kevans [Thu, 11 Oct 2018 17:18:49 +0000 (17:18 +0000)]
Disable kernels_autodetect on installation media
This feature is disabled on install media as these generally won't have any
interesting kernels to be listed other than the default kernel, so the
potential performance penalty in these situations likely isn't worth it.
kevans [Thu, 11 Oct 2018 17:17:54 +0000 (17:17 +0000)]
Enable lualoader's kernel autodetection, disabled on install media
As documented in loader.conf(5), kernels_autodetect="YES" will cause the
Lua scripts to effectively scan /boot for directories with a "kernel" file
inside, to be listed in the loader menu.
emaste [Thu, 11 Oct 2018 13:19:17 +0000 (13:19 +0000)]
lld: set sh_link and sh_info for .rela.plt sections
ELF spec says that for SHT_REL and SHT_RELA sh_link should reference the
associated string table and sh_info should reference the "section to
which the relocation applies." ELF Tool Chain's elfcopy / strip use
this (in part) to control whether or not the relocation entry is copied
to the output.
nwhitehorn [Thu, 11 Oct 2018 00:54:39 +0000 (00:54 +0000)]
Loader GELI support, like lua loader, seems to be broken on PowerPC as
well as on SPARC64 and can cause boot failures even when no encrypted
disks are present. Presumably, the reasons, while unknown, are the same
and most-likely are the result of some endian-unsafe code. Pending
finding the actual problem, extend the blacklist entry for these parts
of loader on SPARC to also cover all PowerPC platforms.
In vdev_queue_aggregate() the zio_execute() bypass should not be
called under the vdev queue lock. This can result in a deadlock
as shown in the stack traces below.
Drop the vdev queue lock then walk the parents of the aggregate IO
to determine the list of component IOs to be bypassed. This can
be done safely without holding the io_lock since the new aggregate
IO has not yet been returned and its parents cannot change.
mw [Wed, 10 Oct 2018 10:34:17 +0000 (10:34 +0000)]
Update Armada 38x UART device tree binding
Recent changes in Linux updated Marvell Armada 38x
UART compatible string. As a result the FreeBSD driver
(uart_dev_snps) does not probe. This commit fixes the
situation, however not applying any functional modification
to the driver methods.
brooks [Tue, 9 Oct 2018 22:22:15 +0000 (22:22 +0000)]
Don't include the broken riscv64sf TARGET_ARCH in universe.
riscv64sf has been broken due to duplicate symbols for months and
degrades the quality of universe builds. Remove it until this is
resolved leaving a comment to it is not re-added.
des [Tue, 9 Oct 2018 19:27:42 +0000 (19:27 +0000)]
Fix portability issues with the Capsicum patch committed in r339216:
- Wrap access to pw_change and pw_expire in the appropriate #ifdefs.
- Wrap calls to login_cap(3) API in appropriate #ifdefs.
- Add wrapper for transferring time_t, which is still only 32 bits wide
on FreeBSD i386.
- Use a temporary variable to deserialize size_t.
jtl [Tue, 9 Oct 2018 13:26:06 +0000 (13:26 +0000)]
There are three places where we return from a function which entered an
epoch section without exiting that epoch section. This is bad for two
reasons: the epoch section won't exit, and we will leave the epoch tracker
from the stack on the epoch list.
Fix the epoch leak by making sure we exit epoch sections before returning.
egypcio [Tue, 9 Oct 2018 07:22:14 +0000 (07:22 +0000)]
following "Setup, Conventions, and Traditions" (Committer's Guide);
5. share/misc/committers-ports.dot
* reflecting my privileges only for ports/, with mentors' entries;
* did test it with dot (graphics/graphviz) to check accent support.
9. usr.bin/calendar/calendars/calendar.freebsd
* added birth date + place.
'calendar.freebsd' offers UTF-8, so I added my entry using proper accents.
rmacklem [Tue, 9 Oct 2018 01:10:50 +0000 (01:10 +0000)]
Fix the pNFS server's reporting of disk space usage for the "#<path>" case.
The pNFS server would report the total disk space used and free for all
of the DSs, even when certain DSs are assigned to the file system via
the "#<path>" suffix used in the "nfsd -p" option argument.
This patch fixes this case. It only reports usage for the file system
that the argument vnode resides on. This is consistent with the non-pNFS
NFSv4 server. In NFSv4 it is possible to have subtrees on other file
systems, but these are not included in the usage information for NFSv4.
hselasky [Mon, 8 Oct 2018 14:52:21 +0000 (14:52 +0000)]
Add missing steering rules for virtual function, VF, in mlx4en(4) driver.
When acting as a VF it is required to add steering rules for all unicast
addresses. Even if promiscious mode is selected. Else incoming data packets
will be dropped.
MFC after: 3 days
Approved by: re (gjb)
Sponsored by: Mellanox Technologies
tuexen [Sun, 7 Oct 2018 15:54:13 +0000 (15:54 +0000)]
Address the warning regarding duplicate option 'GEOM_PART_GPT' when
configuring kernels for i386, amd64, and arm64.
The 'GEOM_PART_GPT' option was added to the DEFAULTS configuration
in r337967.
Approved by: re (kib@)
Reviewed by: ler@
Differential Revision: https://reviews.freebsd.org/D17458
Sponsored by: Netflix, Inc.
kevans [Sun, 7 Oct 2018 15:28:50 +0000 (15:28 +0000)]
lualoader: Honor boot_* variables at lua init
For non-UEFI systems, boot.config(5) may have -s or -v specified for
single-user and verbose boot respectively. These were not being properly
taken into account and reflected in the "Boot Options" submenu. When we
initialize core.lua, we'll record boot_single and boot_verbose as we do ACPI
and consider these the system defaults.
Reported by: David Wolfskill <david@catwhisker.org>
Approved by: re (kib)
kevans [Sun, 7 Oct 2018 01:53:43 +0000 (01:53 +0000)]
lualoader: Create a module blacklist, add DRM modules to it
This is a step in the process of easing migration into the new world order
of DRM drivers. Strongly encourage users towards loading DRM modules via
rc.conf(5) instead of loader.conf(5) by failing the load from loader(8).
Users so inclined may wipe out the blacklist via module_blacklist="" in
loader.conf(5), and it is expected that these modules will eventually be
removed from the blacklist. They may still be loaded as dependencies of
other modules or explicitly via the loader prompt, but this should not be a
major problem.
Approved by: re (rgrimes)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16914
emaste [Sat, 6 Oct 2018 21:32:55 +0000 (21:32 +0000)]
sshd: address capsicum issues
* Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
capability mode.
* Cache timezone data via caph_cache_tzdata() as we cannot access the
timezone file.
* Reverse resolve hostname before entering capability mode.
PR: 231172
Submitted by: naito.yuichiro@gmail.com
Reviewed by: cem, des
Approved by: re (rgrimes)
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D17128
jhibbits [Sat, 6 Oct 2018 18:51:49 +0000 (18:51 +0000)]
powerpc/pseries: EOI interrupts in XICS by setting lowest priority
Discussing with Benjamin Herrenschmidt, OPAL_INT_GET_XIRR masks the
returned priority, so must be resumed before more interrupts can be
handled at this priority. Since there are only two priorities used in
FreeBSD, we know that the previous priority in an EOI will always be
0xff (lowest priority).
emaste [Sat, 6 Oct 2018 14:38:34 +0000 (14:38 +0000)]
openssh: cherry-pick OpenSSL 1.1.1 compatibility
Compatibility with existing OpenSSL versions is maintained.
Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
Connect libressl-api-compat.c to the build, and regenerate config.h
Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444
jhibbits [Sat, 6 Oct 2018 03:20:26 +0000 (03:20 +0000)]
powerpc64/powernv: Don't mask MSIs in OPAL
Summary:
Discussing with Benjamin Herrenschmidt, MSIs, and edge-triggered
interrupts in general, must not be masked in XICS and XIVE, else
subsequent interrupts may be ignored.
Testing locally on my Talos II (single CPU, 18-core POWER9), NVMe now
works with MSI, improving read throughput by ~70% (900MB/s -> 1.67GB/s,
with 64MB block size) over INTx interrupts, and snd_hda(4) now will
actually play music with MSI. Previously, snd_hda(4) would not receive
interrupts, timing out, and declaring the channels dead.
This has also been tested by Kevin Bowling, and others, with great
success. Kevin reported NVMe unusable on his Talos II prior to this
patch.
jamie [Sat, 6 Oct 2018 02:10:32 +0000 (02:10 +0000)]
Fix the test prohibiting jails from sharing IP addresses.
It's not supposed to be legal for two jails to contain the same IP address,
unless both jails contain only that one address. This is the behavior
documented in jail(8), and is there to prevent confusion when multiple
jails are listening on IADDR_ANY.
VIMAGE jails (now the default for GENERIC kernels) test this correctly,
but non-VIMAGE jails have been performing an incomplete test when nested
jails are used.
emaste [Fri, 5 Oct 2018 20:49:54 +0000 (20:49 +0000)]
libcrypto: have buildinf.h depend on Makefile
So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.
shurd [Fri, 5 Oct 2018 20:16:20 +0000 (20:16 +0000)]
Fix igb corrupting checksums with BPF and VLAN
When using a vlan with igb and the vlanhwcsum option, any mbufs which
already had the TCP, UDP, or SCTP checksum calculated and therefore don't
have the CSUM_[IP|IP6]_[TCP|UDP|SCTP] bits set in the csum_flags field would
have the L4 checksum corrupted by the hardware.
This was caused by the driver setting E1000_TXD_POPTS_TXSM any time a
checksum bit was set OR a vlan tag was present.
The patched driver only sets E1000_TXD_POPTS_TXSM when an offload is
requested.
PR: 231416
Reported by: pi
Approved by: re (gjb)
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D17404
mjg [Fri, 5 Oct 2018 19:25:09 +0000 (19:25 +0000)]
amd64: make memset less slow with mov
rep stos has a high startup time even on modern microarchitectures like
Skylake. Intel optimization manuals discuss how for small sizes it is
beneficial to go for streaming stores. Since those cannot be used without
extra penalty in the kernel I investigated performance impact of just
regular movs.
The patch below implements a very simple scheme: a 32-byte loop followed
by filling in the remainder of at most 31 bytes. It has a 256 breaking
point on which it falls back to rep stos. It provides a significant win
over the current primitive on several machines I tested (both Intel and
AMD). A 64-byte loop did not provide any benefit even for multiple of 64
sizes.
See the review for benchmark data.
Reviewed by: kib
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17398
kevans [Fri, 5 Oct 2018 17:07:10 +0000 (17:07 +0000)]
lualoader: Don't draw loader menu with autoboot_delay=-1
This was mostly a cosmetic issue. autoboot_delay=-1 is documented to bypass
the loader menu and immediately execute the boot command, but lualoader
would draw the menu and immediately execute the boot command. No interaction
was possible with the menu.
The fix lifts autoboot_delay processing out of menu.autoboot, which now
takes a delay and does nothing if no delay is specified. This lines up with
my expectations of menu.autoboot's usage from a third party, which may
want more control over the process than the default behavior.
jhb [Fri, 5 Oct 2018 16:35:24 +0000 (16:35 +0000)]
Update the existing heimdal implementation for OpenSSL 1.1.
Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.
I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken). Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.
This passes make tinderbox, and I have also done some very light
runtime testing on amd64.
0mp [Fri, 5 Oct 2018 08:17:29 +0000 (08:17 +0000)]
bsdinstall(8): Fix a typo.
Reported by: Jose Luis Duran
Reviewed by: bcr
Approved by: re (gjb), krion (mentor, implicit), mat (mentor, implicit)
Differential Revision: https://reviews.freebsd.org/D17409
mmacy [Fri, 5 Oct 2018 05:55:56 +0000 (05:55 +0000)]
hwpmc: Refactor sample ring buffer handling to fix races
Refactor sample ring buffer ring handling to make it more robust to
long running callchain collection handling
r338112 introduced a (now fixed) regression that exposed a number of race
conditions within the management of the sample buffers. This
simplifies the handling and moves the decision to overwrite a
callchain sample that has taken too long out of the NMI in to the
hardlock handler. With this change the problem no longer shows up as a
ring corruption but as the code spending all of its time in callchain
collection.
- Makes the producer / consumer index incrementing monotonic, making it
easier (for me at least) to reason about.
- Moves the decision to overwrite a sample from NMI context to interrupt
context where we can enforce serialization.
- Puts a time limit on waiting to collect a user callchain - putting a
bound on head-of-line blocking causing samples to be dropped
- Removes the flush routine which was previously needed to purge
dangling references to the pmc from the sample buffers but now is only
a source of a race condition on unload.
Previously one could lock up or crash HEAD by running:
pmcstat -S inst_retired.any_p -T and then hitting ^C
mmacy [Fri, 5 Oct 2018 05:50:56 +0000 (05:50 +0000)]
eliminate locking surrounding ui_vmsize and swap reserve by using atomics
Change swap_reserve and swap_total to be in units of pages so that
swap reservations can be done using only atomics instead of using a single
global mutex for swap_reserve and a single mutex for all processes running
under the same uid for uid accounting.
Results in mmap speed up and a 70% increase in brk calls / second.
rstone [Thu, 4 Oct 2018 22:03:58 +0000 (22:03 +0000)]
Hold a write lock across udp_notify()
With the new route cache feature udp_notify() will modify the inp when it
needs to invalidate the route cache. Ensure that we hold a write lock on
the inp before calling the function to ensure that multiple threads don't
race while trying to invalidate the cache (which previously lead to a page
fault).
brooks [Thu, 4 Oct 2018 21:55:58 +0000 (21:55 +0000)]
Reduce NL_ARGMAX to 4096 to match Linux.
NL_ARGMAX is the maximum number of positional arguments supported by
printf(3). Prior to r308145 it was declared as 99 and not enforced.
r308145 added enforcement and increased the value to 64k.
Unfortunately, development versions of PostgreSQL used the system
definition to allocate and zero an NL_ARGMAX * 4 sized array on the
stack of its snprintf implementation with measurable performance
impacts. This has been fixed in new PostgreSQL versions, but it is
possible that other programs suffer from this problem.
A value of 4096 puts us on par with Linux and is certainly large enough
for any reasonable program.
- Extend the bsdinstall(8) man page with ZFS installation scripting
details. [1]
- Extend the bsdinstall(8) man page with the description of all the ZFS
variables involved in a scripted installation of ZFS-based systems. [1]
- Extend the SCRIPTING section with an example for a ZFS-based scripted
installation. [1]
- Create a new section explaining how ZFS datasets must be written into
a variable to get them set on the final system. [1]
While here:
- Add Roberto to the copyrights for recognition as changes to the manual
page are huge.
- Use "Dq" for default values.
- Use sysrc(8) instead of echo in examples.
pjd [Thu, 4 Oct 2018 05:54:57 +0000 (05:54 +0000)]
When the adist_free list is empty and we lose connection to the receiver we
move all elements from the adist_send and adist_recv lists back onto the
adist_free list, but we don't wake consumers waitings for the adist_free list
to become non-empty. This can lead to the sender process stopping audit trail
files distribution and waiting forever.
Fix the problem by adding the missing wakeup.
While here slow down spinning on CPU in case of a short race in
sender_disconnect() and add an explaination when it can occur.
PR: 201953
Reported by: peter
Approved by: re (kib)
pjd [Thu, 4 Oct 2018 05:48:09 +0000 (05:48 +0000)]
When we look for a new trail file there might be a race between find trail
file name and opening it. This race was not properly handled, because we were
copying new name before checking for openat(2) error and when we were trying
again we were starting with the next trail file. This could result in skipping
distribution of such a trail file.
Fix this problem by checking for ENOENT first (only for .not_terminated files)
and then updating (or not) tr_filename before restarting the search.
PR: 200139
Reported by: peter
Approved by: re (kib)
gjb [Thu, 4 Oct 2018 01:46:56 +0000 (01:46 +0000)]
Fix the hardware.{txt,html} build in the release/Makefile 'reldoc'
target.
The doc/share/mk/doc.commands.mk sets SVN to /usr/local/bin/svn
by default, which is not necessarily installed by the documentation
project textproc/docproj port.
Ensure SVN can be evaluated properly to include the hardware pages
by iterating through /usr/local/bin and /usr/bin and looking for
both svn and svnlite binaries, and pass the SVN variable explicitly
through env(1) in the reldoc target to avoid failures if it does not
exist.
Approved by: re (rgrimes)
Sponsored by: The FreeBSD Foundation
brooks [Wed, 3 Oct 2018 20:39:48 +0000 (20:39 +0000)]
Move 32-bit compat support for FIODGNAME to the right place.
ioctl(2) commands only have meaning in the context of a file descriptor
so translating them in the syscall layer is incorrect.
The new handler users an accessor to retrieve/construct a pointer from
the last member of the passed structure and relies on type punning to
access the other member which requires no translation.
glebius [Wed, 3 Oct 2018 17:40:04 +0000 (17:40 +0000)]
In PR 227259, a user is reporting that they have code which is using
shutdown() to wakeup another thread blocked on a stream listen socket.
This code is failing, while it used to work on FreeBSD 10 and still
works on Linux.
It seems reasonable to add another exception to support something users are
actually doing, which used to work on FreeBSD 10, and still works on Linux.
And, it seems like it should be acceptable to POSIX, as we still return
ENOTCONN.
This patch is different to what had been committed to stable/11, since
code around listening sockets is different. Patch in D15019 is written
by jtl@, slightly modified by me.
emaste [Wed, 3 Oct 2018 16:11:13 +0000 (16:11 +0000)]
openssh: cherry-pick OpenSSL 1.1.1 compatibility
Upstream commits: 482d23bcac upstream: hold our collective noses and use the openssl-1.1.x 48f54b9d12 adapt -portable to OpenSSL 1.1x API 86e0a9f3d2 upstream: use only openssl-1.1.x API here too a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
brooks [Tue, 2 Oct 2018 23:23:56 +0000 (23:23 +0000)]
Move 32-bit compat support for CDIOREADTOCENTRYS to the right place.
ioctl(2) commands only have meaning in the context of a file descriptor
so translating them in the syscall layer is incorrect.
The new handler users an accessor to retrieve/construct a pointer from
the last member of the passed structure and relies on type punning to
access the other members which require no translation.
jhb [Tue, 2 Oct 2018 21:40:57 +0000 (21:40 +0000)]
Update obsolete files list for OpenSSL 1.1.1.
This will need a real date once this is merged to head.
One weird thing to note: the 32-bit engines get dumped into /usr/lib32
rather than /usr/lib32/engines, and I bet the 32-bit libcrypto.so i
looking for the .so files in the wrong place. We should probably fix
both of those at some point.