jhibbits [Wed, 25 May 2016 01:23:19 +0000 (01:23 +0000)]
Set the TLB caching properties for portals at attach time.
This was found while reworking the device tree nodes for dtsec to match the
Linux device tree. Instead of waiting and expecting later code to call
dpaa_portal_map_registers(), do the equivalent immediately upon mapping.
Otherwise, it's possible to access the pages before that function is called, and
hang the CPU.
truckman [Tue, 24 May 2016 23:41:36 +0000 (23:41 +0000)]
Fix acpidb CIDs 1011279 (Buffer not null terminated) and 978405 and 1199380 (Resource leak).
load_dsdt() calls strncpy() to copy a filename and Coverity warns
that the destination buffer may not be NUL terminated. Fix this
by using strlcpy() instead. If silent truncation occurs, then the
filename was not valid anyway.
load_dsdt() leaks an fd (CID 978405) and a memory region allocated
using mmap() (CID 1199380) when it returns. Fix these by calling
close() and munmap() as appropriate.
Don't bother fixing the minor memory leak "list", allocated by
AcGetAllTablesFromFile() (CID 1355191).
Check for truncation when creating the temp file name.
Set a flag to indicate that the temp file should be unlinked.
Relying on a strcmp() test could delete the input file in contrived
cases.
truckman [Tue, 24 May 2016 23:36:43 +0000 (23:36 +0000)]
Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Coverity reports that a buffer used for temporary file generation
might not be NUL terminated by strncpy(). This is probably not
true because the input gets passed through realpath(), but if the
path name is sufficiently long the name could be truncated and cause
other problems. The code for generating the temp file names is
also overly complex. Instead of a bunch of calls to strncpy() and
and strncat(), simplify the code by using snprintf() and add checks
for unexpected truncation.
The output file created by iasl -d is predictable. Fix this by
using mkdtemp() to create a directory to hold the iasl input and
output files.
adrian [Tue, 24 May 2016 21:20:17 +0000 (21:20 +0000)]
[bhnd] Normalize bhnd(4) device matching API
This unifies handling of core, chip, and board-level device
matching, and adds support for matching device drivers
against the bus attach type (e.g. SoC vs WiFi adapter).
Core-level quirks on Broadcom's chipsets generally are specific
to some combination of chip model, core revision, chip
package (e.g. 12x9 SMT package), SROM revision, etc.
Unifying the match APIs for all three attribute types (core, chip,
board/srom) allows defining a single device quirk table that
matches across all of those attributes.
jhb [Tue, 24 May 2016 21:09:05 +0000 (21:09 +0000)]
Return the correct status when a partially completed request is cancelled.
After the previous changes to fix requests on blocking sockets to complete
across multiple operations, an edge case exists where a request can be
cancelled after it has partially completed. POSIX doesn't appear to
dictate exactly how to handle this case, but in general I feel that
aio_cancel() should arrange to cancel any request it can, but that any
partially completed requests should return a partial completion rather
than ECANCELED. To that end, fix the socket AIO cancellation routine to
return a short read/write if a partially completed request is cancelled
rather than ECANCELED.
ngie [Tue, 24 May 2016 20:06:41 +0000 (20:06 +0000)]
Remove unnecessary memset(.., 0, ..)'s
The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO)
under the covers, so zeroing out memory is already handled by the underlying
calls
ngie [Tue, 24 May 2016 18:44:50 +0000 (18:44 +0000)]
Use reallocf instead of malloc to fix leak with outbuf_pmap
The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.
Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.
br [Tue, 24 May 2016 13:59:13 +0000 (13:59 +0000)]
Store the original value of stack pointer to the exception frame
(the value we had before supervisor exception occurred).
This helps consumers (e.g. DTrace) to not proceed additional calculations.
sbruno [Tue, 24 May 2016 13:57:23 +0000 (13:57 +0000)]
Reject ioctl commands for FLSHGCHR and FLSHPCHR if the size is greater
than sc->areq. This is a bounds check to ensure we're not just cramming
arbitrarily sized nonsense into the driver and overflowing the heap.
andrew [Tue, 24 May 2016 12:06:56 +0000 (12:06 +0000)]
Limit calling pmc_hook to when the interrupt comes while running userspace.
We may enable interrupts from within the callback, e.g. in a data abort
during copyin. If we receive an interrupt at that time pmc_hook will be
called again and, as it is handling userspace stack tracing, will hit a
KASSERT as it checks if the trapframe is from userland.
With this I can run hwpmc with intrng on a ThunderX and have it trace all
CPUs.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
tuexen [Tue, 24 May 2016 11:47:14 +0000 (11:47 +0000)]
Allow an MTU of 65535 bytes to be set via TUN[SG]IFINFO. This requires
changing the type on the mtu field in struct tuninfo from short to
unsigned short.
This is used, for example, by packetdrill to test with MTUs up to the
maximum value.
kib [Tue, 24 May 2016 10:21:39 +0000 (10:21 +0000)]
In vm_page_alloc_contig(), on vm_page_insert() failure, mark each
freed page as VPO_UNMANAGED. Otherwise vm_pge_free_toq() insists on
owning the page lock.
Previously, VPO_UNMANAGED was only set up to the last processed page.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
kib [Tue, 24 May 2016 10:16:03 +0000 (10:16 +0000)]
Remove Giant around allocation of the swap pager with non-NULL handle.
Existing issue of not protecting pager_object_list iteration in
vm_pager_object_lookup() by sw_alloc_mtx is not affected by Giant
removal.
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
truckman [Tue, 24 May 2016 05:02:24 +0000 (05:02 +0000)]
Fix CID 1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
adrian [Tue, 24 May 2016 04:58:58 +0000 (04:58 +0000)]
[bwn] begin separating out the attach path from the SIBA specific bits.
* convert phy_getinfo() to take a "gmode" flag, rather than the siba
TGSHIGH flags and then check for 2GHz. This should ensure that
gmode is set correctly even on DUALPHY NICs.
* move the siba_powerup() call and the TGSHIGH decoding into a
call to bwn_is_bus_siba(), and return an error if it's called
on anything else. We don't yet do anything else, but when we do..
adrian [Tue, 24 May 2016 04:55:00 +0000 (04:55 +0000)]
[bwn] add BCM43225 to the BHND device list.
This is all for the bhnd(4) work in progress. It's enough to probe/attach
all the bhnd internals, but we're missing OTP support and some cleanup
code. And, well, all the rest of the bhnd(4) migration.
So no, this won't give you BCM43225 support. Sorry!
jhb [Tue, 24 May 2016 03:13:27 +0000 (03:13 +0000)]
Don't prematurely return short completions on blocking sockets.
Always requeue an AIO job at the head of the socket buffer's queue if
sosend() or soreceive() returns EWOULDBLOCK on a blocking socket.
Previously, requests were only requeued if they returned EWOULDBLOCK
and completed no data. Now after a partial completion on a blocking
socket the request is queued and the remaining request is retried when
the socket is ready. This allows writes larger than the currently
available space on a blocking socket to fully complete. Reads on a
blocking socket that satifsy the low watermark can still return a short
read (same as read()).
In order to track previously completed data, the internal 'status'
field of the AIO job is used to store the amount of previously
computed data.
Non-blocking sockets continue to return short completions for both
reads and writes.
Add a test for a "large" AIO write on a blocking socket that writes
twice the socket buffer size to a UNIX domain socket.
adrian [Tue, 24 May 2016 01:12:19 +0000 (01:12 +0000)]
[bhnd] Implement pass-through resource management for ChipCommon.
This patchset adds support to bhnd_chipc for sharing SYS_RES_MEMORY
resources with its children, allowing us to hang devices off of
bhnd_chipc that rely on access to a subset of the device register space
that bhnd_chipc itself must also allocate.
We could avoid most of this heavy lifting if RF_SHAREABLE+SYS_RES_MEMORY
wasn't limited to use with allocations at the same size/offset.
As a work-around, I implemented something similar to vga_pci.c, which
implements similar reference counting of of PCI BAR resources for its
children.
With these changes, chipc will use reference counting of SYS_RES_MEMORY
allocation/activation requests, to decide when to allocate/activate/
deactivate/release resources from the parent bhnd(4) bus.
The requesting child device is allocated a new resource from chipc's
rman, pointing to (possibly a subregion of) the refcounted bhnd resources
allocated by chipc.
Other resource types are just passed directly to the parent bhnd bus;
RF_SHAREABLE works just fine with IRQs.
I also lifted the SPROM device code out into a common driver, since this
now allows me to hang simple subclasses off of a common driver off of both
bhndb_pci and bhnd_chipc.
Tested:
* (landonf) Tested against BCM4331 and BCM4312, confirmed that SPROM still
attaches and can be queried.
truckman [Tue, 24 May 2016 00:57:11 +0000 (00:57 +0000)]
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its
header generates one or two Coverity errors for each time it is
used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON)
error because of the treatment of the header as a two element array,
with a pointer to the non-existent second element being passed as
the starting address to bzero(). Some instances also alsp generate
Out-of-bounds access (OVERRUN) errors, probably because the space
being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and
it is error prone. The user has to chose the proper struct ccb_*
type (which does not appear in the surrounding code) for the sizeof()
in the length calculation. I found several instances where the
length was incorrect, which could cause either an actual out of
bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting
at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate
the length based on the specific type of struct ccb_* being cleared
as specified by the union ccb member being used. The latter can
normally be seen in the nearby code. This is friendlier for Coverity
and other static analysis tools because they will see that the
intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only
requires a pointer to the desired union ccb member (or a pointer
to the union ccb itself) as an argument.
sys/kern/subr_unit.c
Use bit_count instead of a naive counting loop in check_unrhdr, used
when INVARIANTS are enabled. The userland test runs about 6x faster
in a generic build, or 8.5x faster when built for Nehalem, which has
the POPCNT instruction.
sys/sys/param.h
Bump __FreeBSD_version due to the addition of bit_alloc
UPDATING
Add a note about the ABI incompatibility of the bitstring(3)
changes, as suggested by lidl.
ian [Mon, 23 May 2016 20:07:17 +0000 (20:07 +0000)]
Use the new(-ish) CP15_SCTLR macro to generate system control reg accesses
where possible. In the places that doesn't work (multi-line inline asm,
and places where the old armv4 cpufuncs mechanism is used), annotate the
accesses with a comment that includes SCTLR. Now a grep -i sctlr can find
all the system control register manipulations.
allanjude [Mon, 23 May 2016 15:11:01 +0000 (15:11 +0000)]
Fix error in bsdinstall where additional filesystems cannot be mounted
Do not set canmount=noauto on the boot environment at create time, because
this causes / to not be mounted, and since the chroot is read only, new
mountpoints cannot be created.
The property is set later, when other properties are adjusted
Reported by: HardenedBSD
Sponsored by: ScaleEngine Inc.
The EFSYS_PREEMPT_DISABLE() and EFSYS_PREEMPT_ENABLE() macros
were used to ensure correct timing of I2C operations. The APIs
for I2C operations have been removed, so these macros have no
callers.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
MFC after: 1 week