Warner Losh [Fri, 2 Dec 2022 19:41:01 +0000 (12:41 -0700)]
kboot: Use unsigned long long.
For the 64-bit platforms, this is a nop. Currently kboot only supports
64-bit platforms, though. If we support 32-bit in the future, this will
become important.
Warner Losh [Fri, 2 Dec 2022 18:28:08 +0000 (11:28 -0700)]
kboot: Enhance hostdisk
Added missing functionality to allow us to boot off of things like
/dev/nvme0n1p2 successfully. And to list all available devices and
partitions with 'lsdev'.
Warner Losh [Fri, 2 Dec 2022 18:10:42 +0000 (11:10 -0700)]
kboot: amd64 use /sys/firmware/memmap to find free memory
Use the system's firmware memory map to find a good place to put the
kernel that won't stomp on anything else. While this uses obstensibly MI
interfaces to get this data, arm64 doesn't have this, nor does
powerpc64, so place it here.
Warner Losh [Fri, 2 Dec 2022 17:47:32 +0000 (10:47 -0700)]
full-test: Start of a full testing suite.
full-test.sh aims to be a test suite generator for the boot loader. It
tries to grab artifacts from the web and then constructs minimal boot
environments from that as well as writing qemu-system-* using scripts
that facilitates testing all the ways we can boot... At least all the
ways that we an boot that qemu can emulate.
This is very much a work in progress, and likely could use a good
cleanup at some point.
Warner Losh [Fri, 2 Dec 2022 17:47:22 +0000 (10:47 -0700)]
devd: Warn for deprecated 'kern' system type
One year ago, I deprecated 'kern' in favor of 'kernel' for the system
name for some power events. I'm about to remove it from the kernel, but
realized there's been no warning generated for users. Preserve POLA by
converting on the fly here and issuing a warning for 14.x, and an fatal
error after we branch 15. Make compiling it an error on 16 to remove
the gross hack after we branch.
Cy Schubert [Thu, 1 Dec 2022 00:11:18 +0000 (16:11 -0800)]
heimdal: Fix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.
PR: 268062
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 days
linuxkpi: Add `seqcount_mutex_t` support in <linux/seqlock.h>
To achieve that, the header uses the C11 type generic selection keyboard
_Generic() because the macros are supposed to work with seqcount_t
and seqcount_mutex_t.
Jakub Kolodziej [Thu, 1 Dec 2022 08:02:52 +0000 (09:02 +0100)]
lm75: Refactor code to fix io error
Use correct resolution by compat table. If dtb is not defined use default 9 bit mode.
11 bit detection is called if 9 bit mode is used.
Sysctl resolution variable is added to change resolution in case.
Some sensors didn't pull ACK while reading from nonexistent registers and it caused I2C
read error and detect failure, so now detect failure does not cause driver break.
lib/googletest used -Wno-deprecated-declarations to silence warnings
about usage of deprecated std::auto_ptr, but auto_ptr is not (now) used
anywhere in googletest.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37561
Warner Losh [Wed, 30 Nov 2022 23:28:51 +0000 (16:28 -0700)]
arm64/machdep: Reserve memory when we find Linux EFI reserved memory table
When Linux loads a new kernel via kexec, somtiems it must reserve memory
for devices that are still active (and typically can't be reset or
shutdown). When present, this table is a linked list of ranges that are
still in use that the OS must avoid using.
Mark these areas as reserved.
This is part of the GICv3 workaround code where we must use the PA
addresses already programmed into the GICv3 when we take over. This part
ensure we don't allocate the mmeory for anything else.
Warner Losh [Wed, 30 Nov 2022 23:28:01 +0000 (16:28 -0700)]
arm64/machdep: Add parameter to the EFI table walking code
It would be nice to be able to pass an arbitrary pointer to the callback
code. Add one, and pass NULL in all the places that we do that today.
As noted by andrew@, we should likely refactor this into MI code and use
it here and amd64, but for the future.
John Baldwin [Wed, 30 Nov 2022 22:50:35 +0000 (14:50 -0800)]
Silence GCC warnings when using libc++ headers.
GCC 12 raises warnings about literal operator suffixes not preceded by
'_' in libc++ headers such as <string_view> as it doesn't recognize
libc++ headers being an implementation of the standard.
GCC 12 also warns about clang-specific pragmas in <locale>.
Disabling these warnings globally for all C++ code is not ideal, but
is a better option than patching libc++ headers to ignore these
warnings.
Warner Losh [Wed, 30 Nov 2022 22:10:23 +0000 (15:10 -0700)]
stand/ofw: Refactor ofw parsedev
Both ofw_disk and ofw_net use the same parsedev routine, except for the
string passed in to match the ofw device node's type. Create a routine
to do that and connect these two users up to that.
Warner Losh [Wed, 30 Nov 2022 22:10:11 +0000 (15:10 -0700)]
ofw/disk: Add parsedev support
Add a parsedev support for OpenFirmware disks. We must look at
characteristics of the OFW node to know if we match this device (so
supply a match routine) or not. Add a parsing routine to allocate
devdesc for OpenFirmware disks as well.
Warner Losh [Wed, 30 Nov 2022 22:09:51 +0000 (15:09 -0700)]
stand: Add dv_match
On OpenFirmware, and possibly kboot, we use full path names for the
objects that are the 'device'. kboot uses a hack of knowing that all
disk device nodes start with '/dev', but this generalizes it for
OpenFirmware where both 'block' and 'network' devices live in the same
namespace and one must ask the OF node its type to know if this device
type matches.
For drivers that don't specify, the current convention of using
strncmp() is retained. This is done only in devparse(), but everything
uses it directly (or will soon).
Warner Losh [Wed, 30 Nov 2022 22:09:36 +0000 (15:09 -0700)]
stand: parsedev API change: devspec now points to start of full device name
To support more flexible device matching, we now pass in the full
devspec to the parsedev routines. For everything execpt uboot, this is
just a drop in (since everything except uboot and openfirmware always
uses disk...: and/or zfs:, but openfirmware isn't really affected).
uboot we kludge around it by subtracting 4 from where the rest of the
device name starts. This is unforunate, and can compute the address one
before the string. But we never dereference that address. uboot needs
more work, and this is an acceptable UB until that other work happens.
OFW doesn't really use the parsedev routines these days (since none of
the supported device uses this... yet). It too needs more work, but it
needs device matching support first.
Warner Losh [Wed, 30 Nov 2022 22:09:23 +0000 (15:09 -0700)]
stand/ofw: ofw_disk isn't really a disk
The rest of the code in the tree assumes that a DEVT_DISK uses a
disk_devdesc to represent the device. However ofw_disk diesn't, so we
can't use disk_fmtdev, nor disk_parsedev. ofw needs to have a
dv_match-like routine to use devpasrse, though, since we have two
drivers (net and block) that claim the same sort of devices (eg
/path/to/ofw-dev) based on the device-type property. In the interim, we
can't use devmatch and ofw_disk's and the default net driver's parsing
is offloaded ofw_parsedev.
Warner Losh [Wed, 30 Nov 2022 22:08:42 +0000 (15:08 -0700)]
stand: Introduce devparse to parse device / path strings
devparse is now the preferred interface to use to parse device
strings or device:/path strings. It parses the passed in string,
mallocs the device's particular devdesc string and returns the
'remainder' of the device:/path for further processing.
Warner Losh [Wed, 30 Nov 2022 22:08:36 +0000 (15:08 -0700)]
stand: Introduce new dv_parsedev routine
Allow device classes to define a parsing routine. Most device classes
already have these routines, but there's much duplication in their
use. Define an interface for a common routine to parse an individual
device. By convetion, files have the form "[device:]/path/to/file"
where device is optional (filled in to be the value of currdev)
and it starts with the dv_name field of the device, with the rest
of the name up to the device (typically a unit number, but disks
add partition inforation, and other devices may do artibtrary
otehr things).
Warner Losh [Wed, 30 Nov 2022 22:08:22 +0000 (15:08 -0700)]
stand: Change zfs_parsedev() API
Change the first argument to zfs_parsedev() to be a pointer to a struct
devdesc *. This now gets filled in with a malloc'd structure that's
returned to the caller that the caller is repsonsible for freeing. Most
nplaces in the tree passed in a malloc'd pointer anyway, and this moves
knowledge of zfs_devdesc more firmly into the zfs.c code.
Warner Losh [Wed, 30 Nov 2022 22:08:15 +0000 (15:08 -0700)]
stand: Change disk_parsedev() API
Change the first argument to disk_parsedev() to be a pointer to a struct
devdesc *. This now gets filled in with a malloc'd structure that's
returned to the caller that the caller is repsonsible for freeing. Most
places in the tree passed in a malloc'd pointer anyway, and this moves
knowledge of disk_devdesc more firmly into the disk.[ch] code.
John Baldwin [Wed, 30 Nov 2022 21:06:46 +0000 (13:06 -0800)]
vmm: Remove stale comment for vm_rendezvous.
Support for rendezvous outside of a vcpu context (vcpuid of -1) was
removed in commit 949f0f47a4e7, and the vm, vcpuid argument pair was
replaced by a single struct vcpu pointer in commit d8be3d523dd5.
Warner Losh [Wed, 30 Nov 2022 18:08:16 +0000 (11:08 -0700)]
clang: Define NO_WDEPRECATED_NON_PROTOTYPE for clang 15
Clang 15 enforces function definitions using the C89 form rather than
the K&R form. While not strictly a prototype (which is only for a
declaration), use the name that mirror's clang's warning name. Much code
in contrib still uses K&R function definitions, so invent this for
compiling there.
netlink: suppress sending NLMSG_ERROR if NLMSG_DONE is already sent
Netlink has a confirmation/error reporting mechanism for the sent
messages. Kernel explicitly acks each messages if requested (NLM_F_ACK)
or if message processing results in an error.
Similarly, for multipart messages - typically dumps, where each message
represents a single object like an interface or a route - another
message, NLMSG_DONE is used to indicate the end of dump and the
resulting status.
As a result, successfull dump ends with both NLMSG_DONE and NLMSG_ERROR
messages.
RFC 3549 does not say anything specific about such case.
Linux adopted an optimisation which suppresses NLMSG_ERROR message
when NLMSG_DONE is already sent. Certain libraries/applications like
libnl depends on such behavior.
Suppress sending NLMSG_ERROR if NLMSG_DONE is already sent, by
setting newly-added 'suppress_ack' flag in the writer and checking
this flag when generating ack.
This change restores libnl compatibility.
Before:
```
~ nl-link-list
Error: Unable to allocate link cache: Message sequence number mismatch
````
Tom Jones [Thu, 17 Nov 2022 10:31:38 +0000 (10:31 +0000)]
ping: Fix handling of IP packet sizes
Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.
Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.
Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #77
Differential Revision: https://reviews.freebsd.org/D37195
Bjoern A. Zeeb [Tue, 29 Nov 2022 18:21:05 +0000 (18:21 +0000)]
net80211: fix IEEE80211_DEBUG_REFCNT builds
Remove the KPI/KBI changes from ieee80211_node.h and always use the
macros to pass in __func__ and __LINE__ to the functions.
The actual implementations are prefixed by "_" rather than suffixed
by "_debug" as they no longer are "debug"-specific.
Some of the select functions were not actually using the passed in
func, line options; however they are calling other functions which
use them. Directly call the internal implementation in those cases
passing the arguments on.
Use a file-local __debrefcnt_used define to mark the arguments __unused
in cases when we compile without IEEE80211_DEBUG_REFCNT and hope the
toolchain is intelligent enough to not pass them at all in those cases.
Also _ieee80211_free_node() now has a conflict so make the previous
_ieee80211_free_node() the new __ieee80211_free_node().
Add IEEE80211_DEBUG_REFCNT to the NOTES file on amd64 to keep exercising
the option.
Sponsored by: The FreeBSD Foundation
X-MFC: never
Discussed on: freebsd-wireless
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D37529
Ed Maste [Wed, 23 Nov 2022 17:14:18 +0000 (12:14 -0500)]
csh: install hard link with same mode as target
Previously when using NO_ROOT we recorded METALOG entries for the /.cshrc
hard link with a different file mode than the link target, which is not
permitted.
We cannot just set LINKMODE here as it would also apply to the hard link
for the tcsh binary.
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37499
Warner Losh [Tue, 29 Nov 2022 20:02:40 +0000 (13:02 -0700)]
stand/ofw: Use strpbrk instead of two strchrs
No need to call strchr twice, when one call to strpbrk will do the
job.. Test booted with qemu-powerpc + mac99 successfully.
Minor style(9) tweaks as well.
Roger Pau Monné [Tue, 29 Nov 2022 15:21:51 +0000 (16:21 +0100)]
xen/acpi: only evaluate Processor objects matching online CPUs
Current Xen Processor driver will evaluate any Processor object on the
ACPI tables regardless of whether the processor is online or not.
Avoid doing so for processors that are not online, as evaluating
methods of processors that are not online could lead to accesses to
invalid memory, and in any case the data that the driver fetches from
the Processor ACPI object only makes sense for processors that are
online.
Note the CPU related data fetched from Xen using XENPF_get_cpuinfo
hypercall could be cached, I leave that as a future optimization.
Sponsored by: Citrix Systems R&D Fixes: b93f47eaeef7 ('xen/acpi: upload Cx and Px data to Xen')
Jessica Clarke [Tue, 29 Nov 2022 03:09:51 +0000 (03:09 +0000)]
bsdinstall: Fix local_unbound option default on revisit
The variable used for the checklist's default value needs to correspond
to the rc.conf variable as that's what's being parsed to determine them.
In the case of local_unbound it's missing the _enable suffix and thus
always defaults to off on revisit.
Fixes: 58eb9abb3157 ("Add a line to the post-installation configuration dialog to enable the local_unbound service.")
Jessica Clarke [Tue, 29 Nov 2022 02:56:25 +0000 (02:56 +0000)]
bsdinstall: Fix issues parsing rc.conf.services on revisit
There are a few issues here, some of which are hiding others. The first
is that we don't use double quotes around the command substitution so
every word in the conf file is treated as a separate argument to eval,
resulting in spaces being used in place of newlines and thus comments in
the file commenting out the rest of the file, not just to the end of
their line. In particular, we insert one comment just before the dumpdev
entry (the final one in the file) and so we never see dumpdev as set,
and thus set a default value of on for the menu.
The second issue is that, for dumpdev, it takes a value of AUTO not YES
when set, but we don't replace this with on when eval'ing, so then end
up giving AUTO to bsddialog which is interpreted the same as off (which
seems to match GPL dialog). Thus handle AUTO like YES otherwise it will
always appear as unchecked on revisit.
The final issue is that our case-insensitive YES/NO (and now AUTO)
replacements have no word boundaries around them so match the middle of
words too. As it happens this doesn't matter in practice at the moment,
but it could in future; currently the only effect is that it rewrites
moused_nondefault_enable to moused_offndefault_enable, but since this
variable is never read, only written based on moused(_enable) this is
harmless, but we should fix it in case a service comes along in future
that does get affected by it.
Jessica Clarke [Tue, 29 Nov 2022 00:57:38 +0000 (00:57 +0000)]
bsdinstall: Fix ntpd_sync_on_start service option
This installer option is currently totally useless, as it ends up
creating an ntpd_sync_on_start_enable="YES" entry in rc.conf, not an
ntpd_sync_on_start="YES" entry, as is the correct name. This can also be
noticed by revisiting the services menu, which parses the previously
written rc.conf.services file to set variables governing the default
menu entry values so that selecting OK regenerates the same file, as the
menu entry will use the correct variable name and thus think the entry
was not selected last time, defaulting back to off and losing the
setting.
Thus, add a special case in the loop for this option. The only other
entry that doesn't follow the *_enable pattern is dumpdev (even moused
does, it just also sets a second variable), but that also deviates in
terms of being explicitly set either way and using AUTO rather than YES,
hence why ntpd_sync_on_start follows a different pattern here and is
special-cased rather than introducing a whole new variable that governs
behaviour outside the loop.
Fixes: c153a35bfd71 ("bsdinstall: replace ntpdate by ntpd_sync_on_start")
John Baldwin [Tue, 29 Nov 2022 01:10:30 +0000 (17:10 -0800)]
bhyve: Avoid passing a possible garbage pointer to free().
All of the error paths in pci_vtcon_sock_add free the sock pointer.
However, sock is not initialized until part way through the function.
An early error would pass stack garbage to free().
John Baldwin [Tue, 29 Nov 2022 01:10:07 +0000 (17:10 -0800)]
bhyve: Appease warning about a potentially unaligned pointer.
When initializing the device model for a PCI pass through device that
uses MSI-X, bhyve reads the MSI-X capability from the real device to
save a copy in the emulated PCI config space. It also saves a copy in
a local struct msixcap on the stack. Since struct msixcap is packed,
GCC complains that casting a pointer to the struct to a uint32_t
pointer may result in an unaligned pointer.
This path is not performance critical, so to appease the compiler,
simply change the pointer to a char * and use memcpy to copy the 4
bytes read in each iteration of the loop.
John Baldwin [Tue, 29 Nov 2022 01:09:15 +0000 (17:09 -0800)]
bhyve: Avoid unlikely truncation of the blockif ident strings.
The ident string for NVMe and VirtIO block deivces do not contain the
bus, and the various fields can potentially use up to three characters
when printed as unsigned values (full range of uint8_t) even if not
likely in practice.
John Baldwin [Tue, 29 Nov 2022 01:08:09 +0000 (17:08 -0800)]
bhyve: Fix sign compare warnings in the e1000 device model.
Adding a bare constant to a uint16_t promotes to a signed int which
triggers these warnings. Changing the constant to be explicitly
unsigned instead promotes the expression to unsigned int.
Bjoern A. Zeeb [Mon, 28 Nov 2022 21:21:06 +0000 (21:21 +0000)]
LinuxKPI: 802.11: minor header updates
- add comments for enum values constantly looked up, and another one to
a net80211 equivalent (should possibly re-define those in the future?)
- add another nl80211_sta_info flag
- add enum environment_cap used in cfg80211.h in the future.
Bjoern A. Zeeb [Mon, 28 Nov 2022 20:54:57 +0000 (20:54 +0000)]
LinuxKPI: SKB update
- skb_reset_tail_pointer(): we do not do offsets so do a plain reset
- skb_add_rx_frag(): adjust data_len to keep track of the frag
- based on that implement skb_is_nonlinear() and skb_linearize()
- implement build_skb() and adjust linuxkpi_kfree_skb() and ddb macro.
Sponsored by: The FreeBSD Foundation (partially)
MFC after: 3 days
Kristof Provost [Tue, 22 Nov 2022 13:43:59 +0000 (14:43 +0100)]
pf: drop support for fragment crop|drop-ovl
We removed the code for these modes back in 2015, but converted such
configurations to 'scrub fragment reassemble'. It's been long enough,
drop the backwards compatibility glue too.
Kristof Provost [Tue, 22 Nov 2022 13:23:27 +0000 (14:23 +0100)]
pf: allow scrub rules without fragment reassemble
scrub rules have defaulted to handling fragments for a long time, but
since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611
this has become less obvious and more expensive ("reassemble" being the
more expensive option, even if it's the one the vast majority of users
should be using).
Extend the 'scrub' syntax to allow fragment reassembly to be disabled,
while retaining the other scrub behaviour (e.g. TTL changes, random-id,
..) using 'scrub fragment no reassemble'.
Bjoern A. Zeeb [Mon, 28 Nov 2022 15:12:58 +0000 (15:12 +0000)]
LinuxKPI: iwlwifi: rtw88: rtw89: remove budget argument from netif_napi_add()
In preparation for future updates remove the budget argument from the
netif_napi_add() in drivers and update LinuxKPI to reflect that it is
gone and only set it internally. This required changes to the currently
committed wireless drivers based on LinuxKPI (iwlwifi, rtw88, rtw89).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Eugene Grosbein [Mon, 28 Nov 2022 14:22:39 +0000 (21:22 +0700)]
pw(8): fix combination of modes -N and -w random
The command "pw usermod nobody -Nw random" (or useradd)
generates random password and prints it in encrypted form
but skips choosen random string that makes not much sense
and contradicts the manual page pw.8
Fix it by showing random password in plain text with -N and
without it equally. Add yet another example of how to generate
pw-style random password.
Warner Losh [Sun, 27 Nov 2022 20:23:28 +0000 (13:23 -0700)]
ofw: Cast function pointer to proper type
clang 15 insists that we call entry() via a function prototype. Rather
than copping out and using (...), cast it to the same prototype that's
used elsewhere (with tweaks to pointers to make them fit into that
prototype). No functional change.