:51:56 +0000 (18:51 +0000)]
Revert r343095
This was intended to fix the soft reset timeout on boot for OrangePi One/R1
with internal PHY, but seems to cause other problems later on due to soft
resetting around some state changes that may or may not make the NIC
non-functional.
Reverting this for now while a better solution is sought out.
eugen [Thu, 17 Jan 2019 18:07:59 +0000 (18:07 +0000)]
Re-add new small tool trim(8) to delete contents for blocks
on devices using wear-leveling algorithms as a few weeks passed
after review and discussion of trim(8) ceased and
we still have no utility to perform the job.
markj [Thu, 17 Jan 2019 17:36:18 +0000 (17:36 +0000)]
Fix handling of rights on stdio streams.
- Limit rights on stdio before opening input files. Otherwise, open()
may return one of the standard descriptors and we end up limiting
rights such that we cannot read from one of the input files.
- Use caph_limit_stdio(), which suppresses EBADF, to ensure that
we don't emit an error if one of the stdio streams is closed.
- Don't bother further limiting rights on stdin when stdin isn't going
to be used. Doing so correctly requires checking for a number of
edge cases, and it doesn't provide any significant benefit.
PR: 234885
Reviewed by: oshogbo
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18860
eugen [Thu, 17 Jan 2019 14:09:55 +0000 (14:09 +0000)]
jail(8): stop crashing with SIGSEGV inside run_command() function
while processing not entirely correct jail.conf(5) file
having something like "ip4.addr = 127.0.0.1;" and no "ip4 = ...;"
so extrap variable stays NULL.
mckusick [Thu, 17 Jan 2019 06:35:45 +0000 (06:35 +0000)]
Create new EINTEGRITY error with message "Integrity check failed".
An integrity check such as a check-hash or a cross-correlation failed.
The integrity error falls between EINVAL that identifies errors in
parameters to a system call and EIO that identifies errors with the
underlying storage media. EINTEGRITY is typically raised by intermediate
kernel layers such as a filesystem or an in-kernel GEOM subsystem when
they detect inconsistencies. Uses include allowing the mount(8) command
to return a different exit value to automate the running of fsck(8)
during a system boot.
These changes make no use of the new error, they just add it. Later
commits will be made for the use of the new error number and it will
be added to additional manual pages as appropriate.
gonzo [Thu, 17 Jan 2019 06:34:39 +0000 (06:34 +0000)]
Fix conditional obsolete files entry for WITHOUT_EXAMPLES
Add all the files under /usr/share/examples to the MK_EXAMPLES
section. OLD_DIRS entries are not removed if they're not empty so
prior to this change WITHOUT_EXAMPLES didn't have significant effect
on the updated system.
gonzo [Thu, 17 Jan 2019 06:22:14 +0000 (06:22 +0000)]
Add optional obsolete files for the installworld without sendmail
Add two more entries for WITHOUT_SENDMAIL install. The /var/spool/clientmqueue
entry would be deleted only if there are no files/dirs in it, so the
content generated during previous lifecycle of the system is safe
jilles [Wed, 16 Jan 2019 21:59:18 +0000 (21:59 +0000)]
libedit: Avoid out of bounds read in 'bind' command
This is CVS revision 1.31 from NetBSD lib/libedit/chartype.c:
Make sure that argv is NULL terminated since functions like tty_stty rely
on it to be so (Gerry Swinslow)
This broke when the wide-character support was enabled in libedit. The
conversion from multibyte to wide-character did not supply the apparently
expected terminating NULL in the new argv array.
gonzo [Wed, 16 Jan 2019 21:13:50 +0000 (21:13 +0000)]
[mv] Fix invalid condition in fdt_fixup_ranges
Add parentheses to perform assignment before comparison. The prior
condition worked because fdt_parent_addr_cells returns 1 for the DTB
on which fdt_fixup_ranges is called and accidentally par_addr_cells
ends up to be set to the same value.