Commit Graph

243438 Commits

Author SHA1 Message Date
Konstantin Belousov
be50763fe0 Clarify the robustness guarantees.
Wording submitted by:	Martin Simmons <martin@lispworks.com>
MFC after:	3 days
2019-08-07 17:46:07 +00:00
Kirk McKusick
47d3e2f83b Correct the location of the first backup superblock in fsck_ffs.8.
Make a note in the newfs.8 manual page to update the first backup
superblock location when changing the default fragment size for
the filesystem.

Reported by:  O. Hartmann
2019-08-07 16:56:00 +00:00
Alan Somers
b0927a31dd Update RELNOTES for the fusefs rewrite
MFC after:	Never
Sponsored by:	The FreeBSD Foundation
2019-08-07 16:42:34 +00:00
Alan Somers
596a186627 RELNOTES: fix formatting from r350482
MFC after:	Never
Sponsored by:	The FreeBSD Foundation
2019-08-07 16:24:08 +00:00
Mark Johnston
bbce101753 Merge r3780 from elftoolchain.
Adjust argc and argv by optind before using them.  This slightly
simplifies the code.  No functional change intended.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21079
2019-08-07 16:22:25 +00:00
Warner Losh
ecdc19b50c Enable nvme on aarch64
Don't mark nvme as broken on aarch64. It compiles, at least, and people are
testing it out. This only enables the userland parts of the nvme stack.

Submitted by: greg at unrelenting technologies
Differential Revision: https://reviews.freebsd.org/D21168
2019-08-07 16:19:06 +00:00
Alexander Motin
b7e08f9305 Make GCC happy about math in r350676.
MFC after:	1 week
2019-08-07 15:05:08 +00:00
Alexander Motin
0912877616 Make camcontrol modepage support block descriptors.
It allows to read and write block descriptors alike to mode page parameters.
It allows to change block size or short-stroke HDDs or overprovision SSDs.
Depenting on -P parameter the change can be either persistent or till reset.
In case of block size change device may need reformat after the setting.
In case of SSD overprovisioning format or sanitize may be needed to really
free the flash.

During implementation appeared that csio_encode_visit() can not handle
integers of more then 4 bytes, that makes 8-byte LBA handling awkward.
I had to split it into two 4-byte halves now.

MFC after:	1 week
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-08-07 14:45:10 +00:00
Hans Petter Selasky
3194b27014 Correct PCI device ID for XHCI USB controller.
Submitted by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2019-08-07 13:35:13 +00:00
Emmanuel Vadot
0f6efb4445 ofw: ofw_reg_to_paddr: Use a 256 static array for the cell
Some hardware needs more than 32, bump this value.

We cannot use the _alloc for of getencprop as this function is called
too early in the boot before pmap is initialized and we only have
2k of stack when cninit is called.

Discussed with:     ian
2019-08-07 13:13:16 +00:00
Emmanuel Vadot
216cad16b6 arm: dts: am33xx: Fix the region for uart0
The region for uart0 is declared to be 0x2000 in size but the parent
node only declare 0x1000.
As the parent only declare a size of 0x1000 in the ranges for it's children
this cause the device to not be mappable.

https://patchwork.kernel.org/patch/11056769/
2019-08-07 13:11:53 +00:00
Mark Johnston
1966967151 readelf: Close input files when done with them.
The low fd limit used by poudriere exposed an odd failure mode in
cap_fileargs (used by readelf as of r350516).  In particular, when
the limit was hit, both the main process and casper service would
block on their shared socket, waiting forever for the other to send a
message.

Reported by:	zeising
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-08-07 03:14:45 +00:00
Xin LI
a15cb219c6 Expose zlib's utility functions in Z_SOLO library when building kernel.
This allows kernel code to reuse zlib's implementation.

PR:		229763
Reviewed by:	Yoshihiro Ota <ota j email ne jp>
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D21156
2019-08-07 01:41:17 +00:00
John Baldwin
67b3fe8ecf Tidy up the list of auth and encryption algorithms for IPsec stats.
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
  the names accepted by setkey and to also avoid confusion since
  these are not "plain" MD5 or SHA1.
- Remove always-true #ifdef's to make the source a bit easier to
  read.
- Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac.

MFC after:	2 weeks
Sponsored by:	Chelsio Communications
2019-08-07 00:53:27 +00:00
Alan Somers
0b4275accb fusefs: merge from projects/fuse2
This commit imports the new fusefs driver. It raises the protocol level
from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and
adds many new features. New features include:

* Optional kernel-side permissions checks (-o default_permissions)
* Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK
* Allow interrupting FUSE operations
* Support named pipes and unix-domain sockets in fusefs file systems
* Forward UTIME_NOW during utimensat(2) to the daemon
* kqueue support for /dev/fuse
* Allow updating mounts with "mount -u"
* Allow exporting fusefs file systems over NFS
* Server-initiated invalidation of the name cache or data cache
* Respect RLIMIT_FSIZE
* Try to support servers as old as protocol 7.4

Performance enhancements include:

* Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags
* Cache file attributes
* Cache lookup entries, both positive and negative
* Server-selectable cache modes: writethrough, writeback, or uncached
* Write clustering
* Readahead
* Use counter(9) for statistical reporting

PR:		199934 216391 233783 234581 235773 235774 235775
PR:		236226 236231 236236 236291 236329 236381 236405
PR:		236327 236466 236472 236473 236474 236530 236557
PR:		236560 236844 237052 237181 237588 238565
Reviewed by:	bcr (man pages)
Reviewed by:	cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit
		review on project branch)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://reviews.freebsd.org/D21110
2019-08-07 00:38:26 +00:00
John Baldwin
9b82c66474 Fix LOCAL_MODULES and improve the make output.
The exists() check guarding the invocation of ls was not working
correctly as it was expanding '$L' to determine the path of the local
modules directory.  Fix by using {} around the variable name.

Inline some of the logic from bsd.subdir.mk when invoking local module
builds.  This gives output in 'make buildkernel' the same as if there
was a Makefile in /usr/local/sys/modules with SUBDIR =
${LOCAL_MODULES}.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D20991
2019-08-06 23:22:25 +00:00
Jeff Roberson
0b26119b21 Cache kernel stacks in UMA. This gives us NUMA support, better concurrency,
and more statistics.

Reviewed by:	kib, markj
Tested by:	pho
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20931
2019-08-06 23:15:34 +00:00
John Baldwin
a04725cd5c Detect invalid PCI devices more correctly in PCI interrupt router drivers.
- Check for an invalid device (vendor is invalid) before reading the
  header type register when examining function 0 of a possible device.
- When iterating over functions of a device, reject any device whose
  16-bit vendor is invalid rather than requiring the full 32-bit
  vendor+device to be all 1's.  In practice the latter check is
  probably fine, but checking the vendor is what the PCI spec
  recommends.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D21147
2019-08-06 23:15:04 +00:00
Jeff Roberson
eda1b01647 Implement a MINBUCKET zone flag so we can use minimal caching on zones that
may be expensive to cache.

Reviewed by:	markj, kib
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D20930
2019-08-06 23:04:59 +00:00
Jeff Roberson
c168508655 Add two new kernel options to control memory locality on NUMA hardware.
- UMA_XDOMAIN enables an additional per-cpu bucket for freed memory that
   was freed on a different domain from where it was allocated.  This is
   only used for UMA_ZONE_NUMA (first-touch) zones.
 - UMA_FIRSTTOUCH sets the default UMA policy to be first-touch for all
   zones.  This tries to maintain locality for kernel memory.

Reviewed by:	gallatin, alc, kib
Tested by:	pho, gallatin
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20929
2019-08-06 21:50:34 +00:00
Jilles Tjoelker
cb71f1fa01 Add a test for kill() on a zombie 2019-08-06 21:17:22 +00:00
Kyle Evans
82bac68cdc ral: rt2860: fix wcid2ni access/size issue
RT2860_WCID_MAX is supposed to describe the max STA index for wcid2ni, and
was instead being used as the size -- off-by-one.

rt2860_drain_stats_fifo was range-checking wcid only after accessing
out-of-bounds potentially.

Submitted by:	Augustin Cavalier <waddlesplash@gmail.com> (basically)
Obtained from:	Haiku (58d16d9fe2d5a209cf22823359a8407d138e1a87)
Differential Revision:	3 days
2019-08-06 20:21:57 +00:00
Toomas Soome
9cb069b552 loader.efi: efilib.h and libefi.c were left out of 350654
And this is second followup for 350654
2019-08-06 20:13:28 +00:00
Toomas Soome
cefffc0b45 loader.efi: boot1.c was left out of 350654
Followup for 350654.
2019-08-06 20:08:01 +00:00
Toomas Soome
110d56cbf4 loader.efi: replace HandleProtocol() with OpenProtocol()
The HandleProtocol() is deprecated interface and we should use OpenProtocol()
instead. Moreover, in some firmware implementation(s), the HandleProtocol()
does return device path using static storage, so we can not keep the value
returned there. With same firmware, the OpenProtocol() does return data we
do not need to clone.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D21162
2019-08-06 19:27:27 +00:00
Kirk McKusick
e9660daffb Ignore UFS/FFS superblock check hash failures so as to allow a higher
level in the filesystem stack to decide what to do about them.

Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-08-06 18:28:44 +00:00
Warner Losh
ef7a2ead30 Fix mismerge.
I merged passthru.c from the wrong branch (it was a branch that went further in
a direction I wound up not taking). Fix the mismerge and turn passthru on.
2019-08-06 18:15:26 +00:00
Kirk McKusick
9454b4fd78 A race condition existed between the time a UFS/FFS superblock check
hash was computed and the time that the superblock was copied to a
buffer to be written to disk. The result was a failed superblock
check hash the next time that the superblock was read.

The fix is to compute the check hash after the superblock has been
copied to a buffer to be written.

PR:           236504
Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-08-06 18:10:34 +00:00
Ed Maste
7f8c266da5 Correct ICMPv6/MLDv2 out-of-bounds memory access
Previously the ICMPv6 input path incorrectly handled cases where an
MLDv2 listener query packet was internally fragmented across multiple
mbufs.

admbugs:	921
Submitted by:	jtl
Reported by:	CJD of Apple
Approved by:	so
MFC after:	0 minutes
Security:	CVE-2019-5608
2019-08-06 17:11:30 +00:00
Konstantin Belousov
762caeb475 Provide the list of knobs related to mitigations.
Discussed with:	bjk, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21087
2019-08-06 17:05:58 +00:00
Konstantin Belousov
90e35b0a98 amd64: prevents speculations over swapgs reload of %gs base.
Such speculations could use user-controlled %gs base, esp. since
FreeBSD supports WRGSBASE instructions.

Place LFENCEs on entry for each basic block after the test for
previous kernel/user mode on the kernel entry, which prevents the
speculation.  Code accesses %gs-based PCPU before any serialization
instructions are executed, like %cr3 reload for KPTI.

With pti disabled, on haswell i7-4770S machine, "syscall_timings getppid"
shows when no lfence is added to syscall path:
test	loop	time	iterations	periteration
getppid	0	1.040918865	4643611	0.000000224
getppid	1	1.004985962	4481816	0.000000224
getppid	2	1.005196483	4482363	0.000000224
with lfence:
getppid	0	1.043701091	4554779	0.000000229
getppid	1	1.016930328	4438094	0.000000229
getppid	2	1.023223117	4466640	0.000000229
and ministat reports 'No difference proven at 95.0% confidence.'

Security:	CVE-2019-1125
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-06 16:53:25 +00:00
Gleb Smirnoff
814f33aafb Since r350426 this KASSERT doesn't serve any useful purpose. 2019-08-06 16:11:00 +00:00
Ed Maste
54e9e4e72d bsnmp: add asn1 message length validation
admbugs:	780
Submitted by:	Guido Vranken, bz
Reported by:	Guido Vranken
Security:	CVE-2019-5610
2019-08-06 16:09:06 +00:00
Kyle Evans
ab7de25c25 oce(4): potential out of bounds access before vector validation
Submitted by:	Augustin Cavalier <waddlesplash@gmail.com>
Obtained from:	Haiku (ec2b89264cfc63e05e611cce82cc449197403aa4)
MFC after:	3 days
2019-08-06 13:09:20 +00:00
Michael Tuexen
12b678e9f2 Reference the RFC instead of the internet draft.
MFC after:		1 week
Sponsored by:		Netflix, Inc.
2019-08-06 11:26:30 +00:00
Michael Tuexen
cd2de8b735 Fix a locking issue in sctp_accept.
PR:			238520
Reported by:		pho@
MFC after:		1 week
2019-08-06 10:29:19 +00:00
Michael Tuexen
43ecbff2dc Fix build issues for the userland stack on Raspbian. 2019-08-06 08:33:21 +00:00
Conrad Meyer
85dbddbe14 amdtemp(4), amdsmn(4): Attach to Ryzen 3 (Zen 2) hostbridges
PR:	239607
Reported by:	"drclaw" <drclaw AT gmail.com>
2019-08-06 03:54:27 +00:00
Justin Hibbits
8b1531eca8 Fix build from r350622
It helps if my local kernel build has INVARIANTS.
2019-08-06 03:49:40 +00:00
Justin Hibbits
dc825fed55 powerpc/pmap: Simplify Book-E 64-bit page table management
There is no need for the 64-bit pmap to have a fixed number of page table
buffers.  Since the 64-bit pmap has a DMAP, we can effectively have user
page tables limited only by total RAM size.
2019-08-06 03:16:06 +00:00
Alan Somers
427d205cb5 fusefs: remove superfluous counter_u64_zero
Reported by:	glebius
Sponsored by:	The FreeBSD Foundation
2019-08-06 00:50:25 +00:00
Eric van Gyzen
e48c002fa4 Relax time constraint in pthread_cond_timedwait unit test
pthread_cond_timedwait() should wait _at least_ until the timeout,
but it might appear to wait longer due to system activity and
scheduling.  The test ignored fractional seconds when comparing the
actual and expected timeouts, so it allowed anywhere between zero
and one extra second of wait time.  Zero is a bit unreasonable.
Compare fractional seconds so we always allow up to one extra second.

Reviewed by:	ngie
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2019-08-05 22:59:35 +00:00
John Baldwin
ed9ffd2f09 Validate guest-supplied length of headers for TSO transmit requests.
When transmitting a large TCP packet, the final transmit descriptor
includes the length of the protocol headers to be duplicated on each
segment.  The device model was trusting the guest-supplied value
without validating it.  A value of zero would result in the guest
being able to indirect a garbage pointer on the stack to overwrite
arbitrary memory in the bhyve process.  A value that was non-zero but
too small for the requested parameters resulted in the device model
reading and writing values beyond the end of the on-stack buffer used
to hold the template header.

To fix, validate the supplied length and drop requests to transmit
packets that would overflow the header buffer.  While here, initialize
the header pointer to NULL as a preventive measure so that any access
to an unallocated template header crashes they hypervisor
deterministically.

While here, only read the TCP sequence number if the packet being
split is a TCP packet.  The e1000 logic supports a segmentation of UDP
frames, and while UDP segmentation requires this part of the header to
be valid (so there is no buffer overflow), only reading the field when
needed is cleaner.

admbugs:	918
Reported by:	Reno Robert <renorobert@gmail.com>
Reviewed by:	markj
Approved by:	so
Security:	CVE-2019-5609
2019-08-05 21:39:55 +00:00
Mariusz Zaborski
c878d1eb45 procdesc: fix the function name
I changed name of the function r350429 and forgot to update
the r350612 patch.

Reported by:	jenkins
MFC after:	1 month
2019-08-05 20:31:17 +00:00
Mariusz Zaborski
9f5103abab process: style
We don't need to check if the parent is already set.
This is done already in the proc_reparent.

No functional behaviour changes intended.

MFC after:	1 month
2019-08-05 20:26:01 +00:00
Mariusz Zaborski
a05cfdf479 exit1: fix style nits
MFC after:	1 month
2019-08-05 20:20:14 +00:00
Mariusz Zaborski
fd631bcd95 procdesc: fix reparenting when the debugger is attached
The process is reparented to the debugger while it is attached.
  B          B
 /   ---->   |
A          A D

Every time when the process is reparented, it is added to the orphan list
of the previous parent:

A->orphan = B
D->orphan = NULL

When the A process will close the process descriptor to the B process,
the B process will be reparented to the init process.
  B            B - init
  |   ---->
A D          A   D

A->orphan = B
D->orphan = B

In this scenario, the B process is in the orphan list of A and D.

When the last process descriptor is closed instead of reparenting
it to the reaper let it stay with the debugger process and set
our previews parent to the reaper.

Add test case for this situation.
Notice that without this patch the kernel will crash with this test case:
panic: orphan 0xfffff8000e990530 of 0xfffff8000e990000 has unexpected oppid 1

Reviewed by:	markj, kib
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D20361
2019-08-05 20:15:46 +00:00
Mariusz Zaborski
799d92ab78 proc: introduce the proc_add_orphan function
This API allows adding the process to its parent orphan list.

Reviewed by:	kib, markj
MFC after:	1 month
2019-08-05 20:11:57 +00:00
Mariusz Zaborski
41fadb3fca exit1: postpone clearing P_TRACED flag until the proctree lock is acquired
In case of the process being debugged. The P_TRACED is cleared very early,
which would make procdesc_close() not calling proc_clear_orphan().
That would result in the debugged process can not be able to collect
status of the process with process descriptor.

Reviewed by:	markj, kib
Tested by:	pho
MFC after:	1 month
2019-08-05 19:59:23 +00:00
Alexander Motin
217c81f334 Fix alignment issue r350599.
MFC after:	10 days
2019-08-05 19:30:28 +00:00