MFC r349951, r349994, r349995, r350005, r350023 (by jhibbits), r350478:
Provide protection against starvation of the ll/sc loops when accessing
userpace.
Initialize the frentry (the control block that defines a rule) checksum
to zero. Matching checksums save time and effort by mitigating the need
for full rule compare.
Pull in r368867 from upstream libc++ trunk (by Marshall Clow):
Rework recursive_timed_mutex so that it uses __thread_id instead of
using the lower-level __libcpp_thread_id. This is prep for fixing
PR42918. Reviewed as https://reviews.llvm.org/D65895
Pull in r368916 from upstream libc++ trunk (by Marshall Clow):
Fix thread comparison by making sure we never pass our special 'not a
thread' value to the underlying implementation. Fixes PR#42918.
This should fix std::thread::id::operator==() attempting to call
pthread_equal(3) with zero values.
Ed Maste [Tue, 3 Sep 2019 16:57:32 +0000 (16:57 +0000)]
MFC r350989: Remove some more leftover rlogin man page xrefs
rcmds were removed in r32435 and these three man pages can trivially
drop the references.
There's still a reference in pts.4 because it describes a mode
(TIOCPKT_NOSTOP), and only lists rlogin/rlogind as examples of programs
that use that mode. To update later.
Ed Maste [Tue, 3 Sep 2019 16:25:27 +0000 (16:25 +0000)]
MFC r351395: msdosfs_fat: reduce diffs with NetBSD and makefs
Use pointer arithmetic (as now done in makefs, and in NetBSD) instead of
taking the address of array element. No functional change, but this
makes it easier to compare different versions of this file.
Alexander Motin [Tue, 3 Sep 2019 16:20:04 +0000 (16:20 +0000)]
MFC r351606: Take proper lock in ses_setphyspath_callback().
XPT_DEV_ADVINFO call should be protected by the lock of the specific
device it is addressed to, not the lock of SES device. In some weird
case, probably with hardware violating standards, it sometimes caused
NULL dereference due to race.
To protect from it further, add lock assertion to *_dev_advinfo().
Alexander Motin [Tue, 3 Sep 2019 14:52:39 +0000 (14:52 +0000)]
MFC r351550: Always check cam_periph_error() status for ERESTART.
Even if we do not expect retries, we better be sure, since otherwise it
may result in use after free kernel panic. I've noticed that it retries
SCSI_STATUS_BUSY even with SF_NO_RECOVERY | SF_NO_RETRY.
Cy Schubert [Thu, 29 Aug 2019 19:13:27 +0000 (19:13 +0000)]
MFC r351397:
MFV r346563:
Update wpa 2.8 --> 2.9
hostapd:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into "STA <addr>" control interface data to
determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL
wpa_supplicant:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
[https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
Brooks Davis [Wed, 28 Aug 2019 07:53:10 +0000 (07:53 +0000)]
MFC r340424:
Use the main capabilities.conf for freebsd32.
Allow the location of capabilities.conf to be configured.
Also allow a per-abi syscall prefix to be configured with the
abi_func_prefix syscalls.conf variable and check syscalls against
entries in capabilities.conf with and without the prefix amended.
Take advantage of these two features to allow use shared
capabilities.conf
between the default syscall vector and the freebsd32 compatability
layer. We've been inconsistent about keeping the two in sync as
evidenced by the bugs fixed in r340294. This eliminates that problem
going forward.
Brooks Davis [Wed, 28 Aug 2019 07:37:34 +0000 (07:37 +0000)]
MFC r339624:
Remove the need for backslashes in syscalls.master.
Join non-special lines together until we hit a line containing a '}'
character. This allows the function declaration body to be split
across multiple lines without backslash continuation characters.
Continue to join lines ending with backslashes to allow gradual
migration and to support out-of-tree syscall vectors
Alexander Motin [Tue, 27 Aug 2019 04:16:42 +0000 (04:16 +0000)]
MFC r351105, r351107: Limit memory window usage in ntb_transport to 256MB.
This adds safety net for the case of misconfigured NTB with too big
memory window, for which we may be unable to allocate a memory buffer,
which does not make much sense for the network interface. While there,
fix the code to really work with asymmetric window sizes setup.
This makes driver just print warning message on boot instead of hanging
if too large memory window is configured.
Alexander Motin [Tue, 27 Aug 2019 04:15:21 +0000 (04:15 +0000)]
MFC r351072: Implement new methods for Intel and PLX NTB.
This restores parity with AMD NTB driver. Though without any drivers
supporting more then one peer and respective KPI modification to pass
peer index to most of the calls this addition is pretty useless now.
Alexander Motin [Tue, 27 Aug 2019 04:13:22 +0000 (04:13 +0000)]
MFC r349594, r349595, r349601: Add driver for NTB in AMD SoC.
This patch is the driver for NTB hardware in AMD SoCs (ported from Linux)
and enables the NTB infrastructure like Doorbells, Scratchpads and Memory
window in AMD SoC. This driver has been validated using ntb_transport and
if_ntb driver already available in FreeBSD.
Alexander Motin [Tue, 27 Aug 2019 04:04:19 +0000 (04:04 +0000)]
MFC r351352: Improve NVMe hot unplug handling.
If device is unplugged from the system (CSTS register reads return
0xffffffff), it makes no sense to send any more recovery requests or
expect any responses back. If there is a detach call in such state,
just stop all activity and free resources. If there is no detach
call (hot-plug is not supported), rely on normal timeout handling,
but when it trigger controller reset, do not wait for impossible and
quickly report failure.
Alexander Motin [Tue, 27 Aug 2019 04:03:42 +0000 (04:03 +0000)]
MFC r351320: Formalize NVMe controller consumer life cycle.
This fixes possible double call of fail_fn, for example on hot removal.
It also allows ctrlr_fn to safely return NULL cookie in case of failure
and not get useless ns_fn or fail_fn call with NULL cookie later.
Alexander Motin [Tue, 27 Aug 2019 04:01:56 +0000 (04:01 +0000)]
MFC r351028: Report NOIOB and NPWG fields as stripe size.
Namespace Optimal I/O Boundary field added in NVMe 1.3 and Namespace
Preferred Write Granularity added in 1.4 allow upper layers to align
I/Os for improved SSD performance and endurance.
I don't have hardware reportig those yet, but NPWG could probably be
reported by bhyve.
Alexander Motin [Tue, 27 Aug 2019 03:55:38 +0000 (03:55 +0000)]
MFC r350676, r350677: Make `camcontrol modepage` support block descriptors.
It allows to read and write block descriptors alike to mode page parameters.
It allows to change block size or short-stroke HDDs or overprovision SSDs.
Depenting on -P parameter the change can be either persistent or till reset.
In case of block size change device may need reformat after the setting.
In case of SSD overprovisioning format or sanitize may be needed to really
free the flash.
During implementation appeared that csio_encode_visit() can not handle
integers of more then 4 bytes, that makes 8-byte LBA handling awkward.
I had to split it into two 4-byte halves now.
Alexander Motin [Tue, 27 Aug 2019 03:05:57 +0000 (03:05 +0000)]
MFC r351348 (by markj):
Modify pipe_poll() to properly check for pending direct writes.
With r349546, it is a responsibility of the writer to clear PIPE_DIRECTW
after pinned data has been read. In particular, once a reader has
drained this data, there is a small window where the pipe is empty but
PIPE_DIRECTW is set. pipe_poll() was using the presence of PIPE_DIRECTW
to determine whether to return POLLIN, so in this window it would
claim that data was available to read when this was not the case.
Fix this by modifying several checks for PIPE_DIRECTW to instead look
at the number of residual bytes in data pinned by a direct writer. In
some cases we really do want to check for PIPE_DIRECTW, since the
presence of this flag indicates that any attempt to write to the pipe
will block on the existing direct writer.
Kyle Evans [Mon, 26 Aug 2019 17:34:07 +0000 (17:34 +0000)]
MFC r351119, r351135-r351136, r351412: stand xtoolchain-llvm90 fixes
r351119:
stand: push LIBC_SRC up into defs.mk
Other parts of stand/ that don't use libsa will need to grab bits from libc
shortly. Push LIBC_SRC up to defs.mk in advance of this so that they can use
it, and rename it to LIBCSRC to match the convention of the rest of the *SRC
variables in this file.
r351135:
stand: boot2: fix build with xtoolchain-llvm90
ufsread.c grows a dependency on __ashldi3 with llvm90. Grab ashldi3.c out of
compiler-rt rather than trying to link against libsa (for now).
-Wno-missing-prototypes is necessary to compile ashldi3.c standalone.
r351136:
stand: gptboot: fix build with xtoolchain-llvm90
ufsread.c grows a dependency on __ashldi3 with llvm90. For gptboot, just
start pulling in ashldi3.c ashrdi3.c lshrdi3.c into libsa for all archs as
the number of archs requiring one or more of them keeps growing. qdivrem.c
and quad.h can be trivially kicked out of libsa if we start pulling these
from compiler-rt as qdivrem was only used to implement umoddi3, divdi3,
moddi3 (also in qdivrem.c).
Cy Schubert [Sun, 25 Aug 2019 13:36:20 +0000 (13:36 +0000)]
MFC r350881:
Calculate the number interface array elements using the new FR_NUM macro
instead of the hard-coded value of 4. This is a precursor to increasing
the number of interfaces speficied in "on {interface, ..., interface}".
Note that though this feature is coded in ipf_y.y, it is partially
supported in the ipfilter kld, meaning it does not work yet (and is yet
to be documented in ipf.5 too).
Cy Schubert [Sun, 25 Aug 2019 04:56:33 +0000 (04:56 +0000)]
MFC r350880:
r272552 applied the patch from ipfilter upstream fil.c r1.129 to fix
broken ipfilter rule matches (upstream bug #554). The upstream patch
was incomplete, it resolved all but one rule compare issue. The issue
fixed here is when "{to, reply-to, dup-to} interface" are used in
conjuncion with "on interface". The match was only made if the on keyword
was specified in the same order in each case referencing the same rule.
This commit fixes this.
The reason for this is that interface name strings and comment keyword
comments are stored in a a variable length field starting at fr_names
in the frentry struct. These strings are placed into this variable length
in the order they are encountered by ipf_y.y and indexed through index
pointers in fr_ifnames, fr_comment or one of the frdest struct fd_name
fields. (Three frdest structs are within frentry.) Order matters and
this patch takes this into account.
While in here it was discovered that though ipfilter is designed to
pport multiple interface specifiations per rule (up to four), this
undocumented (the man page makes no mention of it) feature does not work.
A todo is to fix the multiple interfaces feature at a later date. To
understand the design decision as to why only four were intended, it is
suspected that the decision was made because Sun workstations and PCs
rarely if ever exceeded four NICs at the time, this is not true in 2019.
John Baldwin [Sat, 24 Aug 2019 00:35:59 +0000 (00:35 +0000)]
MFC 350551:
Don't reset memory attributes when mapping physical addresses for ACPI.
Previously, AcpiOsMemory was using pmap_mapbios which would always map
the requested address Write-Back (WB). For several AMD Ryzen laptops,
the BIOS uses AcpiOsMemory to directly access the PCI MCFG region in
order to access PCI config registers. This has the side effect of
remapping the MCFG region in the direct map as WB instead of UC
hanging the laptops during boot.
On the one laptop I examined in detail, the _PIC global method used to
switch from 8259A PICs to I/O APICs uses a pair of PCI config space
registers at offset 0x84 in the device at 0:0:0 to as a pair of
address/data registers to access an indirect register in the chipset
and clear a single bit to switch modes.
To fix, alter the semantics of pmap_mapbios() such that it does not
modify the attributes of any existing mappings and instead uses the
existing attributes. If a new mapping is created, this new mapping
uses WB (the default memory attribute).
Special thanks to the gentleman whose name I don't have who brought
two affected laptops to the hacker lounge at BSDCan. Direct access to
the affected systems permitted finding the root cause within an hour
or so.
Introduce VFNT_MAXDIMENSION to replace bare 128, add set_height, and
consistently use set_height and set_width.
Submitted by: Dmitry Wagin
MFC r348662: vtfontcvt: include width and height in verbose info
Submitted by: Dmitry Wagin
MFC r348668: vtfontcvt: zero memory allocated by xmalloc
Submitted by: Dmitry Wagin
MFC r348692: vtfontcvt: exit on error if the input font has too many glyphs
The kernel has a limit of 131072 glyphs in a font; add the same check to
vtfontcvt so that we won't create a font file that the kernel will not
load.
MFC r348796: vtfontcvt: allow out-of-order glyphs
Reported by: mi
MFC r349049: vtfontcvt: add comments in add_glyph
MFC r349100: vtfontcvt: improve BDF and hex font parsing
Support larger font sizes.
Submitted by: Dmitry Wagin (original version)
MFC r349101: vtfontcvt: initialize bbwbytes to avoid GCC 4.2.1 warning
MFC r349105: vtfontcvt: initialize another variable to quiet GCC warning
I believe this case could be triggered by a broken .bdf font.
MFC r349107: vtfontcvt: improve .bdf verification
Previously we would crash if the BBX y-offset was outside of the font
bounding box.
Reported by: afl fuzzer
MFC r349108: vtfontcvt: improve .bdf validation
Previously if we had a BBX entry that had invalid values (e.g. bounding
box outside of font bounding box) and failed sscanf (e.g., because it
had fewer than four values) we skipped the BBX value validation and then
triggered an assertion failure.
Reported by: afl fuzzer
MFC r349111: vtfontcvt: correct typo in hex parsing update
Submitted by: Dmitry Wagin
MFC r349333: vtfontcvt: improve .bdf validation
Previously if we had a FONTBOUNDINGBOX or DWIDTH entry that had missing
or invalid values and and failed sscanf, we would proceeded with
partially initialized bounding box / device width variables.
MFC r350974:
Since ipvoly is used for checksum calculation, part of original IP
header is zeroed. This part includes ip_ttl field, that can be used
later in IP_MINTTL socket option handling.
This snapshot among other things includes a fix for a crash of mandoc with empty
tbl reported by rea@ (his regression test has been incorporated upstream)
Toomas Soome [Thu, 22 Aug 2019 07:37:34 +0000 (07:37 +0000)]
loader: support com.delphix:removing
MFC r348353: boot1.efi should also provide Calloc
MFC r350772: loader: support com.delphix:removing
MFC r350825: loader: add error check for vdev_indirect calls
As prerequisite, we need Calloc in boot1 so we would not conflict with libsa.
We should support removing vdev from boot pool. Update loader zfs reader
to support com.delphix:removing.
Andriy Gapon [Thu, 22 Aug 2019 07:17:49 +0000 (07:17 +0000)]
MFC r350894: a stop gap fix for a race between dnode_hold and dnode_sync_free
The race was introduced in r337669, the large dnode feature import from
ZoL. The problem was debugged by ZoL developers and then,
independently, on FreeBSD.
The fix is an early proposal by Brian Behlendorf:
https://github.com/behlendorf/zfs/commit/50f32ed74e42aa28522e9681fb8ae55239fa33a7
This fix never went into ZoL. A larger change that was committed later
included a different solution because of the re-worked code.
Ideally, we want to revert this fix and re-synchronize FreeBSD large
dnode code with that in illumos (or newer ZoL). illumos has a later
import of the feature from ZoL that does not have the bug.
John Baldwin [Wed, 21 Aug 2019 23:44:46 +0000 (23:44 +0000)]
MFC 350666:
Tidy up the list of auth and encryption algorithms for IPsec stats.
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
the names accepted by setkey and to also avoid confusion since
these are not "plain" MD5 or SHA1.
- Remove always-true #ifdef's to make the source a bit easier to
read.
- Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac.
John Baldwin [Wed, 21 Aug 2019 22:42:08 +0000 (22:42 +0000)]
MFC 348970,348974:
Make the warning intervals for deprecated crypto algorithms tunable.
348970:
Make the warning intervals for deprecated crypto algorithms tunable.
New sysctl/tunables can now set the interval (in seconds) between
rate-limited crypto warnings. The new sysctls are:
- kern.cryptodev_warn_interval for /dev/crypto
- net.inet.ipsec.crypto_warn_interval for IPsec
- kern.kgssapi_warn_interval for KGSSAPI
348974:
Move declaration of warninterval out from under COMPAT_FREEBSD32.
This fixes builds of kernels without COMPAT_FREEBSD32.