Kristof Provost [Fri, 1 Mar 2019 22:33:24 +0000 (22:33 +0000)]
MFC r343978:
pfctl: Fix ifa_grouplookup()
Setting the length of the request got lost in r343287, which means SIOCGIFGMEMB
gives us the required length, but does not copy the names of the group members.
As a result we don't get a correct list of group members, and 'set skip on
<ifgroup>' broke.
This produced all sorts of very unexpected results, because we would end up
applying 'set skip' to unexpected interfaces.
Kristof Provost [Fri, 1 Mar 2019 18:12:05 +0000 (18:12 +0000)]
MFC r344691:
pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or cause a panic
We mistakenly used the extoff value from the last packet to patch the
next_header field. If a malicious host sends a chain of fragmented packets
where the first packet and the final packet have different lengths or number of
extension headers we'd patch the next_header at the wrong offset.
This can potentially lead to panics or rule bypasses.
Reported by: Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv
Approved by: so
Obtained from: OpenBSD
Security: CVE-2019-5597
Ben Widawsky [Fri, 1 Mar 2019 02:16:37 +0000 (02:16 +0000)]
MFC r344474-r344476
r344474:
nvdimm: split spa dev into a separate entity
Separate code for exposing a device backed by a system physical
address range away from the NVDIMM spa code. This will allow a
future patch to add support for NVDIMM namespaces while using the
same device code.
Submitted by: D Scott Phillips <d.scott.phillips@intel.com>
Reviewed by: bwidawsk
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D18736
r344475:
nvdimm: Read NVDIMM namespace labels
When attaching to NVDIMM devices, read and verify the namespace
labels from the special namespace label storage area. A later
change will expose NVDIMM namespaces derived from this label data.
Submitted by: D Scott Phillips <d.scott.phillips@intel.com>
Discussed with: kib
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D18735
r344476:
nvdimm: Simple namespace support
Add support for simple NVDIMM v1.2 namespaces from the UEFI
version 2.7 specification. The combination of NVDIMM regions and
labels can lead to a wide variety of namespace layouts. Here we
support a simple subset of namespaces where each NVDIMM SPA range
is composed of a single region per member dimm.
Submitted by: D Scott Phillips <d.scott.phillips@intel.com>
Discussed with: kib
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D18736
Martin Matuska [Thu, 28 Feb 2019 22:55:44 +0000 (22:55 +0000)]
MFC r344063,r344088:
MFC r344063:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1085: Fix a null pointer dereference bug in zip writer
PR #1110: ZIP reader added support for XZ, LZMA, PPMD8 and BZIP2
decopmpression
PR #1116: Add support for 64-bit ar format
PR #1120: Fix a 7zip crash [1] and a ISO9660 infinite loop [2]
PR #1125: RAR5 reader - fix an invalid read and a memory leak
PR #1131: POSIX reader - do not fail when tree_current_lstat() fails
due to ENOENT [3]
PR #1134: Delete unnecessary null pointer checks before calls of free()
OSS-Fuzz 10843: Force intermediate to uint64_t to make UBSAN happy.
OSS-Fuzz 11011: Avoid buffer overflow in rar5 reader
Pull in r353378 from upstream lld trunk (by George Rimar):
[LLD][ELF] - Set DF_STATIC_TLS flag for X64 target
This is the same as D57749, but for x64 target.
"ELF Handling For Thread-Local Storage" p41 says
(https://www.akkadia.org/drepper/tls.pdf):
R_X86_64_GOTTPOFF relocation is used for IE TLS models.
Hence if linker sees this relocation we should add DF_STATIC_TLS flag.
This adds support to lld for the DF_STATIC_TLS flag in shared objects,
which signals to the dynamic linker that the shared object requires
static thread local storage.
Alexander Motin [Thu, 28 Feb 2019 00:28:44 +0000 (00:28 +0000)]
MFC r344441: Fix few issues in ioat(4) driver.
- Do not explicitly count active descriptors. It allows hardware reset
to happen while device is still referenced, plus simplifies locking.
- Do not stop/start callout each time the queue becomes empty. Let it
run to completion and rearm if needed, that is much cheaper then to touch
it every time, plus also simplifies locking.
- Decouple submit and cleanup locks, making driver reentrant.
- Avoid memory mapped status register read on every interrupt.
- Improve locking during device attach/detach.
- Remove some no longer used variables.
David Bright [Wed, 27 Feb 2019 22:29:12 +0000 (22:29 +0000)]
MFC r344473:
CID 1332000: Logically dead code in sys/dev/pms/RefTisa/tisa/sassata/sas/ini/itdio.c
A pointer is first tested for NULL. If non-NULL, another pointer is
set equal to the first. The second pointer is then checked for NULL
and an error path taken if so. This second test and the associated
path is dead code as the pointer value, having just been checked for
NULL, cannot be NULL at this point. Remove the dead code.
Dimitry Andric [Wed, 27 Feb 2019 22:12:04 +0000 (22:12 +0000)]
MFC r344381:
Fix more AddressSanitizer violations in usr.bin/top
In line_update(), set lastcol correctly after moving to any non-zero
column, so the "overwrite old stuff" part does not attempt to address
negative offsets in the current line.
Rewrite setup_buffer() to always allocate at least 80 characters,
otherwise various calls to summary_format() will overwrite the end of
the buffers, if the screen width gets small enough.
Kyle Evans [Wed, 27 Feb 2019 17:00:14 +0000 (17:00 +0000)]
MFC r344218: mdmfs(8): use -o reserve with malloc-backed md(4)
Mentioned in mdconfig(8), malloc-backed md(4) can be unstable unless
required memory is allocated up front with -o reserve. Furthermore, panics
have been observed with md used in fstab on 12.0-RELEASE. Choose the stable
route and pass -o reserve.
Michael Tuexen [Mon, 25 Feb 2019 12:35:52 +0000 (12:35 +0000)]
MFC r344428:
This patch addresses an issue brought up by bz@ in D18968:
When TCP_REASS_LOGGING is defined, a NULL pointer dereference would happen,
if user data was received during the TCP handshake and BB logging is used.
A KASSERT is also added to detect tcp_reass() calls with illegal parameter
combinations.
Michael Tuexen [Mon, 25 Feb 2019 12:25:44 +0000 (12:25 +0000)]
MFC r343920:
Ensure that when using the TCP CDG congestion control and setting the
sysctl variable net.inet.tcp.cc.cdg.smoothing_factor to 0, the smoothing
is disabled. Without this patch, a division by zero orrurs.
netmap: don't schedule kqueue notify task when kqueue is not used
This change adds a counter (kqueue_users) to keep track of how many
kqueue users are referencing a given struct nm_selinfo.
In this way, nm_os_selwakeup() can schedule the kevent notification
task only when kqueue is actually being used.
This is important to avoid wasting CPU in the common case where
kqueue is not used.
Reviewed by: Aleksandr Fedorov <aleksandr.fedorov@itglobal.com>
Differential Revision: https://reviews.freebsd.org/D19177
Justin Hibbits [Sun, 24 Feb 2019 20:49:16 +0000 (20:49 +0000)]
MFC r343763, r343944, r343946
r343763: powerpc: Don't idle with the wait instruction on booke
r343944: powerpc: Split out the e500mc idling from rest of Book-E
r343946: powerpc: Fix AIM build
Justin Hibbits [Sun, 24 Feb 2019 20:29:11 +0000 (20:29 +0000)]
MFC r342811, r343168-r343169
r342811:
dtsec: Fix formatting of addresses in translation error messages
Don't clamp addresses to 8 hex digits, particularly since this is primarily
used now on a 64-bit platform.
r343168:
powerpc/dpaa: Handle DMAP virtual addresses in DPAA
sendfile(2) appears to now use DMAP wherever possible. These addresses are not
managed by pmap, so pmap_kextract() returns a 0 physical address, causing
failure.
This change fixes nginx running on P5020 SoC.
r343169:
dpaa: fix 32-bit build
Book-E powerpc uses 64-bit vm_paddr_t, and 32-bit powerpc has 32-bit pointers,
so gcc errors with cast to pointer from integer of different size. As this will
not actually be used in reality anyway, simply quiet the warning by casting
through uintptr_t.
Justin Hibbits [Sun, 24 Feb 2019 20:15:16 +0000 (20:15 +0000)]
MFC r343078:
powerpc: Fix FPU fsqrt emulation special case results
If fsqrts is emulated with +INF as its argument, the 0 return value causes a
NULL pointer dereference, panicking the system. Follow the PowerISA and
return +INF with no FP exception.
Dimitry Andric [Sat, 23 Feb 2019 14:27:09 +0000 (14:27 +0000)]
MFC r344386:
Pull in r354515 from upstream libc++ trunk:
Fix the build with gcc when `-Wredundant-decls` is passed
Summary:
gcc warns that `__throw_runtime_error` is declared both in
`<__locale>` and `<stdexcept>`, if `-Wredundant-decls` is passed on
the command line; this is the case with FreeBSD when ${WARNS} == 6.
Since `<__locale>` gets its first declaration via a transitive
include of `<stdexcept>`, and the second declaration is after the
first invocation of `__throw_runtime_error`, delete that second
declaration.
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
Reviewers: kristina, MaskRay, EricWF, ldionne, ngie
Currently stable/12 i386 installs old ld.bfd as ld (WITHOUT_LLD_IS_LD),
which prevents ifunc relocations from working properly. If a static
binary is linked, then it looses libc relocations needed.
The stable i386 branch uses ld.lld for the world build (WITH_LLD_BOOTSTRAP),
which is why static binaries from the base do not have the issue.
MFC r344214:
Refresh OptionalObsoleteFiles.inc for MK_PMC:
- Add missing /usr/sbin/pmc, pmcformat.h, libpmcstat.h and pmc.haswellxeon.3
to the list.
- Correct man page section for pmcstudy.8.
- Include recently added libipt and libopencsd for corresponding TARGET_ARCH
Dimitry Andric [Thu, 21 Feb 2019 07:22:05 +0000 (07:22 +0000)]
MFC r344264:
Add one additional file to libllvmminimal, since in some cases (e.g.
upgrading from stable/10 to stable/11) symbols from it are needed to
link llvm-tblgen and clang-tblgen.
r342089 changed cap_syslog(3) to preserve the stdio descriptors inherited
from its parent so that LOG_PERROR would work. However, this caused
dhclient(8)'s stdio streams to remain open across daemonization, breaking
the ability to capture its foreground output as done in netconfig_ipv4.
Fix this by reverting r341692 and instead passing the parent's stderr
descriptor as an argument to cap_openlog() only when LOG_PERROR is specified
in logopt.
Alexander Motin [Thu, 21 Feb 2019 00:17:24 +0000 (00:17 +0000)]
MFC r343125 (by cem): ioat(4): Set __result_use_check on ioat_acquire_reserve
Even M_WAITOK callers must check for failure. For example, if the device is
quiescing, either due to automatic error-recovery induced reset, or due to
administrative detach, the routine will return ENXIO and the acquire
reference will not be held. So, there is no mode in which it is safe to
assume the routine succeeds without checking.
David Bright [Wed, 20 Feb 2019 22:48:38 +0000 (22:48 +0000)]
MFC r344024:
CID 1009492: Logically dead code in sys/cam/scsi/scsi_xpt.c
In `probedone()`, for the `PROBE_REPORT_LUNS` case, all paths that
fall to the bottom of the case set `lp` to `NULL`, so the test for a
non-NULL value of `lp` and call to `free()` if true is dead code as
the test can never be true. Fix by eliminating the whole if
statement. To guard against a possible future change that accidentally
violates this assumption, use a `KASSERT()` to catch if `lp` is
non-NULL.
Dimitry Andric [Wed, 20 Feb 2019 20:28:48 +0000 (20:28 +0000)]
MFC r343165 (by jhibbits):
Fix top(1) long options handling
getopt_long(3) requires the long options be terminated by a NULL block.
Without the terminator, an invalid long option results in a segmentation
fault.
Reported by: Brandon Bergren
MFC r343957:
Fix multiple warnings in usr.bin/top about discarded qualifiers from
both clang and gcc, by either constifying variables, or when that is not
possible, using __DECONST.
MFC r343958:
Fix multiple warnings in usr.bin/top about variables shadowing global
declarations from base gcc, by renaming those variables.
MFC r343959:
Fix the first couple of AddressSanitizer violations in usr.bin/top.
Avoid setting zero bytes beyond the length of the 'thisline' parameters
in i_process() and u_process(), and don't attempt to memset a negative
number of bytes.
Pedro F. Giffuni [Wed, 20 Feb 2019 14:10:46 +0000 (14:10 +0000)]
MFC r344042:
UMA: unsign some variables related to allocation in hash_alloc().
As a followup to r343673, unsign some variables related to allocation
since the hashsize cannot be negative. This gives a bit more space to
handle bigger allocations and avoid some implicit casting.
While here also unsign uh_hashmask, it makes little sense to keep it
signed.
MFC r344103:
In r335015 PCB destroing was made deferred using epoch_call().
But ipsec_delete_pcbpolicy() uses some VNET-virtualized variables,
and thus it needs VNET context, that is missing during gtaskqueue
executing. Use inp_vnet context to set curvnet in in_pcbfree_deferred().
Brooks Davis [Mon, 18 Feb 2019 18:44:20 +0000 (18:44 +0000)]
MFC r344023:
mdmfs: Fix many bugs in automatic md(4) creation.
This code allocated a correctly sized buffer, read past the end of the
source buffer, writing off the end of the target buffer, and then writing
a '\0' terminator past the end of the target buffer (in the wrong place).
It then leaked the buffer.
Switch to a statically sized buffer on the stack and update the source
pointer and length before use so the correct things are copied.
Fix a logic error in the checks that the format of the line is as
expected and move on out of an assert.
Remove an unneeded close(). fclose() closes the descriptor.
Kyle Evans [Mon, 18 Feb 2019 16:11:11 +0000 (16:11 +0000)]
MFC r343543: bectl(8) test: Force destroy the zpool in cleanup
This is a wild guess as to why bectl tests failed once upon a time in CI,
given no apparent way to see a transcript of cleanup routines with Kyua. The
bectl tests construct a new, clean zpool for every test. The failure
indicated was because of a mount that was leftover from a previous test, but
the previous test had succeeded so it's not clear how the mount remained
leftover unless the `zpool get health ${pool}` had somehow failed.
MFC r344018:
Remove `set' field from state structure and use set from parent rule.
Initially it was introduced because parent rule pointer could be freed,
and rule's information could become inaccessible. In r341471 this was
changed. And now we don't need this information, and also it can become
stale. E.g. rule can be moved from one set to another. This can lead
to parent's set and state's set will not match. In this case it is
possible that static rule will be freed, but dynamic state will not.
This can happen when `ipfw delete set N` command is used to delete
rules, that were moved to another set.
To fix the problem we will use the set number from parent rule.
MFC r343696:
net80211: do not setup roaming parameters for unsupported modes.
ifconfig(8) prints per-mode parameters if they are non-zero; since
we have 13 possible modes with 3...5 typically supported this change
should greatly reduce amount of information for 'ifconfig <wlan> list roam'
command.
While here ensure that sta_roam_check() will not use roaming parameters
for unsupported modes (it should not).
Dimitry Andric [Sat, 16 Feb 2019 15:43:49 +0000 (15:43 +0000)]
Merge clang 7.0.1 and several follow-up changes
MFC r341825:
Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
the upstream release_70 branch r348686 (effectively, 7.0.1 rc3). The
release will follow very soon, but no more functional changes are
expected.
Release notes for llvm, clang and lld 7.0.0 are available here:
<http://releases.llvm.org/7.0.0/docs/ReleaseNotes.html>
<http://releases.llvm.org/7.0.0/tools/clang/docs/ReleaseNotes.html>
<http://releases.llvm.org/7.0.0/tools/lld/docs/ReleaseNotes.html>
PR: 230240, 230355
Relnotes: yes
MFC r342123:
Update clang, llvm, lld, lldb, compiler-rt and libc++ version number to
7.0.1 release r349250. There were no functional changes since the 7.0.1
rc3 import.
FreeBSD previously defaulted to DWARF 2 because several tools (gdb,
ctfconvert, etc.) did not support later versions. These have either
been fixed or are deprecated.
Note that gdb 6 still exists but has been moved out of $PATH into
/usr/libexec and is intended only for use by crashinfo(8). The kernel
build sets the DWARF version explicitly via -gdwarf2, so this should
have no effect there.
PR: 234887 [exp-run]
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17930
MFC r343916:
Pull in r352607 from upstream llvm trunk (by Craig Topper):
[X86] Add FPSW as a Def on some FP instructions that were missing it.
Pull in r353141 from upstream llvm trunk (by Craig Topper):
[X86] Connect the default fpsr and dirflag clobbers in inline
assembly to the registers we have defined for them.
Summary:
We don't currently map these constraints to physical register numbers
so they don't make it to the MachineIR representation of inline
assembly.
This could have problems for proper dependency tracking in the
machine schedulers though I don't have a test case that shows that.
Pull in r353489 from upstream llvm trunk (by Craig Topper):
[X86] Add FPCW as a register and start using it as an implicit use on
floating point instructions.
Summary:
FPCW contains the rounding mode control which we manipulate to
implement fp to integer conversion by changing the roudning mode,
storing the value to the stack, and then changing the rounding mode
back. Because we didn't model FPCW and its dependency chain, other
instructions could be scheduled into the middle of the sequence.
This patch introduces the register and adds it as an implciit def of
FLDCW and implicit use of the FP binary arithmetic instructions and
store instructions. There are more instructions that need to be
updated, but this is a good start. I believe this fixes at least the
reduced test case from PR40529.
These should fix a problem in clang 7.0 where it would sometimes emit
long double floating point instructions in a slightly wrong order,
leading to failures in our libm tests. In particular, the cbrt_test
test case 'cbrtl_powl' and the trig_test test case 'reduction'.
Also bump __FreeBSD_cc_version, to be able to detect this in our test
suite.
Pull in r339734 from upstream llvm trunk (by Eli Friedman):
[ARM] Make PerformSHLSimplify add nodes to the DAG worklist correctly.
Intentionally excluding nodes from the DAGCombine worklist is likely
to lead to weird optimizations and infinite loops, so it's generally
a bad idea.
To avoid the infinite loops, fix DAGCombine to use the
isDesirableToCommuteWithShift target hook before performing the
transforms in question, and implement the target hook in the ARM
backend disable the transforms in question.
Fixes https://bugs.llvm.org/show_bug.cgi?id=38530 . (I don't have a
reduced testcase for that bug. But we should have sufficient test
coverage for PerformSHLSimplify given that we're not playing weird
tricks with the worklist. I can try to bugpoint it if necessary,
though.)
The common path identification bits terminate src at /tmp/lib/ and the
destination at /tmp/libe. The subsequent backtracking is then incorrect, as
it traverses the destination and backtraces exactly one level while eating
the 'libexec' because it was previously (falsely) identified as common with
'lib'.
The obvious fix would be to make sure we've actually terminated just after
directory separators and rewind a character if we haven't. In the above
example, we would end up rewinding to /tmp/ and subsequently doing the right
thing.
Eugene Grosbein [Sat, 16 Feb 2019 00:38:25 +0000 (00:38 +0000)]
MFC r343112: jail(8): stop crashing with SIGSEGV inside run_command()
function while processing not entirely correct jail.conf(5) file
having something like "ip4.addr = 127.0.0.1;" and no "ip4 = ...;"
so extrap variable stays NULL.
libinput has special handling for Lenovo ThinkPad *40 series, where it
treats clicks on the top button area as if they came from the TrackPoint:
https://wayland.freedesktop.org/libinput/doc/latest/t440-support.html
Detect these devices and set the corresponding evdev property.
Submitted by: Greg V <greg@unrelenting.technology>
Differential Revision: https://reviews.freebsd.org/D18676
Eric Joyner [Fri, 15 Feb 2019 19:13:11 +0000 (19:13 +0000)]
MFC r344132:
ixl: Fix panic caused by bug exposed by r344062
Don't use a struct if_irq for IFLIB_INTR_IOV type interrupts since that results
in get_core_offset() being called on them, and get_core_offset() doesn't
handle IFLIB_INTR_IOV type interrupts, which results in an assert() being triggered
in iflib_irq_set_affinity().
MFC r343891:
Fix renameat(2) for CAPABILITIES kernelsi.
MFC Note: Layout of the struct nameidata is changed. I specifically
decided to not move the new field to the end of the new structure since
it would mostly make the corruption silent. __FreeBSD_version is bumped.
These tests should be skipped if /etc/rc.d/auditd is missing, which could be
the case if world was built with WITHOUT_AUDIT set. Also, one test case
requires /etc/rc.d/accounting.
Alan Somers [Thu, 14 Feb 2019 20:26:59 +0000 (20:26 +0000)]
MFC r341390, r341392, r341667
r341390:
Remove some dead code from the geli tests
This is detritus in the Makefile, leftover from 327662.
r341392:
Unbreak geli/gmirror testcases if their geom classes cannot be loaded
The problem with the logic prior to this commit was twofold:
1. The wrong set of idioms (TAP-compatible) were being applied to the ATF
testcases when run, resulting in confusing ATF failure results on setup.
2. The cleanup subroutines were broken when the geom classes could not be
loaded as they exited with 0 unexpectedly.
This commit changes the test code to source the class-specific configuration
(conf.sh) once globally, instead of sourcing it per testcase and per cleanup
subroutine, and to call the ATF-specific setup subroutine(s) inline in
the testcases.
The refactoring done is effectively a no-op for the TAP testcases, modulo
any refactoring done to create common code between the ATF and TAP
testcases.
This unbreaks the geli testcases converted to ATF in r327662 and r327683,
and the gmirror testcases added in r327780, respectively, when the geom
class could not be loaded.
tests/sys/geom/class/mirror/...
While here, ignore errors when turning debug failpoint sysctl off, which
could occur if the gmirror class was not loaded.
r341667:
geom tests: Fix cleanup of ATF tests since r341392
r341392 changed common test cleanup routines in a way that allowed them to
be used by TAP tests as well as ATF tests. However, a late change made
during code review resulted in cleanup being broken for ATF tests, which
source geom_subr.sh separately during the body and cleanup phases of the
test. The result was that md(4) devices wouldn't get cleaned up.