Assign process group of the TTY under the "proctree_lock".
This fixes a race where concurrent calls to doenterpgrp() and
leavepgrp() while TIOCSCTTY is executing may result in tp->t_pgrp
changing value so that tty_rel_pgrp() misses clearing it to NULL. For
more details refer to the use of pgdelete() in the kernel.
No functional change intended.
Panic backtrace:
__mtx_lock_sleep() # page fault due to using destroyed mutex
tty_signal_pgrp()
tty_ioctl()
ptsdev_ioctl()
kern_ioctl()
sys_ioctl()
amd64_syscall()
Fix SYNPOSIS section to point to the proper include directive.
netgraph(3) points to #include <netgraph/netgraph.h>, which is kernel only.
The man page refers to the user-space part of the netgraph module, which is
located in <netgraph.h>.
bhyve: Fix processing of netgraph backend options.
After r360820, additional parameters are passed through the argument 'opts', and the name of the backend through the argument 'devname'. So, there is no need to skip the backend name from the 'opts' argument.
Ryan Moeller [Thu, 14 May 2020 23:38:11 +0000 (23:38 +0000)]
jail: Add exec.prepare and exec.release command hooks
This change introduces new jail command hooks that run before and after any
other actions.
The exec.prepare hook can be used for example to invoke a script that checks
if the jail's root exists, creating it if it does not. Since arbitrary
variables in jail.conf can be passed to the command, it can be pretty useful
for templating jails.
An example use case for exec.release would be to remove the filesystem of an
ephemeral jail.
The names "prepare" and "release" are borrowed from the names of similar hooks
in libvirt.
Kyle Evans [Thu, 14 May 2020 23:20:58 +0000 (23:20 +0000)]
pf tests: fix up a couple WARNS= 6 nits
common_init_tbl is only used within this single CU, so it should be marked
static.
WARNS=6 also complained about the var defined by
`ATF_TC_WITH_CLEANUP(getastats);` being unused, which turns out to be
because it's not been hooked up in ATF_TP_ADD_TCS. kp@ did not immediately
recall any reason for this, and the case passes on my local system, so hook
it up.
Note that I've not yet set WARNS= 6 here. Investigation is underway to see
if we can feasibly default WARNS to 6 for src builds to catch directories
too deep to inherit a WARNS from the top-level subdirectories' Makefile.inc.
Those particular WARNS settings will be subsequently removed as they become
redundant with a more-global default.
Peter Grehan [Thu, 14 May 2020 22:18:12 +0000 (22:18 +0000)]
Hide host CPUID 0x15 TSC/Crystal ratio/freq info from guest
In recent Linux (5.3+) and OpenBSD (6.6+) kernels, and with hosts that
support CPUID 0x15, the local APIC frequency is determined directly
from the reported crystal clock to avoid calibration against the 8254
timer.
However, the local APIC frequency implemented by bhyve is 128MHz, where
most h/w systems report frequencies around 25MHz. This shows up on
OpenBSD guests as repeated keystrokes on the emulated PS2 keyboard
when using VNC, since the kernel's timers are now much shorter.
Fix by reporting all-zeroes for CPUID 0x15. This allows guests to fall
back to using the 8254 to calibrate the local APIC frequency.
Future work could be to compute values returned for 0x15 that would
match the host TSC and bhyve local APIC frequency, though all dependencies
on this would need to be examined (for example, Linux will start using
0x16 for some hosts).
Fix spurious ENOTCONN from closed unix domain socket other' side.
Sometimes, when doing read(2) over unix domain socket, for which the
other side socket was closed, read(2) returns -1/ENOTCONN instead of
EOF AKA zero-size read. This is because soreceive_generic() does not
lock socket when testing the so_state SS_ISCONNECTED|SS_ISCONNECTING
flags. It could end up that we do not observe so->so_rcv.sb_state bit
SBS_CANTRCVMORE, and then miss SS_ flags.
Change the test to check that the socket was never connected before
returning ENOTCONN, by adding all state bits for connected.
Reported and tested by: pho
In collaboration with: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24819
Kyle Evans [Thu, 14 May 2020 17:52:29 +0000 (17:52 +0000)]
inetd(8): Add comments to all examples
Submitted by: debdrup (with some minor changes by kevans)
Reviewed by: bcr (manpages)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24818
Mark Johnston [Thu, 14 May 2020 16:07:27 +0000 (16:07 +0000)]
Call acpi_pxm_set_proximity_info() slightly earlier on x86.
This function is responsible for setting pc_domain in each pcpu
structure. Call it from the main function that starts APs, rather than
a separate SYSINIT. This makes it easier to close the window where
UMA's per-CPU slab allocator may be called while pc_domain is
uninitialized. In particular, the allocator uses pc_domain to allocate
domain-local pages, so allocations before this point end up using domain
0 for everything.
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24757
Add new stats(7) man page and hook it up to the build.
This man page contains stat utilities that are available in
the base system. This is a better approach than looking them
up via "apropos stat" or similar commands.
Thanks to Daniel Ebdrup Jensen for writing the original page
and incorporating the feedback given.
Submitted by: Daniel Ebdrup Jensen
Reviewed by: 0mp, allanjude, brueffer, bcr
Approved by: bcr
MFC after: 3 days
Relnotes: yes (new stats(7) man page)
Differential Revision: https://reviews.freebsd.org/D24417
Kyle Evans [Thu, 14 May 2020 03:25:12 +0000 (03:25 +0000)]
certctl(8): don't completely nuke $CERTDESTDIR
It's been reported/noted that a well-timed `certctl rehash` will completely
obliterate $CERTDESTDIR, which may get used by ports or system
administrators. While we can't guarantee the certctl semantics when other
non-certctl-controlled bits live here, we should make some amount of effort
to play nice.
Pruning all existing links, which we'll subsequently rebuild as needed, is
sufficient for our needs. This can still be destructive, but it's perhaps
less likely to cause issues.
I also note that we should probably be pruning /etc/ssl/blacklisted upon
rehash as well.
Reported by: cem's dovecot server
MFC after: 3 days
Warner Losh [Wed, 13 May 2020 19:17:28 +0000 (19:17 +0000)]
Reimplement aliases in geom
The alias needs to be part of the provider instead of the geom to work
properly. To bind the DEV geom, we need to look at the provider's names and
aliases and create the dev entries from there. If this lives in the GEOM, then
it won't propigate down the tree properly. Remove it from geom, add it provider.
Update geli, gmountver, gnop, gpart, and guzip to use it, which handles the bulk
of the uses in FreeBSD. I think this is all the providers that create a new name
based on their parent's name.
Kyle Evans [Wed, 13 May 2020 18:07:37 +0000 (18:07 +0000)]
kernel: provide panicky version of __unreachable
__builtin_unreachable doesn't raise any compile-time warnings/errors on its
own, so problems with its usage can't be easily detected. While it would be
nice for this situation to change and compilers to at least add a warning
for trivial cases where local state means the instruction can't be reached,
this isn't the case at the moment and likely will not happen.
This commit adds an __assert_unreachable, whose intent is incredibly clear:
it asserts that this instruction is unreachable. On INVARIANTS builds, it's
a panic(), and on non-INVARIANTS it expands to __unreachable().
Existing users of __unreachable() are converted to __assert_unreachable,
to improve debuggability if this assumption is violated.
Jessica Clarke [Wed, 13 May 2020 17:20:51 +0000 (17:20 +0000)]
riscv: Fix pmap_protect for superpages
When protecting a superpage, we would previously fall through to the
non-superpage case and read the contents of the superpage as PTEs,
potentially modifying them and trying to look up underlying VM pages that
don't exist if they happen to look like PTEs we would care about. This led
to nginx causing an unexpected page fault in pmap_protect that panic'ed the
kernel. Instead, if we see a superpage, we are done for this range and
should continue to the next.
Adrian Chadd [Wed, 13 May 2020 16:36:42 +0000 (16:36 +0000)]
[ath] Prepare for .. more sample rate control entries
This is in preparation for me bumping how many size buckets are used
for ath_rate_sample statistics.
* Bump buffer size to 64k
* Don't waste 4 lines per bucket size, condense it to two
* Alternate colours; my logic made everything after the first two just
be black. Oops.
Andriy Gapon [Wed, 13 May 2020 06:24:54 +0000 (06:24 +0000)]
sound/hda: newer AMD devices still require the same PCIe snoop
So, replicate the ATI vendor snoop configuration for the AMD vendor.
I think that this should fix a number of cases where users currently
have to resort to polling or disabling MSI.
Kyle Evans [Wed, 13 May 2020 02:17:27 +0000 (02:17 +0000)]
inetd(8): Provide HTTP proxy example using netcat
One of the fortunes that are included in freebsd-tips talks about how
the superserver can be used to proxy connections with netcat, but there are
no examples provided. This commit adds an example with comment explaining
what it does.
Warner Losh [Wed, 13 May 2020 00:18:44 +0000 (00:18 +0000)]
Make the ata probe* and xpt* routines aprobe* and axpt* respectively.
Often, in traiging core files, one only has a traceback of where a
panic occurred. We have probe* and xpt* routines that live in both the
scsi and ata layers with identical names. To make one or the other
stand out, prefix all the probe and xpt routines in ata with an
'a'. I've left the scsi ones alone since they were there first and are
more numerous. I also rejected using #define to do this as being too
confusing. I chose this method because the CAM name for the probe
device was already 'aprobe'.
Normally, this doesn't matter because file scope protects one from
interfering with the other. However, due to the indirect nature of
CAM's state machine, you don't know if the following traceback is
SCSI or ATA:
xpt_done
probedone
xpt_done_process
xpt_done_td
fork_exit
Adrian Chadd [Wed, 13 May 2020 00:05:11 +0000 (00:05 +0000)]
[ath] [ath_rate] Add some extra data into the rate control lookup.
Right now (well, since I did this in 2011/2012) the rate control code
makes some super bad choices for 11n aggregates/rates, and it tracks
statistics even more questionably.
It's been long enough and I'm now trying to use it again daily, so let's
start by:
* telling the rate control code if it's an aggregate or not;
* being clearer about the TID - yes it can be extracted from the
ath_buf but this way it can be overridden by the caller without
changing the TID itself.
(This is for doing experiments with voice/video QoS at some point..)
* Return an optional field to limit how long the aggregate is in
microseconds. Right now the rate control code supplies a rate table
and the ath aggr form code will look at the rate table and limit
the aggregate size to 4ms at the slowest rate. Yeah, this is pretty
terrible.
* Add some more TODO comments around handling txpower, rate and
handling filtered frames status so if I continue to have spoons for
this I can go poke at it.
Warner Losh [Tue, 12 May 2020 22:44:51 +0000 (22:44 +0000)]
Refine the history of uname. It appeared in 4.4BSD. It was not in v7 unix. It
was one of the additions in PWB, and appeared in System III and later commercial
versions of Unix. The different args to uname weren't aded until System III. Add
a quick note to note the late entry into the BSD fork of Unix since PWB
otherwise implies a pre-fork date.
Lot of third-party Linux code uses #include <malloc.h>, expecting to
find the malloc extensions there. Instead of trying to fight them,
accept that attempt to deprecate the header causes more troubles than
solves potential portability issues, and provide our jemalloc
extensions.
PR: 155429
Reviewed by: imp, jhibbits, dab, hselasky, philip, emaste, jilles
Exp-run by: antoine (PR 245366)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D24297
Do not include stdbool.h, it makes the header incompatible with some
third-party code that typedefs bool manually.
Remove inclusion of strings.h, which typically conflicts with the use
of symbol 'index'.
Separate inclusion of sys/cdefs.h is not needed because sys/types.h
already handles that.
Exp-run by: antoine (PR 245366)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24297
Andrew Gallatin [Tue, 12 May 2020 17:18:44 +0000 (17:18 +0000)]
IPv6: Fix a panic in the nd6 code with unmapped mbufs.
If the neighbor entry for an IPv6 TCP session using unmapped
mbufs times out, IPv6 will send an icmp6 dest. unreachable
message. In doing this, it will try to do a software checksum
on the reflected packet. If this is a TCP session using unmapped
mbufs, then there will be a kernel panic.
To fix this, just free packets with unmapped mbufs, rather
than sending the icmp.
Mark Johnston [Tue, 12 May 2020 17:00:47 +0000 (17:00 +0000)]
librtld_db: Fix shlib mapping offsets.
kve_offset gives the offset into the backing file, which is not what we
want since different segments may map the same page. Use the base of
the mapping to determine the offset exported by librtld_db instead.
PR: 244732
Reported by: Jenkins, Nicolò Mazzucato <nicomazz97@gmail.com>
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Ed Maste [Tue, 12 May 2020 16:38:28 +0000 (16:38 +0000)]
libalias: fix potential memory disclosure from ftp module
admbugs: 956
Submitted by: markj
Reported by: Vishnu Dev TJ working with Trend Micro Zero Day Initiative
Security: FreeBSD-SA-20:13.libalias
Security: CVE-2020-7455
Security: ZDI-CAN-10849
Ed Maste [Tue, 12 May 2020 16:33:04 +0000 (16:33 +0000)]
libalias: validate packet lengths before accessing headers
admbugs: 956
Submitted by: ae
Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Reported by: Vishnu working with Trend Micro Zero Day Initiative
Security: FreeBSD-SA-20:12.libalias
Eric van Gyzen [Tue, 12 May 2020 15:22:40 +0000 (15:22 +0000)]
Remove tests for obsolete compilers in the build system
Assume gcc is at least 6.4, the oldest xtoolchain in the ports tree.
Assume clang is at least 6, which was in 11.2-RELEASE. Drop conditions
for older compilers.
Andrew Gallatin [Tue, 12 May 2020 14:01:12 +0000 (14:01 +0000)]
IPv6: sync IP_NO_SND_TAG_RL support from IPv4
The IP_NO_SND_TAG_RL flag to ip{,6}_output() means that the packets
being sent should bypass hardware rate limiting. This is typically used
by modern TCP stacks for rexmits.
This support was added to IPv4 in r352657, but never added to IPv6, even
though rack and bbr call ip6_output() with this flag.
Add a new bhyve network backend that allow to connect the VM to the netgraph(4) network.
The backend uses the socket API with the PF_NETGRAPH protocol family, which is provided by the ng_socket(4).
To use the new backend, provide the following bhyve option:
-s X:Y:Z,[virtio-net|e1000],netgraph,socket=[ng_socket name],path=[destination node],hook=[our socket src hook],peerhook=[dst node hook]
Andriy Gapon [Tue, 12 May 2020 09:31:48 +0000 (09:31 +0000)]
amd64/pmap: unbreak !NUMA case for fictitious pages
A fictitious page can have a physical address beyond the end of the RAM.
In the NUMA case there is some special code to handle such pages, but in
the other case the pages are handled the same as normal pages. So, we
cannot assert that the physical address is within RAM addresses.
Suggested by: kib
Reviewed by: kib
X-MFC note: NUMA support has not been MFC-ed
Andriy Gapon [Tue, 12 May 2020 09:04:57 +0000 (09:04 +0000)]
zfs allow/unallow should work with numeric uid/gid
And that should work even (especially) if there is no matching user or
group name. This change allows to see and modify delegations for
deleted groups and users.
The change is originally by Xin Li.
illumos report: https://www.illumos.org/issues/6037
OpenZFS (ZoL) PR: https://github.com/openzfs/zfs/pull/10280
Adrian Chadd [Tue, 12 May 2020 02:20:27 +0000 (02:20 +0000)]
[ath_hal] [ath_hal_ar9300] Fix endian macros to work in and out of kernel tree.
Yes, people shouldn't use bitfields in C for structure parsing.
If someone ever wants a cleanup task then it'd be great to remove them
from this vendor code and other places in the ar9285/ar9287 HALs.
Alas, here we are.
AH_BYTE_ORDER wasn't defined and neither were the two values it could be.
So when compiling ath_ee_print_9300 it'd default to the big endian struct
layout and get a WHOLE lot of stuff wrong.
So:
* move AH_BYTE_ORDER into ath_hal/ah.h where it can be used by everyone.
* ensure that AH_BYTE_ORDER is actually defined before using it!
This should work on both big and little endian platforms.
Brandon Bergren [Tue, 12 May 2020 01:04:50 +0000 (01:04 +0000)]
[PowerPC64] Minor correctness fix in rstcode.
TRAP_ENTRY(0) should be TRAP_GENTRAP(0) here.
However, in practice, it doesn't matter, as the only time TRAP_ENTRY and
TRAP_GENTRAP can differ is when bridge mode is active, which is impossible
on the 64 bit kernel.
Fix it anyway in case we ever need to add a trap preamble on PPC64.
Conrad Meyer [Mon, 11 May 2020 22:57:21 +0000 (22:57 +0000)]
copystr(9): Move to deprecate [2/2]
Unlike the other copy*() functions, it does not serve to copy from one
address space to another or protect against potential faults. It's just
an older incarnation of the now-more-common strlcpy().
Add a coccinelle script to tools/ which can be used to mechanically
convert existing instances where replacement with strlcpy is trivial.
In the two cases which matched, fuse_vfsops.c and union_vfsops.c, the
code was further refactored manually to simplify.
Replace the declaration of copystr() in systm.h with a small macro
wrapper around strlcpy.
Remove N redundant MI implementations of copystr. For MIPS, this
entailed inlining the assembler copystr into the only consumer,
copyinstr, and making the latter a leaf function.
Conrad Meyer [Mon, 11 May 2020 22:48:00 +0000 (22:48 +0000)]
copystr(9): Move to deprecate [1/2]
Unlike the other copy*() functions, it does not serve to copy from one
address space to another or protect against potential faults. It's just
an older incarnation of the now-more-common strlcpy().
Reviewed by: jhb
MFC after: i² days
Differential Revision: yes (see 2/2)
Conrad Meyer [Mon, 11 May 2020 22:39:53 +0000 (22:39 +0000)]
geom(4) mirror: Do not panic on gmirror(8) insert, resize
Geom_mirror initialization occurs in spurts and the present of a
non-destroyed g_mirror softc does not always indicate that the geom has
launched (i.e., has an sc_provider).
Some gmirror(8) commands (via g_mirror_ctl) depend on a g_mirror's
sc_provider (insert and resize). For those commands, g_mirror_ctl is
modified to sleep-poll in an interruptible way until the target geom is
either launched or destroyed.
sigfastblock: fix delivery of the pending signals in single-threaded processes.
If single-threaded process receives a signal during critical section
established by sigfastblock(2) word, unblock did not caused signal
delivery because sigfastblock(SIGFASTBLOCK_UNBLOCK) failed to request
ast handling of the pending signals.
Set TDF_ASTPENDING | TDF_NEEDSIGCHK on unblock or when kernel forces
end of sigfastblock critical section, to cause syscall exit to recheck
and deliver any signal pending.
Reported by: corydoras@ridiculousfish.com
PR: 246385
Sponsored by: The FreeBSD Foundation
Kristof Provost [Mon, 11 May 2020 21:42:19 +0000 (21:42 +0000)]
opencrypto: Add missing ioctl exit SDTs
The opencrypto ioctl code has very useful probe points at the various exit
points. These allow us to figure out exactly why a request failed. However, a
few paths did not have these probe points. Add them here.
John Baldwin [Mon, 11 May 2020 20:40:30 +0000 (20:40 +0000)]
Remove incomplete support for plain MD5 from OCF.
Although a few drivers supported this algorithm, there were never any
in-kernel consumers. cryptosoft and cryptodev never supported it,
and there was not a software xform auth_hash for it.
Dimitry Andric [Mon, 11 May 2020 19:36:38 +0000 (19:36 +0000)]
Use -fno-asynchronous-unwind-tables to compile lib/csu
Summary:
In r209294 kib added -fno-asynchronous-unwind-tables to the compile
flags for the GNU C startup components. This was done to work around a
BFD ld assertion, "no .eh_frame_hdr table will be created", which is
produced because of the layout of the startup objects.
Add the same flag to lib/csu too, for the same reason. And similarly to
r209294, also add -fno-omit-frame-pointer.
This is primarily meant to quickly MFC to stable/11, so it can end up in
the 11.4 release, as a fix for https://bugs.freebsd.org/246322.
PR: 246322
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24797
Andrew Gallatin [Mon, 11 May 2020 19:17:33 +0000 (19:17 +0000)]
Ktls: never skip stamping tags for NIC TLS
The newer RACK and BBR TCP stacks have added a mechanism
to disable hardware packet pacing for TCP retransmits.
This mechanism works by skipping the send-tag stamp
on rate-limited connections when the TCP stack calls
ip_output() with the IP_NO_SND_TAG_RL flag set.
When doing NIC TLS, we must ignore this flag, as
NIC TLS packets must always be stamped. Failure
to stamp a NIC TLS packet will result in crypto
issues.
Mark Johnston [Mon, 11 May 2020 19:07:33 +0000 (19:07 +0000)]
Remove the svn:executable property from some pf test files.
The test makefiles will handle setting mode bits during install. Also,
Phabricator gets upset when uploading an executable plain-text file
without a shebang.
pf by default does not do per-table address accounting unless the
"counters" keyword is specified in the corresponding pf.conf table
definition. Yet, we always allocate 12 per-CPU counters per table. For
large tables this carries a lot of overhead, so only allocate counters
when they will actually be used.
A further enhancement might be to use a dedicated UMA zone to allocate
counter arrays for table entries, since close to half of the structure
size comes from counter pointers. A related issue is the cost of
zeroing counters, since counter_u64_zero() calls smp_rendezvous() on
some architectures.
Pursuant to r360398, implement driver-specific versions of the
ifdi_needs_restart iflib device method.
Some (if not most?) Intel network cards don't need reinitializing when a
VLAN is added or removed from the device hardware, so these implement
ifdi_needs_restart in a way that tell iflib not to bring the interface
up or down when a VLAN is added or removed, regardless of whether the
VLAN_HWFILTER interface capability flag is set or not.
This could potentially solve several PRs relating to link flaps that
occur when VLANs are added/removed to devices.
projects / FreeBSD / FreeBSD.git / log