Mark Johnston [Thu, 30 Jun 2022 18:27:07 +0000 (14:27 -0400)]
eventtimer: Fix several races in the timer reload code
In handleevents(), lock the timer state before fetching the time for the
next event. A concurrent callout_cc_add() call might be changing the
next event time, and the race can cause handleevents() to program an
out-of-date time, causing the callout to run later (by an unbounded
period, up to the idle hardclock period of 1s) than requested.
In cpu_idleclock(), call getnextcpuevent() with the timer state mutex
held, for similar reasons. In particular, cpu_idleclock() runs with
interrupts enabled, so an untimely timer interrupt can result in a stale
next event time being programmed. Further, an interrupt can cause
cpu_idleclock() to use a stale value for "now".
In cpu_activeclock(), disable interrupts before loading "now", so as to
avoid going backwards in time when calling handleevents(). It's ok to
leave interrupts enabled when checking "state->idle", since the race at
worst will cause handleevents() to be called unnecessarily. But use an
atomic load to indicate that the test is racy.
PR: 264867
Reviewed by: mav, jhb, kib
Sponsored by: The FreeBSD Foundation
Mark Johnston [Mon, 11 Jul 2022 19:27:54 +0000 (15:27 -0400)]
vm_fault: Fix some nits in vm_fault_copy_entry()
- Correct the description (vm_fault_copy_entry() does not create a
shadow object).
- Move some initialization and assertions out of the scope of the object
locks, when doing so makes sense.
- Merge a pair of conditional blocks.
- Use __unused when appropriate.
No functional change intended.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
Mark Johnston [Mon, 11 Jul 2022 19:45:36 +0000 (15:45 -0400)]
uma: Use a taskqueue to execute uma_timeout()
uma_timeout() has several responsibilities; it visits every UMA zone and
as of recently will drain underutilized caches, so is rather expensive
(>1ms in some cases). Currently it is executed by softclock threads
and so will preempt most other CPU activity. None of this work requires
a high scheduling priority, though, so defer it to a taskqueue so as to
avoid stalling higher-priority work.
Reviewed by: rlibby, alc, mav, kib
Sponsored by: The FreeBSD Foundation
Rick Macklem [Fri, 8 Jul 2022 23:58:06 +0000 (16:58 -0700)]
nfscl: Add a cred argument to nfscl_reqstart()
To deal with broken session slots caused by the use of the
"soft" and/or "intr" mount options, nfsv4_sequencelookup()
will be modified to track the potentially broken session
slots. Then, when all session slots are potentially
broken, do a DeleteSession operation, so that the NFSv4
server will reply NFSERR_BADSESSION to uses of the session.
These changes will be done in future commits. However,
to do the DeleteSession RPC, a "cred" argument is needed
for nfscl_reqstart(). This patch adds this argument,
which is unused at this time. If the argument is NULL,
it indicates that DeleteSession should not be done
(usually because the RPC does not use sessions).
Alan Somers [Fri, 10 Jun 2022 22:44:59 +0000 (16:44 -0600)]
ses: don't panic if disk elements have really weird descriptors
SES allows element descriptors to contain characters like spaces and
quotes that devfs does not allow to appear in device aliases. Since SES
element descriptors are outside of the kernel's control, we should
gracefully handle a failure to create a device physical path alias.
Alan Somers [Thu, 26 May 2022 22:20:03 +0000 (16:20 -0600)]
bsdinstall: fix prepopulating the ZFS disk menu with ZFSBOOT_DISKS
If the ZFSBOOT_DISKS variable is set to one or more disk names, then
those disks should be preselected in the disk menu. However, the code
wasn't correctly setting the variable, leaving all disks unselected.
Adjust iface_khandler_register() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/netpfil/ipfw/ip_fw_iface.c:128:24: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
iface_khandler_register()
^
void
This is because iface_khandler_register() is declared with a (void)
argument list, but defined with an empty argument list. Make the
definition match the declaration.
With clang 15, the following -Werror warning is produced:
sys/dev/firewire/fwohci.c:2762:23: error: variable 'pcnt' set but not used [-Werror,-Wunused-but-set-variable]
int len, plen, hlen, pcnt, offset;
^
The 'pcnt' variable is eventually used only in an #if 0'd block,
obviously meant for debugging. Ensure that 'pcnt' is only declared and
used when COUNT_PACKETS is defined, so the debugging can be easily
turned on later, if desired.
Adjust ipfw_iface_{init,destroy}() definitions to avoid clang 15 warning
With clang 15, the following -Werror warnings are produced:
sys/netpfil/ipfw/ip_fw_iface.c:206:16: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_iface_init()
^
void
sys/netpfil/ipfw/ip_fw_iface.c:219:19: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_iface_destroy()
^
void
This is because ipfw_iface_init() and ipfw_iface_destroy() are declared
with (void) argument lists, but defined with empty argument lists. Make
the definitions match the declarations.
With clang 15, the following -Werror warning is produced:
sys/net/if_lagg.c:2413:6: error: variable 'active_ports' set but not used [-Werror,-Wunused-but-set-variable]
int active_ports = 0;
^
The 'active_ports' variable appears to have been a debugging aid that
has never been used for anything (ref https://reviews.freebsd.org/D549),
so remove it.
Adjust ipfw_{init,destroy}_*() definitions to avoid clang 15 warning
With clang 15, the following -Werror warnings are produced:
sys/netpfil/ipfw/ip_fw_sockopt.c:187:19: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_init_counters()
^
void
sys/netpfil/ipfw/ip_fw_sockopt.c:196:22: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_destroy_counters()
^
void
sys/netpfil/ipfw/ip_fw_sockopt.c:3241:23: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_init_obj_rewriter()
^
void
sys/netpfil/ipfw/ip_fw_sockopt.c:3249:26: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_destroy_obj_rewriter()
^
void
This is because ipfw_init_counters(), ipfw_destroy_counters(),
ipfw_init_obj_rewriter(), and ipfw_destroy_obj_rewriter() are declared
with (void) argument lists, but defined with empty argument lists. Make
the definitions match the declarations.
Adjust iface_khandler_deregister() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/netpfil/ipfw/ip_fw_iface.c:159:26: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
iface_khandler_deregister()
^
void
This is because iface_khandler_deregister() is declared with a (void)
argument list, but defined with an empty argument list. Make the
definition match the declaration.
Adjust pmc_thread_descriptor_pool_drain() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/dev/hwpmc/hwpmc_mod.c:2462:33: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
pmc_thread_descriptor_pool_drain()
^
void
This is because pmc_thread_descriptor_pool_drain() is declared with a
(void) argument list, but defined with an empty argument list. Make the
definition match the declaration.
Adjust fbt_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/cddl/dev/fbt/fbt.c:1273:11: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
fbt_unload()
^
void
This is because fbt_unload() is declared with a (void) argument list,
but defined with an empty argument list. Make the definition match the
declaration.
Adjust pcm_md_initialize() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/dev/hwpmc/hwpmc_x86.c:245:18: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
pcm_md_initialize()
^
void
This is because pcm_md_initialize() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust ipfw_{init,destroy}_sopt_handler() definitions to avoid clang 15 warning
With clang 15, the following -Werror warning are produced:
sys/netpfil/ipfw/ip_fw_sockopt.c:3477:23: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_init_sopt_handler()
^
void
sys/netpfil/ipfw/ip_fw_sockopt.c:3485:26: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
ipfw_destroy_sopt_handler()
^
void
This is because ipfw_init_sopt_handler() and ipfw_destroy_sopt_handler()
are declared with (void) argument lists, but defined with empty argument
lists. Make the definitions match the declarations.
With clang 15, the following -Werror warnings are produced:
sys/dev/hwpmc/hwpmc_mod.c:4805:6: error: variable 'nfree' set but not used [-Werror,-Wunused-but-set-variable]
int nfree;
^
sys/dev/hwpmc/hwpmc_mod.c:4804:6: error: variable 'ncallchains' set but not used [-Werror,-Wunused-but-set-variable]
int ncallchains;
^
The 'nfree' and 'ncallchains' variables were used in KASSERTs, but these
were removed due to refactoring in d9f1b8dbf29d. Remove the variables
since they no longer serve any purpose.
Adjust tdsaContext_t::NvmdResponseSet declaration to avoid clang 15 warning
With clang 15, the following -Werror warnings are produced:
In file included from sys/dev/pms/freebsd/driver/ini/src/agtiapi.c:70:
sys/dev/pms/RefTisa/tisa/sassata/common/tdsatypes.h:346:13: error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int]
volatile NvmdResponseSet;
~~~~~~~~ ^
int
The NvmdResponseSet member is effectively only used as a boolean in the
pms(4) driver, so it could be a single bit. But to avoid changing the
semantics at all in this unmaintained driver, simply declare it as a
volatile int.
Adjust pcmlog_{initialize,shutdown}() definitions to avoid clang 15 warning
With clang 15, the following -Werror warnings are produced:
sys/dev/hwpmc/hwpmc_logging.c:1228:18: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
pmclog_initialize()
^
void
sys/dev/hwpmc/hwpmc_logging.c:1277:16: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
pmclog_shutdown()
^
void
This is because pcmlog_{initialize,shutdown}() are declared with (void)
argument lists, but defined with empty argument lists. Make the
definitions match the declarations.
Adjust vt_mouse_paste() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/dev/vt/vt_core.c:2129:15: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
vt_mouse_paste()
^
void
This is because vt_mouse_paste() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Rick Macklem [Fri, 8 Jul 2022 14:37:36 +0000 (07:37 -0700)]
nfscl: Fix setting of nfsess_defunct for nfscl_hasexpired()
Commit a7bb120f8b87 added a printf for the case where recovery
has not marked the session defunct by setting nfsess_defunct
to 1. It turns out that nfscl_hasexpired() calls
nfsrpc_setclient() directly, without setting nfsess_defunct.
This patch replaces the printf with code that sets
nfsess_defunct to 1 to handle this case.
If SIGTERM is issued to a process when it is doing I/O on
an "intr" mount, the NFSv4 server may reply NFSERR_BADSTATEID,
due to the Open being prematurely closed.
This can result in a call to nfscl_hasexpired() to do a
recovery.
This would explain at least one hang described in the PR.
Adjust nvd_{load,unload}() definitions to avoid clang 15 warnings
With clang 15, the following -Werror warnings are produced:
sys/dev/nvd/nvd.c:150:9: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
nvd_load()
^
void
sys/dev/nvd/nvd.c:166:11: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
nvd_unload()
^
void
This is because nvd_load() and nvd_unload() are declared with a (void)
argument list, but defined with an empty argument list. Make the
definitions match the declarations.
Fix unused variable warning in acpica's nsaccess.c
With clang 15, the following -Werror warning is produced:
sys/contrib/dev/acpica/components/namespace/nsaccess.c:452:29: error: variable 'NumCarats' set but not used [-Werror,-Wunused-but-set-variable]
UINT32 NumCarats;
^
Here, 'NumCarats' is a variable that is only used when debugging. Since
acpica is contributed code, suppress the warning with a compile flag.
With clang 15, the following -Werror warnings are produced:
sys/dev/mfi/mfi.c:3698:6: error: variable 'timedout' set but not used [-Werror,-Wunused-but-set-variable]
int timedout;
^
sys/dev/mfi/mfi.c:3742:6: error: variable 'timedout' set but not used [-Werror,-Wunused-but-set-variable]
int timedout = 0;
^
Here, 'timedout' are variables that are only used when debugging,
requiring #if 0 statements to be modified. Mark the variables as
potentially unused, to suppress the warnings.
Adjust prototype_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/prototype.c:99:17: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
prototype_unload()
^
void
This is because prototype_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust t4_tracer_mod{load,unload}() definitions to avoid clang 15 warnings
With clang 15, the following -Werror warnings are produced:
sys/dev/cxgbe/t4_tracer.c:234:18: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
t4_tracer_modload()
^
void
sys/dev/cxgbe/t4_tracer.c:243:20: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
t4_tracer_modunload()
^
void
This is because t4_tracer_modload() and t4_tracer_modunload() are
declared with a (void) argument list, but defined with an empty argument
list. Make the definitions match the declarations.
Adjust db_flush_line() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/ddb/db_lex.c:94:14: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
db_flush_line()
^
void
This is because db_flush_line() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust profile_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/profile/profile.c:640:15: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
profile_unload()
^
void
This is because profile_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Remove unnecessary const and volatile qualifiers from __fp_type_select()
Since https://github.com/llvm/llvm-project/commit/ca75ac5f04f2, clang 15
has a new warning about _Generic selection expressions, such as used in
math.h:
lib/libc/gdtoa/_ldtoa.c:82:10: error: due to lvalue conversion of the controlling expression, association of type 'volatile float' will never be selected because it is qualified [-Werror,-Wunreachable-code-generic-assoc]
switch (fpclassify(u.e)) {
^
lib/msun/src/math.h:109:2: note: expanded from macro 'fpclassify'
__fp_type_select(x, __fpclassifyf, __fpclassifyd, __fpclassifyl)
^
lib/msun/src/math.h:85:14: note: expanded from macro '__fp_type_select'
volatile float: f(x), \
^
This is because the controlling expression always undergoes lvalue
conversion first, dropping any cv-qualifiers. The 'const', 'volatile',
and 'volatile const' associations will therefore never be used.
Adjust dtnfsclient_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/fs/nfsclient/nfs_clkdtrace.c:544:19: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtnfsclient_unload()
^
void
This is because dtnfsclient_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust dtrace_getf_barrier() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c:17019:20: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtrace_getf_barrier()
^
void
This is because dtrace_getf_barrier() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust fbd_list() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/dev/fb/fbd.c:205:9: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
fbd_list()
^
void
This is because fbd_list() is declared with a (void) argument list, but
defined with an empty argument list. Make the definition match the
declaration.
Adjust dtmalloc_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/dtmalloc/dtmalloc.c:177:16: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtmalloc_unload()
^
void
This is because dtmalloc_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust dtrace_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
In file included from sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c:18440:
sys/cddl/dev/dtrace/dtrace_unload.c:26:14: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtrace_unload()
^
void
This is because dtrace_unload() is declared with a (void) argument list,
but defined with an empty argument list. Make the definition match the
declaration.
sysctl.conf.5: Document rc.d/sysctl and rc.d/sysctl_lastload
Also, update the BUGS section. The example describes an issue, which is
not true anymore thanks to sysctl_lastload. Point readers to rcorder(8)
instead.
rc.conf.5: Improve documentation of <name>_oomprotect
Apart from improving readability, this commit mentions that
<name>_oomprotect is ignored in a jail environment. Also, replace
${name}_cmd with the correct ${argument}_cmd and point the reader to
rc.subr(8).
rc.conf(5): Add _limits, _login_class, and _oomprotect
Add a few very useful variables that might easily be overlooked, since
they're only documented in rc.subr(8) which might not be the first place
that people look.
At least _oomprotect has existed since 11.0-RELEASE, and doesn't appear
to be very well-known. While the others aren't as new, in my estimation,
a lot more people would use them if they knew about them.
While here, also add a reference to rc.subr(8) and login.conf(5), and
sort the variables alphabetically.
Reported by: Daniel Dettlaff <dmilith at gmail.com>
Reviewed by: ceri, gbe, 0mp, ygy, a.wolk, pauamma
Mike Walker [Thu, 7 Jul 2022 20:28:37 +0000 (22:28 +0200)]
rc.subr: Make sure oomprotect protects existing children
The rc(8) framework support protecting services from OOM killer.
The current implementation applies the protection after the service has
already started. This works fine if only the main process is to be
protected (*_oomprotect=yes). However, the current implementation fails
to protect existing children when children are also to be protected
(*_oomprotect=all). This patch fixes that.
Note: it is not easy to apply the protectoin earlier because we want to
support both the services which use the "command" variable and those
that use the "start_cmd" variable.
PR: 256148
Approved by: adrian, osogbo
Tested by: Jamie Landeg-Jones <jamie@catflap.org>
Fixes: 3bead71e959d - Add a global option where we can protect
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35747
protect.1: Document that protect(1) does not work in jails
The reason is that in order to protect a process procctl(2) needs
the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails
(see kern_jail.c).
Adam Wolk [Mon, 11 Apr 2022 22:23:43 +0000 (00:23 +0200)]
protect.1: document existence of _oomprotect
Improve discoverability of the functionality by mentioning in the
userland tool manual. Add a SEE ALSO entry to rc.conf(5) where more
details are provided.
sys/dev/cxgbe/cudbg/cudbg_lib.c:2949:6: error: variable 'i' set but not used [-Werror,-Wunused-but-set-variable]
int i = 0;
^
Apparently 'i' was meant as the current retry counter, but '1' was used
in the while loop comparison instead, making the loop potentially
infinite, if 'busy' never gets reset.
MFC after: 3 days
Reviewed by: np
Differential Revision: https://reviews.freebsd.org/D35834
Mark Johnston [Mon, 20 Jun 2022 16:17:11 +0000 (12:17 -0400)]
aio: Improve UMA usage
- Remove the AIO proc zone. This zone gets one allocation per AIO
daemon process, which isn't enough to warrant a dedicated zone. Plus,
unlike other AIO structures, aiops are small (32 bytes with LP64), so
UMA doesn't provide better space efficiency than malloc(9). Change
one of the malloc types in vfs_aio.c to make it more general.
- Don't set the NOFREE flag on the other AIO zones. This flag means
that memory allocated to the AIO subsystem is never freed back to the
VM, so it's always preferable to avoid using it when possible. NOFREE
was set without explanation when AIO was converted to use UMA 20 years
ago, but it does not appear to be required; all of the structures
allocated from UMA (per-process kaioinfo, kaiocb, and aioliojob) keep
track of references and get freed only when none exist. Plus, these
structures will contain dangling pointer after they're freed (e.g.,
the "cred", "fd_file" and "uiop" fields of struct kaiocb), so
use-after-frees are dangerous even when the structures themselves are
type-stable.
Reviewed by: asomers
Sponsored by: The FreeBSD Foundation
Adjust agp_find_device() definition in agp.c to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/dev/agp/agp.c:910:16: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
agp_find_device()
^
void
This is because agp_find_device() is declared with a (void) argument
list, and defined with an empty argument list. Make the definition match
the declaration.
sys/dev/cxgb/cxgb_sge.c:1290:21: error: variable 'txsd' set but not used [-Werror,-Wunused-but-set-variable]
struct tx_sw_desc *txsd = &txq->sdesc[txqs->pidx];
^
It appears 'txsd' is a leftover from a previous refactoring (see 3f345a5d09b6), but is no longer used for anything, and can be removed
without any functional change.
MFC after: 3 days
Reviewed by: np
Differential Revision: https://reviews.freebsd.org/D35833
tests/sys/cddl/zfs/bin/readmmap.c:97:9: error: call to undeclared function 'time'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
Obtained from: https://github.com/CTSRD-CHERI/cheribsd/commit/1737d8397a0
MFC after: 3 days
Mark Johnston [Mon, 18 Apr 2022 21:16:10 +0000 (17:16 -0400)]
geli: Add a chicken switch for unmapped I/O
We have a report of a panic in GELI that appears to go away when
unmapped I/O is disabled. Add a tunable to make such investigations
easier in the future. No functional change intended.
PR: 262894
Reviewed by: asomers
Sponsored by: The FreeBSD Foundation
Mark Johnston [Mon, 30 May 2022 14:43:44 +0000 (10:43 -0400)]
rc: Add a zpoolreguid rc.d script
If one boots up multiple copies of a template VM image containing a
zpool, the pool GUIDs will be identical, making it impossible to, e.g.,
share datasets between them.
This diff introduces a simple workaround for the problem: one can use
the script to, upon first boot, assign a new GUID to one or more zpools.
This will be useful when building ZFS-based VM images from release(7).
Reviewed by: mav, allanjude, asomers
Reviewed by: Pau Amma (docs)
Sponsored by: The FreeBSD Foundation
Because now ASLR is enabled by default for 64-bit architectures
and the purpose of the installation menu is to allow choosing
additional 'mitigation'/'hardening' options that are originally
disabled, remove the ASLR knob from bsdinstall.
Marcin Wojtas [Sun, 24 Oct 2021 14:53:06 +0000 (16:53 +0200)]
Enable ASLR by default for 64-bit executables
Address Space Layout Randomization (ASLR) is an exploit mitigation
technique implemented in the majority of modern operating systems.
It involves randomly positioning the base address of an executable
and the position of libraries, heap, and stack, in a process's address
space. Although over the years ASLR proved to not guarantee full OS
security on its own, this mechanism can make exploitation more difficult.
Tests on the tier 1 64-bit architectures demonstrated that the ASLR is
stable and does not result in noticeable performance degradation,
therefore it should be safe to enable this mechanism by default.
Moreover its effectiveness is increased for PIE (Position Independent
Executable) binaries. Thanks to commit 9a227a2fd642 ("Enable PIE by
default on 64-bit architectures"), building from src is not necessary
to have PIE binaries. It is enough to control usage of ASLR in the
OS solely by setting the appropriate sysctls.
This patch toggles the kernel settings to use address map randomization
for PIE & non-PIE 64-bit binaries. It also disables SBRK, in order
to allow utilization of the bss grow region for mappings. The latter
has no effect if ASLR is disabled, so apply it to all architectures.
As for the drawbacks, a consequence of using the ASLR is more
significant VM fragmentation, hence the issues may be encountered
in the systems with a limited address space in high memory consumption
cases, such as buildworld. As a result, although the tests on 32-bit
architectures with ASLR enabled were mostly on par with what was
observed on 64-bit ones, the defaults for the former are not changed
at this time. Also, for the sake of safety keep the feature disabled
for 32-bit executables on 64-bit machines, too.
The committed change affects the overall OS operation, so the
following should be taken into consideration:
* Address space fragmentation.
* A changed ABI due to modified layout of address space.
* More complicated debugging due to:
* Non-reproducible address space layout between runs.
* Some debuggers automatically disable ASLR for spawned processes,
making target's environment different between debug and
non-debug runs.
In order to confirm/rule-out the dependency of any encountered issue
on ASLR it is strongly advised to re-run the test with the feature
disabled - it can be done by setting the following sysctls
in the /etc/sysctl.conf file:
kern.elf64.aslr.enable=0
kern.elf64.aslr.pie_enable=0
Albert Jakiela [Tue, 28 Jun 2022 15:28:35 +0000 (17:28 +0200)]
stand/uboot: setup archsw before probing devices
In some cases ubldr would try to mount a disk device before
the archsw struct was filled with functions pointers.
This would result in a NULL pointer derefrence of the arch_getdev field.
Fix that filling the archsw functions earlier.
Note that this matches the EFI behavoiur.
lockstat: Fix construction of comparision predicates
Passing "0x%p" to sprintf results in double "0x" being printed.
This causes a dtrace script compilation failure when "-d" flag
is specified.
Fix that by removing the extraneous "0x".
When accessing a register directly from etherswitchcfg one must specify
a register group(e.g. registers of portN) and the register offset within
the group. The latter is passed as the 5 least significant bits.
Extract the former by dividing the register address by 32, not by 5.
Kornel Dulęba [Thu, 30 Jun 2022 11:57:58 +0000 (13:57 +0200)]
igc: Change default duplex setting
During media selection through ifconfig one might not specify
the duplex setting through the mediaopt flag.
In that case the igc driver would default to full-duplex.
The problem with this approach is that e1000(em/igb) driver
defaults to half-duplex.
Because of that if one connects both NICs and sets media to
e.g. 100baseTX on both of them no link will be found.
Fix that by matching igc behaviour with what e1000 does.
Andrew Turner [Tue, 28 Jun 2022 11:44:49 +0000 (11:44 +0000)]
Decode the arm64 SVE ID register
The field values are only valid when the ID_AA64PFR0_EL1.SVE or
ID_AA64PFR1_EL1.SME vields are non-zero. When this is not the case
the register is reserved as zero so is safe to read, but the SVEver
field will be incorrect so only print the decoded register when
the SVE or SME fields indicate it is valid.
Andrew Turner [Wed, 29 Jun 2022 16:34:41 +0000 (17:34 +0100)]
Allow use of the arm64 unnamed register form
On arm64 all registers have a name that encodes op0, op1, CRn, CRm, and
op2 that are used to encode the register in the instruction. As some
registers we need to access may not be supportedby older compilers, or
are only supported when specific extensions are enabled support this
alternative form.