Commit Graph

269439 Commits

Author SHA1 Message Date
Peter Holm
97a74bbe38 stress2: Added a regression test 2021-10-29 09:04:49 +00:00
Wojciech Macek
f5639a06b8 mvneta: fix encap property
Fix MVNETA encap property.
2021-10-29 10:56:57 +02:00
Kornel Duleba
027a58aab2 qoriq_gpio: Implement interrupt controller functionality
The pic_* interface was used.
Only edge interrupts are supported by this controller.
Driver mutex had to be converted to a spin lock so that it can
be used in the interrupt filter context.
Two types of intr_map_data are supported - INTR_MAP_DATA_GPIO and
INTR_MAP_DATA_FDT. This way interrupts can be allocated using the
userspace gpio interrupt allocation method, as well as directly from
simplebus. The latter can be used by devices that have its irq routed
to a GPIO pin.

Obtained from: Semihalf
Sponsored by: Alstom Group
Differential revision: https://reviews.freebsd.org/D32587
2021-10-29 10:08:26 +02:00
Kornel Duleba
d88aecce69 felix: Add a sysctl to control timer routine frequency
Driver polls status of all PHYs connected to the switch in a
fixed interval.
Add a sysctl that allows to control frequency of that.
The value is expressed in ticks and defaults to "hz", or 1 second.

Obtained from: Semihalf
Sponsored by: Alstom Group
2021-10-29 10:08:26 +02:00
Kornel Duleba
8c5fead105 Remove enetc_mdio driver
It was previously used by felix(4) for PHY communication.
Since that is not the case anymore this driver is now left unused.

Obtained from: Semihalf
Sponsored by: Alstom Group
2021-10-29 10:08:26 +02:00
Kornel Duleba
29cf6a79ac felix: Use internal MDIO regs for PHY communication
Previously we would use an external MDIO device found on the PCI bus.
Switch to using MDIO mapped in a separate BAR of the switch device.
It is much easier this way since we don't have to depend on another
driver anymore.

Obtained from: Semihalf
Sponsored by: Alstom Group
2021-10-29 10:08:26 +02:00
Kornel Duleba
06e6ca6dd3 dmar: Disable protected memory regions after initialization
Some BIOSes protect memory region they reside in by using DMAR to
prevent devices from doing any DMA transactions to that part of RAM.
AMI refers to this as "DMA Control Guarantee".
Disable the protection when address translation is enabled.
I stumbled upon this while investigation a failing coredump on a device
which has this feature enabled.

Sponsored by:		Stormshield
Obtained from:		Semihalf
Reviewed by:		kib
Differential revision:	https://reviews.freebsd.org/D32591
2021-10-29 10:08:25 +02:00
Kornel Duleba
3c02da8096 dmar: Don't try to reserve PCI regions for non-existing devices
In some cases we might have to create DMAR context before the
corresponding device has been enumerated by the PCI bus.
In that case we get called with NULL dev, because of that trying
to reserve PCI regions causes a NULL pointer dereference in
pci_find_pcie_root_port.

Sponsored by:		Stormshield
Obtained from:		Semihalf
MFC after:		2 weeks
Reviewed by:		kib, rlibby
Differential revision:	https://reviews.freebsd.org/D32589
2021-10-29 10:08:25 +02:00
Wojciech Macek
ccfa9ac5ac NXP: Add ls1028a SPI clock driver
Provide driver for LS1028A and LX2160 SPI clock modules.

Obtained from:		Semihalf
Sponsored by:		Alstom
Differential revision:	https://reviews.freebsd.org/D32689
2021-10-29 09:52:20 +02:00
Randall Stewart
aeda852782 tcp: Rack at times can miscalculate the RTT from what it thinks is a persists probe respone.
Turns out that if a peer sends in a window update right after rack fires off
a persists probe, we can mis-interpret the window update and calculate
a bogus RTT (very short). We still process the window update and send
the data but we incorrectly generate an RTT. We should be only doing
the RTT stuff if the rwnd is still small and has not changed.

Reviewed by: Michael Tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D32717
2021-10-29 03:17:43 -04:00
Kirk McKusick
68bff4a07e Allow GEOM utilities to specify a -v option.
Geom utilities (geli(8), glabel(8), gmirror(8), gpart(8), gmirror(8),
gmountver(8), etc) all use the geom(8) utility as their back end
to process their commands and pass them into the kernel. Creating
a new utility requires no more than filling out a template describing
the commands and arguments that the utility supports. Consider the
specification for the very simple gmountver(8) utility:

struct g_command class_commands[] = {
	{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
	    {
		G_OPT_SENTINEL
	    },
	    "[-v] prov ..."
	},
	{ "destroy", G_FLAG_VERBOSE, NULL,
	    {
		{ 'f', "force", NULL, G_TYPE_BOOL },
		G_OPT_SENTINEL
	    },
	    "[-fv] name"
	},
	G_CMD_SENTINEL
};

It has just two commands of its own: "create" and "destroy" along
with the four standard commands "list", "status", "load", and
"unload" provided by the base geom(8) utility. The base geom(8)
utility allows each command to use the G_FLAG_VERBOSE flag to specify
that a command should accept the -v flag and when the -v flag is
given the utility prints "Done." if the command completes successfully.
In the above example, both of the commands set the G_FLAG_VERBOSE,
so have the -v option available. In addition the "destroy" command
accepts the -f boolean flag to force the destruction.

If the "destroy" command wanted to also print out verbose information,
it would need to explicitly declare its intent by adding a line:

		{ 'v', "verbose", NULL, G_TYPE_BOOL },

Before this change, the geom utility would silently ignore the above
line in the configuration file, so it was impossible for the utility
to know that the -v flag had been set on the command. With this
change a geom command can explicitly specify a -v option with a
line as given above and handle it as it would any other option. If
both a -v option and G_FLAG_VERBOSE are specified for a command
then both types of verbose information will be output when that
command is run with -v.

MFC after:    1 week
Sponsored by: Netflix
2021-10-28 22:50:50 -07:00
Cy Schubert
a30e8044aa wpa: Fix WITHOUT_CRYPT build
PASN requires CRYPT and when built WITHOUT_CRYPT buildworld
fails. Only enable PASN when MK_CRYPT is enabled (default).

PR:		259517
Reported by:	emaste
Fixes:		c1d255d3ff
MFC after:	1 week
2021-10-28 19:38:12 -07:00
Steve Kargl
3bfc837685 sinpi,cospi,tanpi: float.h needed for week reference
The patch fixes the omission of '#include <float.h>', which is needed for
the weak reference on systems with LDBL_MANT_DIG == DBL_MANT_DIG.

PR:	218514
MFC after:	1 week
2021-10-29 03:15:19 +03:00
Ed Maste
6940d0e470 Force WITHOUT_OPENSSL_KTLS off when WITHOUT_OPENSSL
Discussed with:	jhb
MFC after:	1 week
Reported by:	Michael Dexter, Build Option Survey
Sponsored by:	The FreeBSD Foundation
2021-10-28 19:04:14 -04:00
Gleb Smirnoff
92b3e07229 Enable net.inet.tcp.nolocaltimewait.
This feature has been used for many years at large sites and
didn't show any pitfalls.
2021-10-28 15:34:00 -07:00
Sebastian Huber
ae750fbac7 kern_tc.c: Scaling/large delta recalculation
This change is a slight performance optimization for systems with a slow
64-bit division.

The th->th_scale and th->th_large_delta values only depend on the
timecounter frequency and the th->th_adjustment. The timecounter
frequency of a timehand only changes when a new timecounter is activated
for the timehand. The th->th_adjustment is only changed by the NTP
second update. The NTP second update is not done for every call of
tc_windup().

Move the code block to recalculate the scaling factor and
the large delta of a timehand to the new helper function
recalculate_scaling_factor_and_large_delta().

Call recalculate_scaling_factor_and_large_delta() when a new timecounter
is activated and a NTP second update occurred.

MFC after:	1 week
2021-10-29 00:31:14 +03:00
Ed Maste
a901f2af58 libradius: fix WITHOUT_OPENSSL build
int alen is used only with SSL.

Reported by:	Michael Dexter, Build Option Survey
MFC after:	3 days
Fixes:		8d5c781306 ("libradius: Fix input validation bugs")
Sponsored by:	The FreeBSD Foundation
2021-10-28 17:05:53 -04:00
Konstantin Belousov
1c69690319 Unmap shared page manually before doing vm_map_remove() on exit or exec
This allows the pmap_remove(min, max) call to see empty pmap and exploit
empty pmap optimization.

Reviewed by:	markj
Tested by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32569
2021-10-28 22:01:59 +03:00
Konstantin Belousov
0b3bc72889 amd64 pmap: adjust the empty pmap optimization in pmap_remove()
to match the added accounting of the top-level page table pages.

Reviewed by:	markj
Tested by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32569
2021-10-28 22:01:58 +03:00
Konstantin Belousov
e93b5adb6b amd64 pmap: account for the top-level pages
both for kernel and user page tables, the later exist in the PTI case.

Reviewed by:	markj
Tested by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32569
2021-10-28 22:01:58 +03:00
Konstantin Belousov
4d675b80f0 i386: fix struct proc layout asserts after 351d5f7fc5
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-10-28 21:56:21 +03:00
Felix Johnson
191c624d95 config(5): Update upper limit for maxusers on 64-bit systems
The limit of 384 maxusers for auto configuration was only imposed on
32-bit systems. Document that maxusers scales above 384 based on memory
for 64-bit systems.

PR:		204938
MFC after:	3 days
Reported by:	David Höppner <0xffea@gmail.com>
2021-10-28 14:15:08 -04:00
Konstantin Belousov
ee92c8a842 sysctl kern.proc.procname: report right hardlink name
PR:	248184
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:50:02 +03:00
Konstantin Belousov
351d5f7fc5 exec: store parent directory and hardlink name of the binary in struct proc
While doing it, also move all the code to resolve pathnames and obtain
text vp and dvp, into single place.   Besides simplifying the code, it
avoids spurious vnode relocks and validates the explanation why
a transient text reference on the script vnode is not harmful.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:56 +03:00
Konstantin Belousov
0c10648fbb exec: provide right hardlink name in AT_EXECPATH
For this, use vn_fullpath_hardlink() to resolve executable name for
execve(2).

This should provide the right hardlink name, used for execution, instead
of random hardlink pointing to this binary.  Also this should make the
AT_EXECNAME reliable for execve(2), since kernel only needs to resolve
parent directory path, which should always succeed (except pathological
cases like unlinking a directory).

PR:	248184
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:31 +03:00
Konstantin Belousov
9a0bee9f6a Make vn_fullpath_hardlink() externally callable
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:26 +03:00
Konstantin Belousov
15bf81f354 struct image_params: use bool type for boolean members
Also re-align comments, and group booleans and char members together.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:21 +03:00
Konstantin Belousov
9d58243fbc do_execve(): switch boolean locals to use bool type
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:16 +03:00
Konstantin Belousov
143dba3a91 kern_exec.c: style
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32611
2021-10-28 20:49:10 +03:00
Baptiste Daroussin
1a4d5f13ba ident: replace sbuf(9) with open_memstream(3)
This change makes ident only dependant on libc functions

This makes our ident(1) more portable, also the fact that we only
depend on libc which is maintained with excellent backward compatibility
means that if one day ident is removed from base, someone using FreeBSD
22 will be able to fetch ident from FreeBSD 14 to run ident against
FreeBSD 1.0 binary

MFC After:	1 week
2021-10-28 15:51:23 +02:00
Kristof Provost
4ee0f6d874 netpfil tests: dummynet+NAT test for pf
Ensure that NAT still works as expected when combined with dummynet.

MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32666
2021-10-28 10:41:17 +02:00
Kristof Provost
e5c4987e3f pf: fix dummynet + NAT
Dummynet differs from ALTQ in that ALTQ schedules packets after they
leave pf. Dummynet schedules them after they leave pf, but then
re-injects them.
We currently deal with this by ensuring we don't re-schedule a packet we
get from dummynet, but this produces unexpected results when combined
with NAT, as dummynet processing is done after the NAT transformation.
In other words, the second time the packet is handed to pf it may have a
different source and destination address.

Simplify this by moving dummynet processing to after all other pf
processing, and not re-processing (but always passing) packets from
dummynet.

This fixes NAT of dummynet delayed packets, and also reduces processing
overhead (because we only do state/rule lookup for each dummynet packet
once, rather than twice).

MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32665
2021-10-28 10:41:17 +02:00
Kristof Provost
7fe0c3f8d3 mbuf: PACKET_TAG_PF should not be persistent
We should clear firewall tags on loopback, icmp reflection, or if_epair
transmission. Left over tags can produce unexpected behaviour,
especially on if_epair where a and b interfaces can be in different
vnets, and have different firewall policies set.

MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32664
2021-10-28 10:41:17 +02:00
Kristof Provost
62d2dcafb7 if_epair: delete mbuf tags
Remove all (non-persistent) tags when we transmit a packet. Real network
interfaces do not carry any tags either, and leaving tags attached can
produce unexpected results.

Reviewed by:	bz, glebius
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32663
2021-10-28 10:41:16 +02:00
Wojciech Macek
8a727c3df8 mroute: add missing WUNLOCK
Add missing WNLOCK as in all other error cases.

Reported by:		Stormshield
Obtained from:		Semihalf
2021-10-28 07:12:23 +02:00
Wojciech Macek
fb3854845f mroute: fix memory leak
Add MFC to linked list to store incoming packets
before MCAST JOIN was captured.

Sponsored by:		Stormshield
Obtained from:		Semihalf
MFC after:		2 weeks
2021-10-28 07:12:16 +02:00
Gleb Smirnoff
840680e601 Wrap mutex(9), rwlock(9) and sx(9) macros into __extension__ ({})
instead of do {} while (0).

This makes them real void expressions, and they can be used anywhere
where a void function call can be used, for example in a conditional
operator.

Reviewed by:		kib, mjg
Differential revision:	https://reviews.freebsd.org/D32696
2021-10-27 18:58:36 -07:00
Jessica Clarke
63d24336fd Fix off-by-one error in msdosfs FAT32 volume label copying
I dropped the + 1 from the other two instances in each file but failed
to do so for this one, resulting in a more egregious buffer overread
than the one I was fixing (since the read character ended up in the
output if there was space).

Reported by:	Jenkins
Fixes:	34fb1c133c ("Fix intra-object buffer overread for labeled msdosfs volumes")
2021-10-28 01:01:00 +01:00
John Baldwin
4827bf76bc ktls: Fix assertion for TLS 1.0 CBC when using non-zero starting seqno.
The starting sequence number used to verify that TLS 1.0 CBC records
are encrypted in-order in the OCF layer was always set to 0 and not to
the initial sequence number from the struct tls_enable.

In practice, OpenSSL always starts TLS transmit offload with a
sequence number of zero, so this only matters for tests that use a
random starting sequence number.

Reviewed by:	markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D32676
2021-10-27 16:35:56 -07:00
Jilles Tjoelker
72f750dc7c sh: Fix heredoc at certain places in case and for
After an unescaped newline, there may be a here-document. Some places in
case and for did not check for one.

Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D32628
2021-10-27 21:05:19 +02:00
Mateusz Guzik
628c3b307f cache: only let non-dir descriptors through when doing EMPTYPATH lookups
Otherwise things like realpath against a file and '.' end up with an
illegal state of having a regular vnode for the parent.

Reported by:	syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com
2021-10-27 18:27:47 +00:00
Jessica Clarke
34fb1c133c Fix intra-object buffer overread for labeled msdosfs volumes
Volume labels, like directory entries, are padded with spaces and so
have no NUL terminator. Whilst the MIN for the dsize argument to strlcpy
ensures that the copy does not overflow the destination, strlcpy is
defined to return the number of characters in the source string,
regardless of the provided dsize, and so keeps reading until it finds a
NUL, which likely exists somewhere within the following fields, but On
CHERI with the subobject bounds enabled in the compiler this buffer
overread will be detected and trap with a bounds violation.

Found by:	CHERI
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D32579
2021-10-27 18:38:37 +01:00
Jessica Clarke
f350bc1dd3 ada: Fix intra-object buffer overread of identify strings
In the ATA/ATAPI spec these are space-padded fixed-length strings with
no NUL-terminator (and byte swapped). When performing the identify we
call ata_param_fixup to swap the bytes back to be in order, strip any
leading/trailing spaces and coalesce consecutive spaces, padding with
NULs. However, if the input has no padding spaces, the fixed-up strings
are still not NUL-terminated. This causes two issues. The first is that
strlcpy will truncate the string by replacing the final byte with a NUL.
The second is that strlcpy will keep reading src until it finds a NUL in
order to calculate the return value, which is defined as the length of
src (so that callers can then compare it with the dsize input to see if
the input string was truncated), thereby reading past the end of the
buffer and into whatever adjacent fields are in the structure. In
practice there's a NUL byte somewhere in the structure, but on CHERI
with subobject bounds enabled in the compiler this overread will be
detected and trap as a bounds violation.

Note this matches ata_xpt's aprobedone, which does a bcopy to a
malloc'ed buffer and manually NUL-terminates it for the CAM path's
device's serial_num.

Found by:	CHERI
Reviewed by:	imp, scottl
Differential Revision:	https://reviews.freebsd.org/D32567
2021-10-27 18:38:37 +01:00
Jessica Clarke
29863d1eff xhci: Rework 64-byte context support to avoid pointer abuse
Currently, to support 64-byte contexts, xhci_ctx_[gs]et_le(32|64) take a
pointer to the field within a 32-byte context and, if 64-byte contexts
are in use, compute where the 64-byte context field is and use that
instead by deriving a pointer from the 32-byte field pointer. This is
done by exploiting a combination of 64-byte contexts being the same
layout as their 32-byte counterparts, just with 32 bytes of padding at
the end, and that all individual contexts are either in a device
context or an input context which itself is page-aligned. By masking out
the low 4 bits (which is the offset of the field within the 32-byte
contxt) of the offset within the page, the offset of the invididual
context within the containing device/input context can be determined,
which is itself 32 times the number of preceding contexts. Thus, adding
this value to the pointer again gets 64 times the number of preceding
contexts plus the field offset, which gives the offset of the 64-byte
context plus the field offset, which is the address of the field in the
64-byte context.

However, this involves a fair amount of lying to the compiler when
constructing these intermediate pointers, and is rather difficult to
reason about. In particular, this is problematic for CHERI, where we
compile the kernel with subobject bounds enabled; that is, unless
annotated to opt out (e.g. for C struct inheritance reasons where you
need to be able to downcast, or containerof idioms), a pointer to a
member of a struct is a capability whose bounds only cover that field,
and any attempt to dereference outside those bounds will fault,
protecting against intra-object buffer overflows. Thus the pointer given
to xhci_ctx_[gs]et_le(32|64) is a capability whose bounds only cover the
field in the 32-byte context, and computing the pointer to the 64-byte
context field takes the address out of bounds, resulting in a fault when
later dereferenced.

This can be cleaned up by using a different abstraction. Instead of
doing the 32-byte to 64-byte conversion on access to the field, we can
do the conversion when getting a pointer to the context itself, and
define proper 64-byte versions of contexts in order to let the compiler
do all the necessary arithmetic rather than do it manually ourselves.
This provides a cleaner implementation, works for CHERI and may even be
slightly more performant as it avoids the need to mess with masking
pointers (which cannot in the general case be optimised by compilers to
be reused across accesses to different fields within the same context,
since it does not know that the contexts are over-aligned compared with
the C ABI requirements).

Reviewed by:	hselasky
Differential Revision:	https://reviews.freebsd.org/D32554
2021-10-27 18:38:37 +01:00
John Baldwin
2f7f899536 libdialog: Bump shared library version to 10.
The upgrade to libdialog 1.3 included changes to the ABI.

Bump libdpv to 3 since it links against libdialog.

Reported by:	Mark Millard <marklmi@yahoo.com>
Reviewed by:	bapt
Fixes:		a96ef45019 dialog: import dialog 1.3-20210117
Differential Revision:	https://reviews.freebsd.org/D32675
2021-10-27 09:30:24 -07:00
Warner Losh
aa15f7df64 arm: Remove obsolete comments
FreeBSD has never supported arm26, so remove comments about what
trapframes look like for that platform.

Noticed by:		kevans
Sponsored by:		Netflix
2021-10-27 09:44:58 -06:00
Gleb Smirnoff
5d3bf5b1d2 rack: Update the fast send block on setsockopt(2)
Rack caches TCP/IP header for fast send, so it doesn't call
tcpip_fillheaders().  After certain socket option changes,
namely IPV6_TCLASS, IP_TOS and IP_TTL it needs to update
its fast block to be in sync with the inpcb.

Reviewed by:		rrs
Differential Revision:	https://reviews.freebsd.org/D32655
2021-10-27 08:22:00 -07:00
Gleb Smirnoff
f581a26e46 Factor out tcp6_use_min_mtu() to handle IPV6_USE_MIN_MTU by TCP.
Pass control for IP/IP6 level options from generic tcp_ctloutput_set()
down to per-stack ctloutput.

Call tcp6_use_min_mtu() from tcp stack tcp_default_ctloutput().

Reviewed by:		rrs
Differential Revision:	https://reviews.freebsd.org/D32655
2021-10-27 08:22:00 -07:00
Gleb Smirnoff
de156263a5 Several IP level socket options may affect TCP.
After handling them in IP level ctloutput, pass them down to TCP
ctloutput.

We already have a hack to handle IPV6_USE_MIN_MTU. Leave it in place
for now, but comment out how it should be handled.

For IPv4 we are interested in IP_TOS and IP_TTL.

Reviewed by:		rrs
Differential Revision:	https://reviews.freebsd.org/D32655
2021-10-27 08:21:59 -07:00
Gleb Smirnoff
fc4d53cc2e Split tcp_ctloutput() into set/get parts.
Reviewed by:		rrs
Differential Revision:	https://reviews.freebsd.org/D32655
2021-10-27 08:21:59 -07:00