Commit Graph

229235 Commits

Author SHA1 Message Date
Pedro F. Giffuni
0699955838 cam: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:15:25 +00:00
Pedro F. Giffuni
d48d1a6464 nfsclient: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:14:56 +00:00
Pedro F. Giffuni
98fffe4ecb mips: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:13:30 +00:00
Pedro F. Giffuni
0993a7daaf ndis: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:11:38 +00:00
Pedro F. Giffuni
6d5bc1bcab powerpc: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:10:40 +00:00
Pedro F. Giffuni
a67b3b1621 arm: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:09:58 +00:00
Pedro F. Giffuni
74641f0bc6 x86: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these ire likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.

X-Differential revision: https://reviews.freebsd.org/D13837
2018-01-15 21:08:22 +00:00
Michael Tuexen
a2674e031c Decode msghdr argument of sendmsg() and recvmsg().
Sponsored by:		Netflix, Inc.
2018-01-15 20:39:42 +00:00
Michael Tuexen
0faae8b922 Add support for decoding the nxt_flags, rcv_flags, and snd_flags of
SCTP level cmsgs.
2018-01-15 20:37:11 +00:00
David Bright
469759f8e4 Exit fsck_ffs with non-zero status when file system is not repaired.
When the fsck_ffs program cannot fully repair a file system, it will
output the message PLEASE RERUN FSCK. However, it does not exit with a
non-zero status in this case (contradicting the man page claim that it
"exits with 0 on success, and >0 if an error occurs."  The fsck
rc-script (when running "fsck -y") tests the status from fsck (which
passes along the exit status from fsck_ffs) and issues a "stop_boot"
if the status fails. However, this is not effective since fsck_ffs can
return zero even on (some) errors. Effectively, it is left to a later
step in the boot process when the file systems are mounted to detect
the still-unclean file system and stop the boot.

This change modifies fsck_ffs so that when it cannot fully repair the
file system and issues the PLEASE RERUN FSCK message it also exits
with a non-zero status.

While here, the fsck_ffs man page has also been updated to document
the failing exit status codes used by fsck_ffs. Previously, only exit
status 7 was documented. Some of these exit statuses are tested for in
the fsck rc-script, so they are clearly depended upon and deserve
documentation.

Reviewed by:	mckusick, vangyzen, jilles (manpages)
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D13862
2018-01-15 19:25:11 +00:00
Tycho Nightingale
91fe5fe7e7 Provide some mitigation against CVE-2017-5715 by clearing registers
upon returning from the guest which aren't immediately clobbered by
the host.  This eradicates any remaining guest contents limiting their
usefulness in an exploit gadget.

This was inspired by this linux commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5b6c02f38315b720c593c6079364855d276886aa

Reviewed by:	grehan, rgrimes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13573
2018-01-15 18:37:03 +00:00
Dimitry Andric
a7264ff541 Pull in r322473 from upstream llvm trunk (by Andrei Elovikov):
[LV] Don't call recordVectorLoopValueForInductionCast for
  newly-created IV from a trunc.

  Summary:
  This method is supposed to be called for IVs that have casts in their
  use-def chains that are completely ignored after vectorization under
  PSE. However, for truncates of such IVs the same InductionDescriptor
  is used during creation/widening of both original IV based on PHINode
  and new IV based on TruncInst.

  This leads to unintended second call to
  recordVectorLoopValueForInductionCast with a VectorLoopVal set to the
  newly created IV for a trunc and causes an assert due to attempt to
  store new information for already existing entry in the map. This is
  wrong and should not be done.

  Fixes PR35773.

  Reviewers: dorit, Ayal, mssimpso

  Reviewed By: dorit

  Subscribers: RKSimon, dim, dcaballe, hsaito, llvm-commits, hiraditya

  Differential Revision: https://reviews.llvm.org/D41913

This should fix "Vector value already set for part" assertions when
building the net/iodine and sysutils/daa2iso ports.

Reported by:	jbeich
PR:		224867,224868
2018-01-15 18:20:15 +00:00
Kyle Evans
67a3bb4e34 stand/fdt: Don't leak next_fdtp if we fail to open overlay
MFC after:	1 week
X-MFC-With:	r327991
2018-01-15 18:08:01 +00:00
Eitan Adler
9cd768a177 units(1): units(1) free savescr in error condition too
CID:		978392
Reviewed by:	des
MFC After:	1 week
2018-01-15 17:27:43 +00:00
Andrew Turner
2c18ede691 Fix booting on some arm64 systems after r327879 by fixing the call to
utf8_to_ucs2 in boot1.efi. We need to initialise the ucs2 output string
so it will allocate space, and use the return value to determine if the
call was successful.

Reviewed by:	imp
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D13915
2018-01-15 16:58:07 +00:00
Ian Lepore
7c63e50188 Convert the x86 RTC driver to use new validated BCD<->timespec conversions.
New common routines were added to kern/subr_clock.c for converting between
calendrical time expressed in BCD and struct timespec. The new functions
return EINVAL on error, as expected when the clock hardware does not provide
valid time.

PR:		224813
Differential Revision:	https://reviews.freebsd.org/D13731 (no reviewers)
2018-01-15 16:40:43 +00:00
Nathan Whitehorn
fc8ea4be2a Install the SLB miss trap-handling code in the SLB-based MMU driver set up,
to which it is specific, rather than in the generic AIM startup code. This
will be required to support the radix-table-based MMU introduced with POWER9.
2018-01-15 16:08:34 +00:00
Andriy Gapon
6ce374aa94 geom_disk / scsi_da: deny opening write-protected disks for writing
Ths change consists of two parts.

geom_disk: deny opening a disk for writing if it's marked as
write-protected.  A new disk(9) flag is added to mark write protected
disks.  A possible alternative could be to add another parameter to d_open,
so that the open mode could be passed to it and the disk drivers could
make the decision internally, but the flag required less churn.

scsi_da: add a new phase of disk probing to query the all pages mode
sense page.  We can determine if the disk is write protected using bit 7
of the device specific field in the mode parameter header returned by
MODE SENSE.

PR:		224037
Reviewed by:	mav
MFC after:	4 weeks
Differential Revision: https://reviews.freebsd.org/D13360
2018-01-15 11:20:00 +00:00
Michael Tuexen
a826eb5a41 Add support for decoding the type of a cmsg. 2018-01-15 10:59:04 +00:00
Michael Tuexen
c1f0d826d6 Simplify table generation. 2018-01-15 08:32:49 +00:00
Nathan Whitehorn
04329fa708 Move the pmap-specific code in copyinout.c that gets pointers to userland
buffers into a new pmap-module function pmap_map_user_ptr() that can
be implemented by the respective modules. This is required to implement
non-segment-based AIM-ish MMU systems such as the radix-tree page tables
introduced by POWER ISA 3.0 and present on POWER9.

Reviewed by:	jhibbits
2018-01-15 06:46:33 +00:00
Kyle Evans
e9ca5fa5d7 stand/fdt: don't send clobbered FDT to the kernel
If fdt_overlay_apply fails at some stage to apply the overlay to the base,
both the base and overlay may be in an inconsistent state (some fixups
applied, some phandles adjusted, some symbols merged). These can be bad for
a number of reasons, to include user frustration if some fixups applied and
not others. Fail a little safer by making a clean copy of the base FDT for
every overlay that we can simply discard if things go awry.

This also allows us the luxury of simply discarding overlays if we hit some
kind of memory limit or if they're malformed and extremely large for some
reason. We'll now leave a nice error message indicating that some overlays
could not be applied due to size restrictions and we apply what we can.

I note that our overlay implementation has some flaws that might still leave
your system in an unbootable state even if an overlay applies correctly;
please exercise caution in using overlays until we can swap it out for
libfdt's implementation.

Tested on:	BananaPi-M3 (armv7)
Tested on:	Pine64 (aarch64)
Differential Revision:	https://reviews.freebsd.org/D13709
2018-01-15 05:00:26 +00:00
Peter Grehan
c81e664e74 The vmm(4) man page is conditional on MK_BHYVE.
Submitted by:	kevlo
2018-01-15 04:52:12 +00:00
Emmanuel Vadot
ce0618bea2 allwinner: mmc: Multiple improvement
- Add a per compatible configuration struct
  - Not all SoC uses the same size for DMA transfert, add this into the
    configuration data
  - Use new timing mode for some SoC (A64 mmc)
  - Auto calibrate clock for A64 mmc/emmc
  - A64 mmc controller need masking of data0
  - Add support for vmmc/vqmmc regulator
  - Add more capabilities, r/w speed is better for eMMC
  - MMC_CAP_SIGNALING_180 gives weird result so do not enable it for now.
  - Add new register documented in H3/A64 user manual

Tested-On: Pine64-LTS (A64), eMMC still doesn't work
Tested-On: A64-Olinuxino (A64), sd and eMMC are working
Tested-On: NanoPi Neo Plus2 (H5), sd and eMMC are working
Tested-On: OrangePi PC2 (H5), sd only (no eMMC)
Tested-On: OrangePi One (H3), sd only (no eMMC)
Tested-On: BananaPi M2 (A31s), sd only (no eMMC)
2018-01-14 22:05:29 +00:00
Fedor Uporov
512f29d141 Add metadata_csum feature support.
Reviewed by:   pfg (mentor)
Approved by:   pfg (mentor)
MFC after:     6 months

Differential Revision:    https://reviews.freebsd.org/D13810
2018-01-14 20:46:39 +00:00
Poul-Henning Kamp
9eec64c0aa Add a rudimentary PWM driver for the RaspberryPi.
Control is through sysctl, only GPIO12 supported.

bootverbose creates sysctls for direct mangling of relevant registers.

Only tested on RPI2
2018-01-14 20:36:21 +00:00
Eitan Adler
da24a5e5be vmm(4): add to Makefile
r326281 added the vmm man page, but it needs to be installed.

PR:	205705
2018-01-14 20:30:58 +00:00
Mark Johnston
d678ce4b6b Remove tst.zonename.d from the list of expected failures.
X-MFC with:	r327888
2018-01-14 17:56:19 +00:00
Mark Johnston
94a889089b Use the thread's ucred struct when fetching jid or jailname.
Reported by:	mjg
X-MFC with:	r327888
2018-01-14 17:55:40 +00:00
Ian Lepore
862993757a Add RTC clock conversions for BCD values, with non-panic validation.
RTC clock hardware frequently uses BCD numbers.  Currently the low-level
bcd2bin() and bin2bcd() functions will KASSERT if given out-of-range BCD
values.  Every RTC driver must implement its own code for validating the
unreliable data coming from the hardware to avoid a potential kernel panic.

This change introduces two new functions, clock_bcd_to_ts() and
clock_ts_to_bcd().  The former validates its inputs and returns EINVAL if any
values are out of range. The latter guarantees the returned data will be
valid BCD in a known format (4-digit years, etc).

A new bcd_clocktime structure is used with the new functions.  It is similar
to the original clocktime structure, but defines the fields holding BCD
values as uint8_t (uint16_t for year), and adds a PM flag for handling hours
using AM/PM mode.

PR:		224813
Differential Revision:	https://reviews.freebsd.org/D13730 (no reviewers)
2018-01-14 17:01:37 +00:00
Warner Losh
3922493a21 Report CG checksum mismatches. These errors are non-fatal. The
previous behavior is preserved (the CG checksum is fixed). We're just
noisy about it now.

Reviewed by: kirk@
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13884
2018-01-14 16:55:14 +00:00
Ed Maste
b6bf2e7c35 Enable VIMAGE in i386 GENERIC (revert r327840)
We've switched back to ld.bfd on i386 for now.

PR:		225077
Sponsored by:	The FreeBSD Foundation
2018-01-14 16:04:51 +00:00
Bjoern A. Zeeb
8e23158af7 Remove trailing whitespace.
No functional change.
2018-01-14 15:01:25 +00:00
Michael Tuexen
4d7b980924 Improve support for sctp_generic_recvmsg() and sctp_generic_sendmsg()
and add support for sctp_generic_sendmsg_iov().

Handle the struct iovec argument and the struct sctp_sndrcvinfo
arguments.
2018-01-14 14:33:22 +00:00
Michael Tuexen
1e6455d870 Add a function is decode the sinfo_flags of struct sctp_sndrcvinfo. 2018-01-14 14:27:42 +00:00
Konstantin Belousov
5f7b9ff2e3 Add STAC and CLAC instructions wrappers.
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D13838
2018-01-14 12:39:50 +00:00
Konstantin Belousov
e8c770a66e Enumerate and print Intel CPU features for Speculative Execution Side
Channel Mitigations.

The definitions are taken from the document 336996-001.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-01-14 12:36:23 +00:00
Konstantin Belousov
99801b12f9 When re-evaluating cpu_features, also re-print CPU identification.
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-01-14 12:33:05 +00:00
Michael Tuexen
a62bf68d3d Add suppor for the supported PR-SCTP policies. 2018-01-14 12:08:41 +00:00
Michael Tuexen
dfcd2888aa Mark the iovec parameters of writev() and readv() as IN and OUT.
This makes truss work on readv() as expected.
2018-01-14 09:51:25 +00:00
Bryan Venteicher
a12d97c55a Sync VirtIO IDs with Linux 2018-01-14 06:03:40 +00:00
Jeff Roberson
b6715dab8f Move VM_NUMA_ALLOC and DEVICE_NUMA under the single global config option NUMA.
Sponsored by:	Netflix, Dell/EMC Isilon
Discussed with:	jhb
2018-01-14 03:36:03 +00:00
Pedro F. Giffuni
b0ae8f91ac Fix build after r327949.
Reported by:	Cy Schubert
2018-01-14 00:31:34 +00:00
Dimitry Andric
e04518a677 Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
6.0.0 (branches/release_60 r321788).  Upstream has branched for the
6.0.0 release, which should be in about 6 weeks.  Please report bugs and
regressions, so we can get them into the release.

Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.

MFC after:	3 months
2018-01-14 00:08:34 +00:00
Nick Hibma
7f64a99075 Add support for Quectel EC25.
Submitted by:	Samuel Crookes
MFC after:	3 days
2018-01-13 23:31:21 +00:00
Nathan Whitehorn
68b9c019aa Document places we assume that physical memory is direct-mapped at zero by
using a new macro PHYS_TO_DMAP, which deliberately has the same name as the
equivalent macro on amd64. This also sets the stage for moving the direct
map to another base address.
2018-01-13 23:14:53 +00:00
Pedro F. Giffuni
26c1d774b5 dev: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these is likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.
2018-01-13 22:30:30 +00:00
Bryan Venteicher
a019e26c0f Fix possible panic when creating VirtIO console dev aliases
Since we have no control over the name, the MAKEDEV_CHECKNAME flag must be
used to return an error on an invalid (to devfs) name instead of panicing.

r305900 that originally added this feature also introduced a few other bugs:
  - Proper locking not performed
  - Theoretically broke the expectation that the control event buffer would
    not span more than one pages, but did not update the CTASSERT that was
    in place to prevent this. However, since the struct virtio_console_control
    and the bulk buffer together were quite small, this could not have happened.

Also workaround an QEMU VirtIO spec violation in that it includes the NUL
terminator in the buffer length when the spec says it is not included.

PR:		223531
MFC after:	1 week
2018-01-13 21:39:46 +00:00
Eitan Adler
6024be2774 limits(1): also bump .Dd...
PR:		225147
MFC After:	1 week
2018-01-13 21:37:14 +00:00
Eitan Adler
8e0bba1fbd limits(1): fix grammar
Submitted by:	yuri
PR:		225147
MFC After:	1 week
2018-01-13 21:36:39 +00:00