Adjust fbt_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warning is produced:
sys/cddl/dev/fbt/fbt.c:1273:11: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
fbt_unload()
^
void
This is because fbt_unload() is declared with a (void) argument list,
but defined with an empty argument list. Make the definition match the
declaration.
The setvlantag() and setvlanproto() functions are used in two scenarios:
when we create a new vlan interface and when we update an existing
interface.
These are distinguished by the getvlan() at the end of the functions. If
this fails we assume that is because the interface doesn't exist (so
we're creating a new one). We only update the 'params' struct, and
expect the settings to be applied when we vlan_create().
However, if we're updating an existing interface we do not retrieve the
current settings, and can end up invalidating settings.
Fix this by using the settings we retrieved while checking which
scenario we're in.
Note that we do not address this for setvlandev(), because if_vlan does
not allow the vlan parent device to be changed without disassociating it
first (with ifconfig vlanX -vlandev).
It's currently not possible to change the vlan ID or vlan protocol (i.e.
802.1q vs. 802.1ad) without de-configuring the interface (i.e. ifconfig
vlanX -vlandev).
Add a specific flow for this, allowing both the protocol and id (but not
parent interface) to be changed without going through the '-vlandev'
step.
Reid Linnemann [Tue, 17 May 2022 19:49:41 +0000 (13:49 -0600)]
namespace nv names, version libnv and libnvpair library symbols
libnv and libnvpair have aliased symbols, and as a result a single process which
dlopens a shared object that is dynamically linked to libnv and another to
libnvpair will wind up with a single set of resolved symbols for those in
conflict. A source file also cannot include both libnv and libnvpair headers
because of aliased identifiers. To resolve the situation, libnv types and
functions are namespaced via nv_namespace.h, and libnv symbols are
versioned. The msgio functions are not namespaced or exported as they are not
part of the external API.
Mike Karels [Thu, 21 Jul 2022 13:10:15 +0000 (08:10 -0500)]
IPv4: correct limit on loopback_prefix
Commit efe58855f3ea allowed the net.inet.ip.loopback_prefix value
to be 32. However, with a 32-bit mask, 127.0.0.1 is not included
in the reserved loopback range, which should not be allowed.
Change the max prefix length to 31.
Alan Cox [Thu, 21 Jul 2022 06:53:54 +0000 (01:53 -0500)]
iommu_gas: Avoid double unmapping on error
In the extremely unlikely case that the iommu_gas_map_region() call in
bus_dma_iommu_load_ident() failed, we would attempt to unmap the failed
entry twice, first in iommu_gas_map_region(), and a second time in the
caller. Once is enough, and twice is problematic because it leads to a
second RB_REMOVE call on the same tree node. Like it or not, RB_TREE
does not handle that possibility.
Bug fix to UFS/FFS superblock integrity checks when reading a superblock.
A better fix to commit 9e1f44d044a. Rather than coping with the case
where a backup superblock is used, catch the case when the superblock
is being read in and ensure that the standard one is used rather than
the backup one.
Delete UFS2 backup superblock recovery info when building a UFS1 filesystem.
Only the UFS2 filesystem has support for storing information needed
to find alternate superblocks. If that information is inadvertently
left in place when building a UFS1 filesystem, fsck_ffs may stumble
across it and attempt to use it to recover the UFS1 filesystem
which can only end poorly.
Fix unused variable warning in acpica's nsaccess.c
With clang 15, the following -Werror warning is produced:
sys/contrib/dev/acpica/components/namespace/nsaccess.c:452:29: error: variable 'NumCarats' set but not used [-Werror,-Wunused-but-set-variable]
UINT32 NumCarats;
^
Here, 'NumCarats' is a variable that is only used when debugging. Since
acpica is contributed code, suppress the warning with a compile flag.
Adjust prototype_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/prototype.c:99:17: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
prototype_unload()
^
void
This is because prototype_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust nvd_{load,unload}() definitions to avoid clang 15 warnings
With clang 15, the following -Werror warnings are produced:
sys/dev/nvd/nvd.c:150:9: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
nvd_load()
^
void
sys/dev/nvd/nvd.c:166:11: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
nvd_unload()
^
void
This is because nvd_load() and nvd_unload() are declared with a (void)
argument list, but defined with an empty argument list. Make the
definitions match the declarations.
With clang 15, the following -Werror warnings are produced:
sys/dev/mfi/mfi.c:3698:6: error: variable 'timedout' set but not used [-Werror,-Wunused-but-set-variable]
int timedout;
^
sys/dev/mfi/mfi.c:3742:6: error: variable 'timedout' set but not used [-Werror,-Wunused-but-set-variable]
int timedout = 0;
^
Here, 'timedout' are variables that are only used when debugging,
requiring #if 0 statements to be modified. Mark the variables as
potentially unused, to suppress the warnings.
Mike Karels [Mon, 18 Jul 2022 16:39:03 +0000 (11:39 -0500)]
tcp.4: Sort sysctl variables
In preparation for updates including missing variables, sort the
sysctl variables in the MIB variables section alphabetically.
Add a new "hostcache" entry for the hostcache node, containing the
intro text that was previously in hostcache.enable. Also cleanups
per review comments.
Mike Karels [Mon, 18 Jul 2022 16:33:31 +0000 (11:33 -0500)]
icmp.4 inet.4 udp.4: sort sysctl variables
Sort the sysctl(3)/sysctl(8) variables in the MIB Variables section
alphabetically. This is in preparation for adding missing variables
(at least in inet.4 and icmp.4). A few other touchups suggested in
review.
cuse(3): Allow shared memory allocations up to, but excluding 2 GBytes.
Currently the cuse(3) mmap(2) offset is split into 128 banks of 16 Mbytes.
Allow cuse(3) to make allocations that span multiple banks at the expense
of any fragmentation issues that may arise. Typically mmap(2) buffers are
well below 16 Mbytes. This allows 8K video resolution to work using webcamd.
Colin Percival [Wed, 13 Jul 2022 00:48:06 +0000 (17:48 -0700)]
random: Ingest extra fast entropy when !seeded
We periodically ingest entropy from pollable entropy sources, but only
8 bytes at a time and only occasionally enough to feed all of Fortuna's
pools once per second. This can result in Fortuna remaining unseeded
for a nontrivial amount of time when there is no entropy passed in from
the boot loader, even if RDRAND is available to quickly provide a large
amount of entropy.
Detect in random_sources_feed if we are not yet seeded, and increase the
amount of immediate entropy harvesting we perform, in order to "fill"
Fortuna's entropy pools and avoid having
random: randomdev_wait_until_seeded unblock wait
stall the boot process when entropy is available.
This speeds up the FreeBSD boot in the Firecracker VM by 2.3 seconds.
atkbd(4): Fix "hancha" and "han/yong" korean keys handling.
The Korean keyboard has two keys, the Korean/Chinese and the
Korean/English toggles, that generate scancodes 0xF1 and 0xF2
(respectively) when pressed, and nothing when released. They do not
repeat.
As Hanyong/Hancha keys are generally greater than 0x80, which is
generally considered a release key, add extra preceding press key event
to generate press/release pair.
Swap Hanyong/Hancha key codes to match reality.
Adjust dtrace_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
In file included from sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c:18440:
sys/cddl/dev/dtrace/dtrace_unload.c:26:14: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtrace_unload()
^
void
This is because dtrace_unload() is declared with a (void) argument list,
but defined with an empty argument list. Make the definition match the
declaration.
Adjust dtrace_getf_barrier() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c:17019:20: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtrace_getf_barrier()
^
void
This is because dtrace_getf_barrier() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust profile_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/profile/profile.c:640:15: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
profile_unload()
^
void
This is because profile_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust dtnfsclient_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/fs/nfsclient/nfs_clkdtrace.c:544:19: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtnfsclient_unload()
^
void
This is because dtnfsclient_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust fbd_list() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/dev/fb/fbd.c:205:9: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
fbd_list()
^
void
This is because fbd_list() is declared with a (void) argument list, but
defined with an empty argument list. Make the definition match the
declaration.
Adjust db_flush_line() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/ddb/db_lex.c:94:14: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
db_flush_line()
^
void
This is because db_flush_line() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust dtmalloc_unload() definition to avoid clang 15 warning
With clang 15, the following -Werror warnings is produced:
sys/cddl/dev/dtmalloc/dtmalloc.c:177:16: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
dtmalloc_unload()
^
void
This is because dtmalloc_unload() is declared with a (void) argument
list, but defined with an empty argument list. Make the definition match
the declaration.
Adjust t4_tracer_mod{load,unload}() definitions to avoid clang 15 warnings
With clang 15, the following -Werror warnings are produced:
sys/dev/cxgbe/t4_tracer.c:234:18: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
t4_tracer_modload()
^
void
sys/dev/cxgbe/t4_tracer.c:243:20: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
t4_tracer_modunload()
^
void
This is because t4_tracer_modload() and t4_tracer_modunload() are
declared with a (void) argument list, but defined with an empty argument
list. Make the definitions match the declarations.
Simon J. Gerraty [Tue, 19 Jul 2022 15:59:53 +0000 (08:59 -0700)]
Add -S option to veriexec
During software installation, use veriexec -S to strictly
enforce certificate validity checks (notBefore, notAfter).
Otherwise ignore certificate validity period.
It is generally unacceptible for the Internet to stop working
just because someone did not upgrade their infrastructure for a decade.
Andrew Turner [Wed, 23 Mar 2022 17:39:58 +0000 (17:39 +0000)]
Add experimental 16k page support on arm64
Add initial 16k page support on arm64. It is considered experimental,
with no guarantee of compatibility with a userspace or kernel modules
built with the current a 4k page size as code will likely try to pass
in a too small size when working with APIs that take a multiple of a
page, e.g. mmap.
As this is experimental, and because userspace and the kernel need to
have the PAGE_SIZE macro kept in sync there is no kernel option to
enable this. To test a new image should be built with the
PAGE_{SIZE,SHIFT,MASK} macros changed to the 16k versions.
There are currently known issues with loading modules from an old
loader as it can misalign them to load on a non-16k boundary.
Testing has shown good results in kernel workloads that allocate and
free large amounts of memory as only a quarter of the number of calls
into the VM subsystem are needed in the best case.
Reviewed by: markj
Tested by: gallatin
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34793
Kristof Provost [Thu, 23 Jun 2022 20:35:29 +0000 (22:35 +0200)]
ipsec: replace SECASVAR mtx by rmlock
This mutex is a significant point of contention in the ipsec code, and
can be relatively trivially replaced by a read-mostly lock.
It does require a separate lock for the replay protection, which we do
here by adding a separate mutex.
This improves throughput (without replay protection) by 10-15%.
Alan Cox [Mon, 18 Jul 2022 00:56:39 +0000 (19:56 -0500)]
x86/iommu: Shrink the critical section in dmar_qi_task()
It is safe to test and clear the Invalidation Wait Descriptor
Complete flag before acquiring the DMAR lock in dmar_qi_task(),
rather than waiting until the lock is held.
Colin Percival [Wed, 13 Jul 2022 00:43:07 +0000 (17:43 -0700)]
x86: Remove 1 second DELAY from cpu_reset
On SMP systems, cpu_reset broadcasts a message telling the APs to stop
themselves, and then the BSP waits 1 second before actually resetting
itself; this behaviour dates back to 1998-05-17.
I assume that this delay was added in order to allow the APs to stop
themselves before the BSP resets; but we wait until the APs have all
acknowledged entering the "stopped" state, so it no longer seems to
serve any purpose.
Colin Percival [Wed, 13 Jul 2022 00:42:26 +0000 (17:42 -0700)]
Add kern.reboot_wait_time sysctl
Historic FreeBSD behaviour (dating back to 1994-04-02) when rebooting
is to print "Rebooting..." and then
/* wait 1 sec for printf's to complete and be read */
Prior to April 1994, there was a 100 ms delay (added 1993-11-12).
Since (a) most users will already be aware that the system is rebooting
and do not need to take time to read an additional message to that
effect, and (b) most FreeBSD systems don't have anyone actively looking
at the console anyway, this delay no longer serves much purpose.
This commit adds a kern.reboot_wait_time sysctl which defaults to 0;
historic behaviour can be regained by setting it to 1.
Reviewed by: imp
Relnotes: FreeBSD now reboots faster; to restore the traditional
wait after printing "Rebooting..." to the console, set
kern.reboot_wait_time=1 (or more).
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D35796
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
Add three simple hooks to the debugger allowing for a loaded MAC policy
to intervene if desired:
1. Before invoking the kdb backend
2. Before ddb command registration
3. Before ddb command execution
We extend struct db_command with a private pointer and two flag bits
reserved for policy use.
Reviewed by: markj
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35370
This flag value can be used to indicate if a command has the property of
being "memory safe". In this instance, memory safe means that the
command does not allow/enable reads or writes of arbitrary memory,
regardless of the arguments passed to it. For example, 'backtrace' is
considered a memory-safe command since its output is deterministic,
while 'show vnode' is not, since it requires a memory address as an
argument and will print the contents beginning at that location.
Apply the flag to the "show all" command macros. It is expected that
commands added to this table will always exhibit this property.
Reviewed by: markj
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35581
Eric van Gyzen [Mon, 18 Jul 2022 18:07:20 +0000 (13:07 -0500)]
bge: tell debugnet there are 2 rx rings, not 1,024
debugnet provides the network stack for netgdb and netdump. Since it
must operate under panic/debugger conditions and can't rely on dynamic
memory allocation, it preallocates mbufs during boot or network
configuration. At that time, it does not yet know which interface
will be used for debugging, so it does not know the required size and
quantity of mbufs to allocate. It takes the worst-case approach by
calculating its requirements from the largest MTU and largest number
of receive queues across all interfaces that support debugnet.
Unfortunately, the bge NIC driver told debugnet that it supports 1,024
receive queues. It actually supports only 2 queues (with 1,024 slots,
thus the error). This greatly exaggerated debugnet's preallocation,
so with an MTU of 9000 on any interface, it allocated 600 MB of memory.
A tiny fraction of this memory would be used if netgdb or netdump were
invoked; the rest is completely wasted.
Mark Johnston [Mon, 18 Jul 2022 19:50:45 +0000 (15:50 -0400)]
sched_ule: Ensure we hold the thread lock when modifying td_flags
The load balancer may force a running thread to reschedule and pick a
new CPU. To do this it sets some flags in the thread running on a
loaded CPU. But the code assumed that a running thread's lock is the
same as that of the corresponding runqueue, and there are small windows
where this is not true. In this case, we can end up with non-atomic
modifications to td_flags.
Since this load balancing is best-effort, simply give up if the thread's
lock doesn't match; in this case the thread is about to enter the
scheduler anyway.
Kornel Dulęba [Tue, 10 May 2022 13:22:55 +0000 (15:22 +0200)]
Implement shared page address randomization
It used to be mapped at the top of the UVA.
If the randomization is enabled any address above .data section will be
randomly chosen and a guard page will be inserted in the shared page
default location.
The shared page is now mapped in exec_map_stack, instead of
exec_new_vmspace. The latter function is called before image activator
has a chance to parse ASLR related flags.
The KERN_PROC_VM_LAYOUT sysctl was extended to provide shared page
address.
The feature is enabled by default for 64 bit applications on all
architectures.
It can be toggled kern.elf64.aslr.shared_page sysctl.
Kornel Dulęba [Thu, 2 Jun 2022 07:58:12 +0000 (09:58 +0200)]
Rework how shared page related data is stored
Store the shared page address in struct vmspace.
Also instead of storing absolute addresses of various shared page
segments save their offsets with respect to the shared page address.
This will be more useful when the shared page address is randomized.
Kornel Dulęba [Thu, 2 Jun 2022 08:45:54 +0000 (10:45 +0200)]
Introduce the PROC_SIGCODE() macro
Use a getter macro instead of fetching the sigcode address directly
from a sysent of a given process. It assumes that the sigcode is stored
in the shared page, which is true in all cases, except for a.out
binaries. This will be later useful when the shared page address
randomization is introduced.
No functional change intended.
Mike Karels [Sat, 16 Jul 2022 21:05:58 +0000 (16:05 -0500)]
ofed/infiniband: fix ifdefs for new INET changes, fixing LINT-NOIP
Some of the ofed/infiniband code has INET and INET6 address handling
code without using ifdefs. This failed with a recent change to INET,
in which IN_LOOPBACK() started using a VNET variable, and which is not
present if INET is not configured. Add #ifdef INET, and INET6 for good
measure, in cma_loopback_addr(), along with inclusion of the options
headers in ib_cma.c.
arm64, qoriq_therm: fix handling sites on version 1 and 2
For version 2 extend the TMUV2_TMSAR() write loop over all site_ids
registered for a particular SoC and actually use the site_id rather
than always just the first [0] (which for the LX2080 would be a
problem given there is no site0).
Later, while version 2 adds the SITEs to enable to TMSR in bits 0..<n>,
version 1 (e.g., LS1028, LS1046, LS1088) add MSITEs to TMR
bits 16..31 or rather 15..0(16-<n>). Adjust the loops to only enable
the site_ids listed for the particular SoC for monitoring. This now
also deals with sparse site_ids (not starting at 0, or not being
contiguous).
sys/dev/cxgbe/cudbg/cudbg_lib.c:2949:6: error: variable 'i' set but not used [-Werror,-Wunused-but-set-variable]
int i = 0;
^
Apparently 'i' was meant as the current retry counter, but '1' was used
in the while loop comparison instead, making the loop potentially
infinite, if 'busy' never gets reset.
MFC after: 3 days
Reviewed by: np
Differential Revision: https://reviews.freebsd.org/D35834
Mark Johnston [Sat, 16 Jul 2022 15:29:53 +0000 (11:29 -0400)]
vm_object: Remove redundant OBJ_SWAP checks
With the removal of OBJT_DEFAULT, OBJ_ANON implies OBJ_SWAP.
Note, this means that vm_object_split() is more expensive than it used
to be, as it holds busy locks until the end of the range is reached,
even if the object has no swap blocks allocated.
Reviewed by: alc, kib
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35789
Mark Johnston [Sat, 16 Jul 2022 15:29:19 +0000 (11:29 -0400)]
vm: Remove handling for OBJT_DEFAULT objects
Now that OBJT_DEFAULT objects can't be instantiated, we can simplify
checks of the form object->type == OBJT_DEFAULT || (object->flags &
OBJ_SWAP) != 0. No functional change intended.
Reviewed by: alc, kib
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35788
Mark Johnston [Sat, 16 Jul 2022 15:28:09 +0000 (11:28 -0400)]
swap_pager: Removing handling for objects with OBJ_SWAP clear
With the removal of OBJT_DEFAULT, we can assume that pager operations
provide an object with OBJ_SWAP set. Also, we do not need to convert
objects from type OBJT_DEFAULT. Thus, remove checks for OBJ_SWAP and
remove code which modifies the object type. In some places, replace the
check for OBJ_SWAP with a check for whether any swap blocks are
assigned.
Reviewed by: alc, kib
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35786