Ruslan Bukin [Fri, 27 Nov 2020 21:37:48 +0000 (21:37 +0000)]
o Move options IOMMU from Debugging section back to the Bus section
where it originally was. The bug introduced in r366267.
o Remove options IOMMU from i386/MINIMAL as we don't have it in
i386/GENERIC.
Alexander Motin [Fri, 27 Nov 2020 15:50:20 +0000 (15:50 +0000)]
Some code reorganization.
- Remove code duplication by adding two new functions to execute prepared
queue entry via either mbox or request queue and wait for result.
- Since the new function executing via request queue sleeps any way, make
it sleep also in case of overflows or handle shortages. It should make it
more reliable and less affecting other less flexible request queue users.
- Turn isp_target_put_entry() into not target-specific isp_send_entry().
- Make handling of responses with control handles more universal.
- Move RQSTYPE_RPT_ID_ACQ handling into new function.
- Inline isp_handle_other_response(), becoming trivial after above.
- Clean the list of IOCBs from pre-24xx ones.
Stefan Eßer [Fri, 27 Nov 2020 09:00:21 +0000 (09:00 +0000)]
Make generated C files depend on this Makefile
The contents of lib.c, lib2.c, bc_help.c, and dc_help.c depends on the
parameters passed to strgen.sh in this Makefile. A change to the number
of parameters of strgen.sh has been applied to the invocation of this
command, but this did not cause a rebuild of the generated files.
Rebecca Cran [Fri, 27 Nov 2020 08:00:32 +0000 (08:00 +0000)]
Fix bhyve SMBIOS type 19 handling to avoid misreporting total RAM amount
This fixes the amount of memory displayed in the EDK2 UiApp to be the same
as passed on the bhyve command line. Otherwise, 8GB is displayed as 4GB,
32GB as 28GB etc.
Rebecca Cran [Fri, 27 Nov 2020 07:53:15 +0000 (07:53 +0000)]
bhyve: fix smbiostbl.c style issues and add comment about date format
Fix a couple of style issues introduced in my previous commit.
Add a comment explaining that the SMBIOS specification defines the date
format to be mm/dd/yyyy, which is why we don't use ISO 8601.
Emmanuel Vadot [Thu, 26 Nov 2020 20:22:34 +0000 (20:22 +0000)]
arm64: Do not rely on SPCR table to detect acpi
Since EDK2 commit d8e36289cef7bde628b023219cd65fa8e8d4562a, the Graphical console may
completely hide SPCR, causing panics later when locating timers.
As such simply rely on the ACPI Root pointer presence.
nullfs: provide custom bypass for VOP_READ_PGCACHE().
Normal bypass expects locked vnode, which is not true for
VOP_READ_PGCACHE(). Ensure liveness of the lower vnode by taking the
upper vnode interlock, which is also taked by null_reclaim() when
setting v_data to NULL.
Reported and tested by: pho
Reviewed by: markj, mjg
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D27327
- VFS_UNMOUNT() requires vn_start_write() around it [*].
- call VFS_PURGE() before unmount.
- do not destroy mp if cleanup unmount did not succeed.
- set MNTK_UNMOUNT, and indicate forced unmount with MNTK_UNMOUNTF
for VFS_UNMOUNT() in cleanup.
Alex Richardson [Thu, 26 Nov 2020 17:37:27 +0000 (17:37 +0000)]
bsd.lib.mk: Work around build system raciness
We are seeing regular build failures due to libc.so being installed again and
another parallel make job tries to read the partially written libc.so at the
same time. When building with -j32 or higher this almost always happens on
the first clean build (subsequent incremental builds always work fine).
Using -S should "fix" the "section header table goes past the end of the
file: e_shoff = 0x..." errors that have started to plague our builds.
We originally thought this only affected CheriBSD, but I just got the same
error while building the latest upstream FreeBSD.
The real fix should be to not install libraries twice, but until then this
workaround is needed.
Original patch by jrtc27@, I only made some minor changes to the comment.
Ulrich Spörlein [Thu, 26 Nov 2020 14:42:16 +0000 (14:42 +0000)]
GH Actions: Use pre-installed clang packages
Also fix the run by setting up the environment in non-deprecated way.
Always run with --debug to understand better what sort of stuff is happening in
the background. Also split out the bmake bootstrap stage (takes about 31s on
ubuntu, but 1m14 on macOS?)
Drops the dependency on coreutils (realpath, nproc) and thus (?) fixes macOS to
be just as fast (4 logical cores vs 2 physical cores before, go figure.)
Alex Richardson [Thu, 26 Nov 2020 13:31:57 +0000 (13:31 +0000)]
Significantly speed up libthr/mutex_test and make more reliable
Instead of using a simple global++ as the data race, with this change we
perform the increment by loading the global, delaying for a bit and then
storing back the incremented value. If I move the increment outside of the
mutex protected range, I can now see the data race with only 100 iterations
on amd64 in almost all cases. Before this change such a racy test almost
always passed with < 100,000 iterations and only reliably failed with the
current limit of 10 million.
I noticed this poorly written test because the mutex:mutex{2,3} and
timedmutex:mutex{2,3} tests were always timing out on our CheriBSD Jenkins.
Writing good concurrency tests is hard so I won't attempt to do so, but this
change should make the test more likely to fail if pthread_mutex_lock is not
implemented correctly while also significantly reducing the time it takes to
run these four tests. It will also reduce the time it takes for QEMU RISC-V
testsuite runs by almost 40 minutes (out of currently 7 hours).
Alan Somers [Thu, 26 Nov 2020 04:29:30 +0000 (04:29 +0000)]
Merge ping6 to ping
There is now a single ping binary, which chooses to use ICMP or ICMPv4
based on the -4 and -6 options, and the format of the address.
Submitted by: Ján Sučan <sucanjan@gmail.com>
Sponsored by: Google LLC (Google Summer of Code 2019)
MFC after: Never
Differential Revision: https://reviews.freebsd.org/D21377
Ian Lepore [Thu, 26 Nov 2020 01:40:04 +0000 (01:40 +0000)]
Add the firmware blob required to use the sdma hardware in the imx6
processor, and its associated license text (which is similar to a
bsd-3-clause, but with a prohibition against decompiling). Install a copy
of the license in /usr/share/doc/legal/imx, to comply with the license terms
that requires a copy of the license to be delivered along with the firmware.
Maxim Sobolev [Wed, 25 Nov 2020 23:19:01 +0000 (23:19 +0000)]
Unobfuscate "KERNLOAD" parameter on amd64. This change lines-up amd64 with the
i386 and the rest of supported architectures by defining KERNLOAD in the
vmparam.h and getting rid of magic constant in the linker script, which albeit
documented via comment but isn't programmatically accessible at a compile time.
Use KERNLOAD to eliminate another (matching) magic constant 100 lines down
inside unremarkable TU "copy.c" 3 levels deep in the EFI loader tree.
Bjoern A. Zeeb [Wed, 25 Nov 2020 20:58:01 +0000 (20:58 +0000)]
IPv6: set ifdisabled in the kernel rather than in rc
Enable ND6_IFF_IFDISABLED when the interface is created in the
kernel before return to user space.
This avoids a race when an interface is create by a program which
also calls ifconfig IF inet6 -ifdisabled and races with the
devd -> /etc/pccard_ether -> .. netif start IF -> ifdisabled
calls (the devd/rc framework disabling IPv6 again after the program
had enabled it already).
In case the global net.inet6.ip6.accept_rtadv was turned on,
we also default to enabling IPv6 on the interfaces, rather than
disabling them.
Ian Lepore [Wed, 25 Nov 2020 20:05:05 +0000 (20:05 +0000)]
Extend the imx6 gpc->gic interrupt controller fixup of fdt data at runtime
to work with the pmu and tempmon nodes as well as the soc node. This allows
interrupts to work on the pmu and tempmon devices even though we don't have
a driver for the low-power gpc interrupt controller (which is not a problem
because we also don't have support for entering deep power-down modes where
it gets used).
Ian Lepore [Wed, 25 Nov 2020 19:08:22 +0000 (19:08 +0000)]
Add the standard extres pseudo devices to the IMX6 kernel config.
Some imx6 drivers are being converted to use features that weren't available
when they were first written (such as accessing shared device registers via
the syscon pseudo-device), so imx6 custom kernels that reference those
devices will now need this infrastructure in place.
Ian Lepore [Wed, 25 Nov 2020 18:09:01 +0000 (18:09 +0000)]
A couple small fixes for the imx6_sdma driver...
Attach after interrupt controllers, since the attach function tries to
set up an interrupt handler.
Check for the availability of the required firmware early in the attach
code (before allocating resources). If the firmware is not available, set
a static var to remember that, so that if the device is re-probed on later
passes it won't repeatedly try to attach and then complain again about
missing firmware.
Pawel Biernacki [Wed, 25 Nov 2020 16:30:57 +0000 (16:30 +0000)]
libsysdecode: correctly decode mmap flags
r352913 added decoding of mmap PROT_MAX()'d flags but didn’t account for the
case where different values were specified for PROT_MAX and regular flags.
Fix it.
Kristof Provost [Wed, 25 Nov 2020 15:07:22 +0000 (15:07 +0000)]
if: Protect V_ifnet in vnet_if_return()
When we terminate a vnet (i.e. jail) we move interfaces back to their home
vnet. We need to protect our access to the V_ifnet CK_LIST.
We could enter NET_EPOCH, but if_detach_internal() (called from if_vmove())
waits for net epoch callback completion. That's not possible from NET_EPOCH.
Instead, we take the IFNET_WLOCK, build a list of the interfaces that need to
move and, once we've released the lock, move them back to their home vnet.
We cannot hold the IFNET_WLOCK() during if_vmove(), because that results in a
LOR between ifnet_sx, in_multi_sx and iflib ctx lock.
Separate out moving the ifp into or out of V_ifnet, so we can hold the lock as
we do the list manipulation, but do not hold it as we if_vmove().
Kyle Evans [Wed, 25 Nov 2020 03:14:25 +0000 (03:14 +0000)]
kern: cpuset: properly rebase when attaching to a jail
The current logic is a fine choice for a system administrator modifying
process cpusets or a process creating a new cpuset(2), but not ideal for
processes attaching to a jail.
Currently, when a process attaches to a jail, it does exactly what any other
process does and loses any mask it might have applied in the process of
doing so because cpuset_setproc() is entirely based around the assumption
that non-anonymous cpusets in the process can be replaced with the new
parent set.
This approach slightly improves the jail attach integration by modifying
cpuset_setproc() callers to indicate if they should rebase their cpuset to
the indicated set or not (i.e. cpuset_setproc_update_set).
If we're rebasing and the process currently has a cpuset assigned that is
not the containing jail's root set, then we will now create a new base set
for it hanging off the jail's root with the existing mask applied instead of
using the jail's root set as the new base set.
Note that the common case will be that the process doesn't have a cpuset
within the jail root, but the system root can freely assign a cpuset from
a jail to a process outside of the jail with no restriction. We assume that
that may have happened or that it could happen due to a race when we drop
the proc lock, so we must recheck both within the loop to gather up
sufficient freed cpusets and after the loop.
To recap, here's how it worked before in all cases:
0 4 <-- jail 0 4 <-- jail / process
| |
1 -> 1
|
3 <-- process
0 4 <-- jail 0 4 <-- jail / process
| |
1 <-- process -> 1
More importantly, in both cases, the attaching process still retains the
mask it had prior to attaching or the attach fails with EDEADLK if it's
left with no CPUs to run on or the domain policy is incompatible. The
author of this patch considers this almost a security feature, because a MAC
policy could grant PRIV_JAIL_ATTACH to an unprivileged user that's
restricted to some subset of available CPUs the ability to attach to a jail,
which might lift the user's restrictions if they attach to a jail with a
wider mask.
In most cases, it's anticipated that admins will use this to be able to,
for example, `cpuset -c -l 1 jail -c path=/ command=/long/running/cmd`,
and avoid the need for contortions to spawn a command inside a jail with a
more limited cpuset than the jail.
Kyle Evans [Wed, 25 Nov 2020 02:12:24 +0000 (02:12 +0000)]
kern: cpuset: rename _cpuset_create() to cpuset_init()
cpuset_init() is better descriptor for what the function actually does. The
name was previously taken by a sysinit that setup cpuset_zero's mask
from all_cpus, it was removed in r331698 before stable/12 branched.
A comment referencing the removed sysinit has now also been removed, since
the setup previously done was moved into cpuset_thread0().
Kyle Evans [Wed, 25 Nov 2020 01:42:32 +0000 (01:42 +0000)]
kern: cpuset: allow cpuset_create() to take an allocated *setp
Currently, it must always allocate a new set to be used for passing to
_cpuset_create, but it doesn't have to. This is purely kern_cpuset.c
internal and it's sparsely used, so just change it to use *setp if it's
not-NULL and modify the two consumers to pass in the address of a NULL
cpuset.
This paves the way for consumers that want the unr allocation without the
possibility of sleeping as long as they've done their due diligence to
ensure that the mask will properly apply atop the supplied parent
(i.e. avoiding the free_unr() in the last failure path).
Kyle Evans [Wed, 25 Nov 2020 01:08:57 +0000 (01:08 +0000)]
kern: never restart syscalls calling closefp(), e.g. close(2)
All paths leading into closefp() will either replace or remove the fd from
the filedesc table, and closefp() will call fo_close methods that can and do
currently sleep without regard for the possibility of an ERESTART. This can
be dangerous in multithreaded applications as another thread could have
opened another file in its place that is subsequently operated on upon
restart.
The following are seemingly the only ones that will pass back ERESTART
in-tree:
- sockets (SO_LINGER)
- fusefs
- nfsclient
John Baldwin [Wed, 25 Nov 2020 00:10:54 +0000 (00:10 +0000)]
Remove the cloned file descriptors for /dev/crypto.
Crypto file descriptors were added in the original OCF import as a way
to provide per-open data (specifically the list of symmetric
sessions). However, this gives a bit of a confusing API where one has
to open /dev/crypto and then invoke an ioctl to obtain a second file
descriptor. This also does not match the API used with /dev/crypto on
other BSDs or with Linux's /dev/crypto driver.
Character devices have gained support for per-open data via cdevpriv
since OCF was imported, so use cdevpriv to simplify the userland API
by permitting ioctls directly on /dev/crypto descriptors.
To provide backwards compatibility, CRIOGET now opens another
/dev/crypto descriptor via kern_openat() rather than dup'ing the
existing file descriptor. This preserves prior semantics in case
CRIOGET is invoked multiple times on a single file descriptor.
John Baldwin [Tue, 24 Nov 2020 23:56:33 +0000 (23:56 +0000)]
Pull the check for VM ownership into ppt_find().
This reduces some code duplication. One behavior change is that
ppt_assign_device() will now only succeed if the device is unowned.
Previously, a device could be assigned to the same VM multiple times,
but each time it was assigned, the device's state was reset.
John Baldwin [Tue, 24 Nov 2020 23:18:52 +0000 (23:18 +0000)]
Honor the disabled setting for MSI-X interrupts for passthrough devices.
Add a new ioctl to disable all MSI-X interrupts for a PCI passthrough
device and invoke it if a write to the MSI-X capability registers
disables MSI-X. This avoids leaving MSI-X interrupts enabled on the
host if a guest device driver has disabled them (e.g. as part of
detaching a guest device driver).
This was found by Chelsio QA when testing that a Linux guest could
switch from MSI-X to MSI interrupts when using the cxgb4vf driver.
While here, explicitly fail requests to enable MSI on a passthrough
device if MSI-X is enabled and vice versa.
Jung-uk Kim [Tue, 24 Nov 2020 21:28:44 +0000 (21:28 +0000)]
Port rtsx(4) driver for Realtek SD card reader from OpenBSD.
This driver provides support for Realtek PCI SD card readers. It attaches
mmc(4) bus on card insertion and detaches it on card removal. It has been
tested with RTS5209, RTS5227, RTS5229, RTS522A, RTS525A and RTL8411B. It
should also work with RTS5249, RTL8402 and RTL8411.
PR: 204521
Submitted by: Henri Hennebert (hlh at restart dot be)
Reviewed by: imp, jkim
Differential Revision: https://reviews.freebsd.org/D26435
Emmanuel Vadot [Tue, 24 Nov 2020 17:53:13 +0000 (17:53 +0000)]
release: Merge the RPI2 and BEAGLEBONE image with the GENERICSD one
Both RPI2 and BEAGLEBONE are still popular and used arm boards.
Both u-boots can coexist as they are named differently and live in the
fat partition.
This leave us with only one image that can be used for both of those
boards and all the other ones supported by FreeBSD provided that you
install the correct u-boot on it.
Emmanuel Vadot [Tue, 24 Nov 2020 17:51:10 +0000 (17:51 +0000)]
arm: Remove old amlogic support
Remove the port for aml8726.
Kernel config was removed in r346096 and this port was never migrated
to GENERIC.
It is also impossible to obtain such hardware nowadays.
Emmanuel Vadot [Tue, 24 Nov 2020 17:50:22 +0000 (17:50 +0000)]
arm: Remove old rockchip support
Remove the port for rk30xx.
Kernel config was removed in r346096 and this port was never migrated
to GENERIC.
It is also impossible to obtain such hardware nowadays and this code
don't provide anything beside booting.
Mark Johnston [Tue, 24 Nov 2020 16:18:47 +0000 (16:18 +0000)]
pf: Make tag hashing more robust
tagname2tag() hashes the tag name before truncating it to 63 characters.
tag_unref() removes the tag from the name hash by computing the hash
over the truncated name. Ensure that both operations compute the same
hash for a given tag.
The larger issue is a lack of string validation in pf(4) ioctl handlers.
This is intended to be fixed with some future work, but an extra safety
belt in tagname2hashindex() is worthwhile regardless.
Reported by: syzbot+a0988828aafb00de7d68@syzkaller.appspotmail.com
Reviewed by: kp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27346
Alexander Motin [Tue, 24 Nov 2020 15:32:25 +0000 (15:32 +0000)]
Remove concept of mbox_sleep_ok.
It was broken by design and unused for years due to conflicts between
different threads, fighting for the same set of mailbox registers, not
designed for multiple requests at a time. So either request has to be
synchronous and spin under the lock, or it should be sent asynchronously
through the queues as Mailbox Command IOCB or some other way.
This removes any OS specifics from the wait code, so it can be inlined.
Remove erradic assert after SVN r367149 in mlx5en(4).
The ratelimit tags may be shared, especially for unlimited TLS
traffic, and then the refcount is allowed to be greater than one
when freeing the send tag.
Alexander Motin [Tue, 24 Nov 2020 04:16:49 +0000 (04:16 +0000)]
Implement request queue overflow protection.
Before this change in case of request queue overflow driver just froze the
device queue for 100ms to retry after. It was pretty bad for performance.
This change introduces SIM queue freezing when free space on the request
queue drops below 255 entries (worst case of maximum I/O size S/G list),
checking for a chance to release it on I/O completion. If the queue still
get overflowed somehow, the old mechanism is still in place, just with
delay reduced to 10ms.
With the earlier queue length increase overflows should not happen often,
but it is still easily reachable on synthetic tests.