dim [Tue, 30 Jun 2020 15:53:52 +0000 (15:53 +0000)]
MFC r362623:
Fix copy/paste mistake in kvm_getswapinfo(3)
It seems this manpage was copied from kvm_getloadavg(3), but the
DIAGNOSTICS section was not updated completely. Update the section with
correct information about a return value of -1.
dim [Sat, 28 Sep 2019 08:57:29 +0000 (08:57 +0000)]
MFC r352710:
Do not left-shift a negative number (inducing undefined behavior in
C/C++) in exp(3), expf(3), expm1(3) and expm1f(3) during intermediate
computations that compute the IEEE-754 bit pattern for |2**k| for
integer |k|.
The implementations of exp(3), expf(3), expm1(3) and expm1f(3) need to
compute IEEE-754 bit patterns for 2**k in certain places. (k is an
integer and 2**k is exactly representable in IEEE-754.)
Currently they do things like 0x3FF0'0000+(k<<20), which is to say they
take the bit pattern representing 1 and then add directly to the
exponent field to get the desired power of two. This is fine when k is
non-negative.
But when k<0 (and certain classes of input trigger this), this
left-shifts a negative number -- an operation with undefined behavior in
C and C++.
The desired semantics can be achieved by instead adding the
possibly-negative k to the IEEE-754 exponent bias to get the desired
exponent field, _then_ shifting that into its proper overall position.
(Note that in case of s_expm1.c and s_expm1f.c, there are SET_HIGH_WORD
and SET_FLOAT_WORD uses further down in each of these files that perform
shift operations involving k, but by these points k's range has been
restricted to 2 < k <= 56, and the shift operations under those
circumstances can't do anything that would be UB.)
dim [Tue, 18 Sep 2018 20:46:55 +0000 (20:46 +0000)]
MFC r309748 (by glebius):
Treat R_X86_64_PLT32 relocs as R_X86_64_PC32.
If we load a binary that is designed to be a library, it produces
relocatable code via assembler directives in the assembly itself
(rather than compiler options). This emits R_X86_64_PLT32 relocations,
which are not handled by the kernel linker.
davidcs [Thu, 9 Aug 2018 00:56:40 +0000 (00:56 +0000)]
MFC r336438
Fixes for the following issues:
1. Fix taskqueues drain/free to fix panic seen when interface is being
bought down and in parallel asynchronous link events happening.
2. Fix bxe_ifmedia_status()
Submitted by:Vaishali.Kulkarni@cavium.com and Anand.Khoje@cavium.com
davidcs [Wed, 9 May 2018 20:49:50 +0000 (20:49 +0000)]
MFC r333004
Fix Issue with adding MUltiCast Addresses. When multicast addresses are
added/deleted, the delete the multicast addresses previously programmed
in HW and reprogram the new set of multicast addresses.
hselasky [Fri, 8 Dec 2017 15:37:36 +0000 (15:37 +0000)]
MFC r326362:
Disallow TUN and TAP character device IOCTLs to modify the network device
type to any value. This can cause page faults and panics due to accessing
uninitialized fields in the "struct ifnet" which are specific to the network
device type.
Found by: jau@iki.fi
PR: 223767
Sponsored by: Mellanox Technologies
hselasky [Sat, 27 May 2017 08:30:32 +0000 (08:30 +0000)]
MFC r318820:
Increase the allowed maximum number of audio channels from 31 to 127
in the PCM feeder mixer. Without this change a value of 32 channels is
treated like zero, due to using a mask of 0x1f, causing a kernel
assert when trying to playback bitperfect 32-channel audio. Also
update the AWK script which is generating the division tables to
handle more than 18 channels. This commit complements r282650.
ian [Sat, 6 May 2017 16:06:33 +0000 (16:06 +0000)]
MFC r230208, r230252, r234346:
Add nfs export support to tmpfs(5)
Return EOPNOTSUPP since we only support update mounts for NFS export.
tmpfs: Allow update mounts only for certain options.
Since r230208 update mounts were allowed if the list of mount options
contained the "export" option. This is not correct as tmpfs doesn't really
support updating all options.
davidcs [Fri, 24 Mar 2017 03:30:54 +0000 (03:30 +0000)]
MFC r314365
1. state checks in bxe_tx_mq_start_locked() and bxe_tx_mq_start() to
sync threads during interface down or detach.
2. add sysctl to set pause frame parameters
3. increase max segs for TSO packets to BXE_TSO_MAX_SEGMENTS (32)
4. add debug messages for PHY
5. HW LRO support restricted to FreeBSD versions 8.x and above.
hselasky [Tue, 14 Mar 2017 15:58:01 +0000 (15:58 +0000)]
MFC r314328:
Fix startup race initialising ACPI CM battery structures on MacBookPro.
During acpi_cmbat_attach() the acpi_cmbat_init_battery() notification
handler is registered. It has been observed this notification handler
can be called instantly, before the attach routine has returned. In
the notification handler there is a call to device_is_attached() which
returns false. Because the softc is set we know an attach is in
progress and the fix is simply to wait and try again in this case.
hselasky [Tue, 14 Mar 2017 15:53:24 +0000 (15:53 +0000)]
MFC r313941:
Make sure the thread constructor and destructor eventhandlers are
called for all threads belonging to a procedure. Currently the first
thread in a procedure is kept around as an optimisation step and is
never freed. Because the first thread in a procedure is never freed
nor allocated, its destructor and constructor callbacks are never
called which means per thread structures allocated by dtrace and the
Linux emulation layers for example, might be present for threads which
don't need these structures.
This patch adds a thread construction and destruction call for the
first thread in a procedure.
hselasky [Mon, 19 Dec 2016 10:00:56 +0000 (10:00 +0000)]
MFC r309400:
Fix for endless recursion in the ACPI GPE handler during boot.
When handling a GPE ACPI interrupt object the EcSpaceHandler()
function can be called which checks the EC_EVENT_SCI bit and then
recurse on the EcGpeQueryHandler() function. If there are multiple GPE
events pending the EC_EVENT_SCI bit will be set at the next call to
EcSpaceHandler() causing it to recurse again via the
EcGpeQueryHandler() function. This leads to a slow never ending
recursion during boot which prevents proper system startup, because
the EC_EVENT_SCI bit never gets cleared in this scenario.
The behaviour is reproducible with the ALASKA AMI in combination with
a newer Skylake based mainboard in the following way:
Enter BIOS and adjust the clock one hour forward. Save and exit the
BIOS. System fails to boot due to the above mentioned bug in
EcGpeQueryHandler() which was observed recursing multiple times.
This patch adds a simple recursion guard to the EcGpeQueryHandler()
function and also also adds logic to detect if new GPE events occurred
during the execution of EcGpeQueryHandler() and then loop on this
function instead of recursing.
hselasky [Sat, 12 Nov 2016 17:36:28 +0000 (17:36 +0000)]
MFC r308437 and r308461:
Range check the jitter values to avoid bogus sample rate adjustments.
The expected deviation should not be more than 1Hz per second. The USB
v2.0 specification also mandates this requirement. Refer to chapter
5.12.4.2 about feedback.
Allow higher sample rates to have more jitter than lower ones.
hselasky [Mon, 7 Nov 2016 09:27:05 +0000 (09:27 +0000)]
MFC r307518:
Fix device delete child function.
When detaching device trees parent devices must be detached prior to
detaching its children. This is because parent devices can have
pointers to the child devices in their softcs which are not
invalidated by device_delete_child(). This can cause use after free
issues and panic().
Device drivers implementing trees, must ensure its detach function
detaches or deletes all its children before returning.
While at it remove now redundant device_detach() calls before
device_delete_child() and device_delete_children(), mostly in
the USB controller drivers.
Tested by: Jan Henrik Sylvester <me@janh.de>
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D8070
MFC r305590:
Correctly map the USB mouse tilt delta values into buttons 5 and 6
instead of 3 and 4 which is used for the scroll wheel, according to
X.org.
MFC r305421:
Resolve deadlock between device_detach() and usbd_do_request_flags()
by reviving the SX control request lock and refining which lock
protects the common scratch area in "struct usb_device".
The SX control request lock was removed by r246759 because it caused a
lock order reversal with the USB enumeration lock inside
usbd_transfer_setup() as a function of r246616. It was thought that
reducing the number of locks would resolve the LOR, but because some
USB device drivers use usbd_do_request_flags() inside callback
functions, like in taskqueues, a deadlock may occur when these are
drained from device_detach(). By restoring the SX control request
lock usbd_do_request_flags() is allowed to complete its execution
when a USB device driver is detaching. By using the SX control request
lock to protect the scratch area, the LOR introduced by r246616 is
also resolved.
Bump the FreeBSD version while at it to force recompilation of all USB
kernel modules.
MFC r303765 and r304571:
Keep a reference count on USB keyboard polling to allow recursive
cngrab() during a panic for example, similar to what the AT-keyboard
driver is doing.
Make the UKBD USB transfers double buffered and set them up one by one,
so they are memory independent which allows for handling panics
triggered by the keyboard driver itself, typically via CTRL+ALT+ESC
sequences. Or if the USB keyboard driver was processing a key at the
moment of panic. Allow UKBD to be attached while keyboard polling is active.
MFC r305284:
Fix array size issue when using the pre-scaling feature for
ISOCHRONOUS USB transfers. Make sure enough length and buffer pointers
are allocated when setting up the libusb transfer structure to support
the maximum number of frames the kernel can handle.
hselasky [Mon, 29 Aug 2016 08:55:59 +0000 (08:55 +0000)]
MFC r304629:
Don't separate the status stage of the XHCI USB control transfers into
its own job because this breaks the simplified QEMU XHCI TRB parser,
which expects the complete USB control transfer as a series of back to
back TRBs. The old behaviour is kept under #ifdef in case this change
breaks enumeration of any USB devices.
hselasky [Mon, 29 Aug 2016 08:46:15 +0000 (08:46 +0000)]
MFC r304597:
Fix for invalid use of bits in input context. Basically split
configuring of EP0 and non-EP0 into xhci_cmd_evaluate_ctx() and
xhci_cmd_configure_ep() respectivly. This resolves some errors when
using XHCI under QEMU and gets is more in line with the XHCI
specification.
jhb [Sat, 20 Aug 2016 00:22:39 +0000 (00:22 +0000)]
MFC 298950: Fix an off by one error when remapping MSI-X vectors.
pci_remap_msix() can be used to alter the mapping of allocated
MSI-X vectors to the MSI-X table. The code had an off by one error
when adding the IRQ resources after performing a remap. This was
fatal for any vectors in the table that used the "last" valid IRQ as
those vectors were assigned a garbage IRQ value.
hselasky [Fri, 12 Aug 2016 08:03:31 +0000 (08:03 +0000)]
MFC r301039:
Add support for simplex USB MIDI devices, which only provide BULK or
INTERRUPT endpoints for moving data in one direction, like the KeyRig
49 from M-Audio.
hselasky [Wed, 29 Jun 2016 10:47:44 +0000 (10:47 +0000)]
MFC r301842:
Implement code to stop all USB endpoints before executing a USB device
reset command, alternate setting command or set configuration
command. Else LibUSB v1.0 will not re-open the endpoints which the
kernel closes and the USB application might wait infinitely for
transfers to complete.
hselasky [Wed, 29 Jun 2016 10:25:32 +0000 (10:25 +0000)]
MFC r302076:
Update the definition for number of scratch pages to match the latest
version of the XHCI specification. Make sure the code can handle the
maximum number of allowed scratch pages.
hselasky [Fri, 3 Jun 2016 08:58:26 +0000 (08:58 +0000)]
MFC r300667:
Check for signals when locking the USB enumeration thread from
userspace, so that USB applications can be killed if an enumeration
thread should be stuck for various reasons.
hselasky [Fri, 3 Jun 2016 08:53:14 +0000 (08:53 +0000)]
MFC r299060:
Extend the UQ_NO_STRINGS quirk to also cover the USB language string
descriptor. This fixes enumeration of some older Samsung Galaxy S3
phones.
jhb [Tue, 24 May 2016 23:04:16 +0000 (23:04 +0000)]
MFC 299310:
Don't store generated firmware object files in the source directory.
Trim the leading directory of a firmware source file from the resulting
target object file name so the object file is stored in the object
directory. Previously, using 'FIRMWS= /path/to/fw.bin:fw.bin' would
store the generated 'fw.bin.fwo' file in the /path/to directory. Now
it stores it in the object directory of the kernel module being built.
davidcs [Tue, 10 May 2016 02:58:52 +0000 (02:58 +0000)]
MFC r298294
1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
when trigger_grcdump sysctl flag is set. When grcdump is taken
grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump
1. Process tx completions in bxe_periodic_callout_func() and restart
transmissions if possible.
2. For SIOCSIFFLAGS call bxe_init_locked() only if !BXE_STATE_DISABLED
3. remove code not needed in bxe_init_internal_common()
MFC r296342:
Allow for overlapping quirk device ranges. Prior to this patch only
the first device entry matching the USB vendor, product and revision
would be searched for quirks. After this patch all device entries will
be searched for quirks.
ian [Tue, 15 Mar 2016 04:03:15 +0000 (04:03 +0000)]
When building on a newer host, boostrap using lex from the stable-8 source
to match the yacc being used from that source. This avoids a build error
caused by the newer lex emitting a yylex() decl that's already in the source.
This is a direct commit to stable-8; there is no corresponding change in
later branches to MFC from. For the record, the new lex came in at version 1000032, but slipping it into the 1000013 block makes more sense than
creating a whole new .if block for it.
ian [Tue, 15 Mar 2016 03:20:24 +0000 (03:20 +0000)]
MFC r206424: (by rdivacky in 2010)
Rename the ALIGN macro to LINT_ALIGN so it does not clash with
machine/param.h
Bump the alignment to 16bytes because lint1 memory allocator is used for
objects that require 16bytes alignment on amd64 (ie. val_t). This makes
lint1 work when compiled with compiler(s) that use SSE for memcpy on amd64.
(e.g. clang).
This allows me to compile stable-8 on a 64-bit build host running 10-stable,
without dying during the xlint build. It should work fine on 11-current too.
hselasky [Mon, 7 Mar 2016 10:07:01 +0000 (10:07 +0000)]
MFC r295928:
Configure the correct bMaxPacketSize for control endpoints before
requesting the initial complete device descriptor and not as part of
the subsequent babble error recovery. Babble means that the received
USB packet was bigger than than configured maximum packet size. This
only affects enumeration of FULL speed USB devices which use a
bMaxPacketSize different from 8 bytes. This patch might help fix
enumeration of USB devices which exhibit USB I/O errors in dmesg
during boot.
davidcs [Thu, 25 Feb 2016 18:17:06 +0000 (18:17 +0000)]
MFC r295823
Modified the use of bxe_grc_dump() function so that it can be invoked directly at any potential error path, where a fwdump is needed. The fwdump (a.k.a grcdump) is stored in a driver buffer. The sysctl grcdump_done indicates if a fwdump was taken and waiting to be retrieved.
The sysctl trigger_grcdump can be used to manually trigger a fwdump.
jhb [Wed, 17 Feb 2016 01:45:34 +0000 (01:45 +0000)]
MFC 295418,295419:
Fix hangs or panics when misbehaved kernel threads return from their
main function.
295418:
Mark proc0 as a kernel process via the P_KTHREAD flag.
All other kernel processes have this flag set and all threads in proc0
(including thread0) have the similar TDP_KTHREAD flag set.
295419:
Call kthread_exit() rather than kproc_exit() for a premature kthread exit.
Kernel threads (and processes) are supposed to call kthread_exit() (or
kproc_exit()) to terminate. However, the kernel includes a fallback in
fork_exit() to force a kthread exit if a kernel thread's "main" routine
returns. This fallback was added back when the kernel only had processes
and was not updated to call kthread_exit() instead of kproc_exit() when
threads were added to the kernel.
This mistake was particularly exciting when the errant thread belonged to
proc0. Due to the missing P_KTHREAD flag the fallback did not kick in
and instead tried to return to userland via whatever garbage was in the
trapframe. With P_KTHREAD set it tried to terminate proc0 resulting in
other amusements.
dim [Tue, 19 Jan 2016 18:35:22 +0000 (18:35 +0000)]
MFC r294102:
MFV r294101: 6527 Possible access beyond end of string in zpool comment
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Gordon Ross <gwr@nexenta.com>
This fixes erroneous double increments of the 'check' variable in a loop
in spa_prop_validate(). I ran into this in the clang380-import branch,
where clang 3.8.0 warns about it. (It is already fixed there.)
davidcs [Wed, 13 Jan 2016 00:29:59 +0000 (00:29 +0000)]
MFC r292638
Check for packet_length is greater than 60 bytes as well as packet_length is
greater than len_on_bd, before invoking the routine to handle jumbo over SGL
(bxe_service_rxsgl()).
Add counters for number of jumbo_over_SGL packets (rx_bxe_service_rxsgl) and
erroneous jumbo_over_SGL packets (rx_erroneous_jumbo_sge_pkts)
edwin [Thu, 12 Nov 2015 03:29:36 +0000 (03:29 +0000)]
MFC of 290697,tzdata8:
Update to tzdata2015g:
Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson.
hselasky [Mon, 9 Nov 2015 11:29:54 +0000 (11:29 +0000)]
MFC r290441:
Fix for unaligned IP-header.
The mbuf length fields must be set before m_adj() is called else
m_adj() will not always adjust the mbuf and an unaligned read
exception can trigger inside the network stack. This can happen on
platforms where unaligned reads are not supported. Adjust a length
check to include the 2-byte ethernet alignment while at it.
avatar [Wed, 7 Oct 2015 09:39:45 +0000 (09:39 +0000)]
MFC r238980:
Just like the other file systems found in /sys/fs, g_vfs_open()
should be paried with g_vfs_close(). Though g_vfs_close() is a wrapper
around g_wither_geom_close(), r206130 added the following test in
g_vfs_open():
if (bo->bo_private != vp)
return (EBUSY);
Which will cause a 'Device busy' error inside reiserfs_mountfs() if
the same file system is re-mounted again after umount or mounting failure:
(case 1, /dev/ad4s3 is not a valid REISERFS partition)
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Invalid argument
# mount -t msdosfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Device busy
(case 2, /dev/ad4s3 is a valid REISERFS partition)
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
# umount /mnt
# mount -t reiserfs -o ro /dev/ad4s3 /mnt
mount: /dev/ad4s3: Device busy
On the other hand, g_vfs_close() 'fixed' the above cases by doing an
extra step to keep 'sc->sc_bo->bo_private' and 'cp->private' pointers
synchronised.
MFC r286887: Using the error return code documented in the comment.
Though there is no direct midi_uninit() caller amongst existing drivers
at this moment, a quick experiment indicates that EBUSY gives users more
precise error message once drivers start to honour this result. For example,
emu_midi_detach() should check the result of mpu401_uninit() and block
module unloading if there is any MIDI I/O in progress.
hselasky [Sat, 29 Aug 2015 06:28:48 +0000 (06:28 +0000)]
MFC r286799:
Fix race in USB PF which can happen if we stop tracing exactly when
the kernel is tapping an USB transfer. This leads to a NULL pointer
access. The solution is to only trace while the USB bus lock is
locked.
edwin [Fri, 14 Aug 2015 00:00:50 +0000 (00:00 +0000)]
MFC of 286750,tzdata8:
Update to tzdata2015f:
Changes affecting future time stamps
North Korea switches to +0830 on 2015-08-15. (Thanks to Steffen Thorsen.)
The abbreviation remains "KST". (Thanks to Robert Elz.)
Uruguay no longer observes DST. (Thanks to Steffen Thorsen and Pablo Camargo.)
Changes affecting past and future time stamps
Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC. (Thanks to Roman Tudos.)
davidcs [Wed, 5 Aug 2015 02:08:42 +0000 (02:08 +0000)]
MFC r285973
- Avoid lock contention in the if_transmit callback by using trylock and
enqueueing the frames when it fails. This way there is some latency
removed from the transmitting path.
- If IFF_DRV_OACTIVE is set (and also if IFF_DRV_RUNNING is not) just
enqueue the desired frames and return successful transmit. This way we
avoid to return errors on transmit side and resulting in
possible out-of-order frames. Please note that IFF_DRV_OACTIVE is set
everytime we get the threshold ring hit, so this can be happening quite
often.
dim [Tue, 28 Jul 2015 09:19:04 +0000 (09:19 +0000)]
MFC r285340:
Fix swapped copyin(9) arguments in cxgb's iwch_arm_cq() function.
Detected by clang 3.7.0 with the warning:
sys/dev/cxgb/ulp/iw_cxgb/iw_cxgb_provider.c:309:18: error: variable
'rptr' is uninitialized when used here [-Werror,-Wuninitialized]
chp->cq.rptr = rptr;
^~~~
By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep
current FreeBSD 10 and earlier behavior of using compressed IPv6
addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and
later will use the new default of uncompressed IPv6 addresses.)
marius [Sun, 5 Jul 2015 20:16:51 +0000 (20:16 +0000)]
MFC: r281337
Don't enable RX and TX before their initial configuration is done, i. e.
after setting up interrupt moderation but before turning interrupts on.
This matches what Realtek's r8168 Linux driver does as of version 8.039.00
and fixes problems with certain incarnations of certain MAC revisions
like the interface requiring an extra up/down-cycle after boot to start
working or DMA configuration not being adhered to.