Commit Graph

229025 Commits

Author SHA1 Message Date
Ed Maste
c24972459f ath: fix possible memory disclosures in ioctl handlers
Apply the fix from r327499 to additional ioctl handlers.

Reported by:	Ilja van Sprundel <ivansprundel@ioactive.com>
MFC after:	1 week
MFC with:	r327499
Sponsored by:	The FreeBSD Foundation
2018-01-02 19:34:23 +00:00
Ed Maste
85f385b9aa ath: fix memory disclosure from ath_btcoex_ioctl
The ath_btcoex_ioctl handler allocated a buffer without M_ZERO and
returned it to userland without writing to it.

The device has permissions only for root so this is not urgent, and the
fix can be MFCd and considered for a future EN.

Reported by:	Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by:	Domagoj Stolfa <domagoj.stolfa@gmail.com>
Reviewed by:	adrian
MFC after:	1 week
2018-01-02 19:29:30 +00:00
Ed Maste
5d8501f487 hpt{nr,rr}: plug info leak in hpt_ioctl
The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.

Reviewed by:	jhb, kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-01-02 18:31:32 +00:00
Ed Maste
51cbc81510 hpt27xx: plug info leak in hpt_ioctl
The hpt27xx ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.

Also zero bytesReturned in case it is not written by hpt_do_ioctl().

The hpt27xx device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.

Reported by:	Ilja van Sprundel <ivansprundel@ioactive.com>
Submitted by:	Domagoj Stolfa <domagoj.stolfa@gmail.com> (M_ZERO)
Reviewed by:	jhb, kib
MFC after:	3 days
Security:	info leak in root-only ioctl
Sponsored by:	The FreeBSD Foundation
2018-01-02 18:29:44 +00:00
Mark Johnston
1787c3feb4 Fix some I/O ordering issues in gmirror.
- BIO_FLUSH requests were dispatched to the disks directly from
  g_mirror_start() rather than going through the mirror's I/O request
  queue, so they could have been reordered with preceding writes.
  Address this by processing such requests from the queue, avoiding
  direct dispatch.
- Handling for collisions with synchronization requests was too
  fine-grained and could cause reordering of writes. In particular,
  BIO_ORDERED was not being honoured. Address this by effectively
  freezing the request queue any time a collision with a synchronization
  request occurs. The queue is unfrozen once the collision with the
  first frozen request is over.
- The above-mentioned collision handling allowed reads to jump ahead
  of writes to the same offset. Address this by freezing all request
  types when a collision occurs, not just BIO_WRITEs and BIO_DELETEs.

Also add some more fail points for use in testing error handling.

Reviewed by:	imp
MFC after:	3 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13559
2018-01-02 18:11:54 +00:00
Conrad Meyer
35f85edc80 rpcbind: Fix race in signal termination
If a signal was delivered while the main thread was not in poll(2) and after
check was performed, we could reenter poll and never detect termination. Fix
this with the pipefd trick.  (This race was introduced very recently, in
r327482.)

PR:		224503
Reported by:	kib
Reviewed by:	kib, markj
Sponsored by:	Dell EMC Isilon
2018-01-02 17:25:13 +00:00
Baptiste Daroussin
8b081eaa55 Revert r326844
There has been some fallout from the change. The change itself was not valueable
enough to spend time investigating the corner cases, let's just back it out.

Reported by:	flo
2018-01-02 16:50:57 +00:00
Kyle Evans
0316d48587 aw_sid: Add man page for this driver
Reviewed by:	manu, bjk (both earlier version), brueffer (manpages)
Differential Revision:	https://reviews.freebsd.org/D13720
2018-01-02 14:54:54 +00:00
Ed Maste
aadb68849f elfcopy: copy raw (untranslated) contents to binary output
Previously elfcopy used elf_getdata to obtain data from ELF sections
being copied to binary output, but elf_getdata returns data that has
been translated - that is, data is in host byte order. When the host and
target differ in endianness (e.g., converting a big-endian MIPS ELF
object to binary on an x86 host) this resulted in byte-swapped data in
certain sections such as .dynamic.

Instead use elf_rawdata to keep data in the original, target endianness.

Reported by:	Hiroki Mori <yamori83@yahoo.co.jp>, Bill Yuan
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2018-01-02 14:07:55 +00:00
Eitan Adler
7d3df1907a shutdown: Fix r327476 by adding init
Initialize maybe_today. While here sort.

PR:				32411
Additionally reported by:	rgrimes, ian
2018-01-02 09:02:42 +00:00
Nathan Whitehorn
8befcf7be1 Add installer support for PS3 and PowerNV systems, also laying the
foundation for invoking efibootmgr as part of new-style EFI booting on
x86. On PS3 and PowerNV, which are booted using Linux kexec from petitboot
rather than by loader(8), install the kernel and the rest of /boot to a
FAT partition and set up the appropriate petitboot configuration file
there.

The new bootconfig installer stage can do platform-dependent modifications
more complex than partition layout and installation of boot blocks and can
be used to (as here) set up some special configuration files, run efibootmgr,
or boot0cfg.

MFC after:	1 month
2018-01-02 05:27:24 +00:00
Nathan Whitehorn
a5837f2c26 Skip errors from being unable to set modification and creation times. If
one of the directories in the filesystem hierarchy is a FAT mountpoint,
settings its times will fail, which would cause installation to abort.
Instead, make this a best-effort thing.

Handling this error is a hack and a better internal scheme for handling
this should be added to libarchive.
2018-01-02 05:22:54 +00:00
Jeff Roberson
ad5b0f5b51 Fix arc after r326347 broke various memory limit queries. Use UMA features
rather than kmem arena size to determine available memory.

Initialize the UMA limit to LONG_MAX to avoid spurious wakeups on boot before
the real limit is set.

PR:		224330 (partial), 224080
Reviewed by:	markj, avg
Sponsored by:	Netflix / Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13494
2018-01-02 04:35:56 +00:00
Nathan Whitehorn
67530f82dd Fix reversed endianness that crept in at some point. Blue is now blue
instead of pink.

MFC after:	3 days
2018-01-02 03:59:46 +00:00
Conrad Meyer
b545252a16 rpcbind: Fix build
Add missed unistd.h include.  Not sure where it was lost; I believe it
compiled before I submitted the change.

PR:		224503
Reported by:	Cy Schubert <Cy.Schubert AT komquats.com>
Sponsored by:	Dell EMC Isilon
2018-01-02 01:48:11 +00:00
Conrad Meyer
055569f608 rpcbind: Do not use signal-unsafe functions in SIGTERM handler
syslog(3), routines used in write_warmstart(), and exit(3) are all
signal-unsafe.  Instead, set a signal-safe flag and check the flag in the
rpcbind main loop to shutdown safely.

PR:		224503
Reviewed by:	kib, markj
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13728
2018-01-02 00:48:19 +00:00
Adrian Chadd
9fbe631a1a [net80211] convert all of the WME use over to a temporary copy of WME info.
This removes the direct WME info access in the ieee80211com struct and instead
provides a method of fetching the data.  Right now it's a no-op but eventually
it'll turn into a per-VAP method for drivers that support it (eg iwn, iwm,
upcoming ath10k work) as things like p2p support require this kind of behaviour.

Tested:

* ath(4), STA and AP mode

TODO:

* yes, this is slightly stack size-y, but it is an important first step
  to get drivers migrated over to a sensible WME API.  A lot of per-phy things
  need to be converted to per-VAP before P2P, 11ac firmware, etc stuff shows up.
2018-01-02 00:07:28 +00:00
Eitan Adler
cb1101afd7 shutdown: Assume absolute time is in the future
The original bug describes it best:

When an absolute time is specified to shutdown, the program's
behavior depends on whether that time has passed during the
current calendar day.  POLA would suggest that for shutdown,
whose time argument is always supposed to be in the future,
absolute times specified without a specific date should refer
to the next occurrence of that time, rather than erroring out
if that time has already passed during the current day.

PR:		32411
Submitted by:	wollman@khavrinen.lcs.mit.edu
Submitted on:	2001-11-30 20:30:01 UTC
Reviewed by:	asmodai (at time of bug submission)
2018-01-01 22:33:57 +00:00
Jilles Tjoelker
b0125116ca sh: Move various structs from jobs.h to jobs.c
These implementation details of jobs.c need not be exposed.
2018-01-01 22:31:52 +00:00
Eitan Adler
88791bd8f6 bsdinstall: inform users that typing will not be visible
Some users, especially those that are new, might be confused when passwd
does not echo anything. Inform users that the password will not be
visible.

PR:		196113
Submitted by:	Byron Grobe <grobe0ba@gmail.com>
2018-01-01 22:10:21 +00:00
Antoine Brodin
1b25176cbc sysctl_kern_proc_args: do not take the fast path if p_args is NULL
In this case it falls back to reading ps_strings
2018-01-01 21:25:01 +00:00
Konstantin Belousov
84874cc151 Avoid re-check of usermode condition.
It does not change anything in the behavior of trap_pfault(), while
eliminating obfuscation of jumping to the code which checks for the
condition reversed of the goto cause.  Also avoid force initialize the
rv variable, since it is now only accessed after storing vm_fault()
return value.

Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D13725
2018-01-01 20:47:03 +00:00
Konstantin Belousov
da457ed9d6 Add CR4.SMAP control bit.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2018-01-01 19:34:19 +00:00
Konstantin Belousov
9997c0481c Do not let vm_daemon run unbounded.
On a load where single anonymous object consumes almost all memory on
the large system, swapout code executes the iteration over the
corresponding object page queue for long time, owning the map and
object locks.  This blocks pagedaemon which tries to lock the object,
and blocks other threads in the process in vm_fault() waiting for the
map lock.

Handle the issue by terminating the deactivation loop if we executed
too long and by yielding at the top level in vm_daemon.

Reported by:	peterj, pho
Reviewed by:	alc
Tested by:	pho (as part of the larger patch)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D13671
2018-01-01 19:27:33 +00:00
Warner Losh
133d84f4d1 Be less verbose and more precise. 2018-01-01 19:04:40 +00:00
Warner Losh
a1895a9244 Add note that assert.h may be included multiple times
with and without NDEBUG defined.
2018-01-01 18:59:11 +00:00
Warner Losh
c40f7c0583 assert(3) appeared first in the 7th Edition Unix, not the 6th, at
least according to the extant distributions preserved at tuhs.org.

Obtained from: http://www.tuhs.org/cgi-bin/utree.pl?file=V7/usr/include/assert.h
2018-01-01 18:55:13 +00:00
Xin LI
c3fc0d96f3 Remove unused includes. 2018-01-01 09:41:18 +00:00
Xin LI
73aaa45510 Remove unused includes. 2018-01-01 08:01:26 +00:00
Warner Losh
4a6e715d0e Remove empty directories... silly git svn w/o --rmdir. 2018-01-01 05:18:28 +00:00
Warner Losh
7167e16b49 Remove sys/mips/rmi. It's been unmaintained since 2011. This hardware
is now unobtanium. It's only had API changes in the last 7 years, and
is responsible for a very large number of them. In addition, there's a
lot of code that reimplements base FreeBSD functionality, diminishing
the chances it still works. Without hardware to teset it on, or
prospects of obtaining such hardware and without vendor support, it's
time to move on.

Suggested by: kan@ in mips@ retirement discussion
2018-01-01 05:13:03 +00:00
Warner Losh
c3dbef68d5 Remove support for IDT. Only the RouterBoard RB533 used this chip, and
it's at least 5 years out of production. I couldn't find a used one on
ebay and other secondary markets just now, nor when I tried 4 years
ago. It dates from the initial project/mips2 merge 8 years ago, and
hasn't been updated since.

Discussed on: mips@ (with some dissent)
2018-01-01 04:10:36 +00:00
Warner Losh
ada611f6ad Retire old ADM 5120 port. It never grew much beyond the original port.
It came into the tree with the project/mips merge 8 years ago. At the
time, it was hard to find a board with enough RAM to run. Now FreeBSD
requires at least 2x the RAM it did then. No changes have happened to
this port apart from API churn and license tagging since then. It ran
OK at the time it was committed, but no sightings in the wild have
happened since shortly after it was committed.

https://www.linux-mips.org/wiki/Adm5120_devices lists a bunch of
boards that were available 5 years ago (but are no longer
available). The beefiest one had only 64MB of RAM which is too
small. The Mirktik RB1xx never had more than 32MB.

Also remove confusing QEMU config file that never ever worked in QEMU
for mips. MALTA is used for that. Another of my past mistakes, false
starts that never amounted to anything.

Discussed on: mips@ (with some dissent)
2018-01-01 04:10:31 +00:00
Warner Losh
5daa7f27c5 Remove sys/mips/alchemy. It was still-born when I committed it and it
never got better. It never worked on real hardware and is still mostly
stubs after 8 years when I added it. It has had no real update in that
time apart from API churn. It was added just so it didn't get lost in
the project/mips merge, but maybe it should have been lost as nothing
has come of it. It is time to give up the ghost on this one.

Approved by: me, shooting my own dog
Discussed on: mips@
2018-01-01 04:10:25 +00:00
Warner Losh
039f26fab0 Remove sys/mips/rt305x. It's been replaced by sys/mips/mediatek.
OK'd by: Stanislav Galabov (who did both)
Discussed on: mips@
2018-01-01 04:06:24 +00:00
Nathan Whitehorn
9fb36b5eae After removal of loader.ps3, change petitboot configuration in release media
to directly kexec the kernel. Unlike the old loader.ps3 code, this also works
on PowerNV systems, which also use petitboot.

MFC after:	1 month
2018-01-01 03:33:01 +00:00
Eitan Adler
d3e909e7bb ieee80211(9): update man page
This copies changes from NetBSD into FreeBSD's man page.  I compared the
proposed changes against FreeBSD headers and modified them to match.

PR:		214602
Submitted by:	fehmi noyan isi <fnoyanisi@yahoo.com>
2018-01-01 00:20:35 +00:00
Oleksandr Tymoshenko
de87887b78 Fix GCC build broken by r32744
Indicate in function declaration that vt_palette_init does not take any arguments
2017-12-31 23:40:06 +00:00
Ian Lepore
b6f4732cb3 Add a validbcd() routine that uses the bcd2bin_data[] array and returns a
bool indicating whether the input value represents a valid BCD byte.

The existing bcd2bin() routine will KASSERT if asked to convert a bad value,
but sometimes the kernel has to handle BCD data from untrusted sources, so
this will provide a mechanism to validate data before attempting conversion.

This would be have easier/cleaner if the bcd2bin_data[] array contained an
out-of-range value (such as 0xff) in the infill locations that aren't valid,
but it's a global symbol that might be referenced by out-of-tree code
relying on the current scheme, so I'm leaving that alone.
2017-12-31 22:43:24 +00:00
Kyle Evans
07bd38576d aw_sid: Add support for a64
Newer Allwinner SoCs have nearly identical SID controllers with efuse space
starting at 0x200 into their register space and thermal data available at
0x234, making all of these fairly trivial additions.

The h3 will be added at a later time after some testing, due to a silicon
bug that causes the rootkey (at least) to be read incorrectly unless first
read via the control register.
2017-12-31 22:35:32 +00:00
Eitan Adler
df76ac9951 newsyslog: implement 'p' flag
Implement the 'p' flag for newsyslog from NetBSD. This flag results in
the first log file for a given file to not be compressed.

While here, don't change file attributes during a no-op run

PR:		162798
Submitted by:	heas@shrubbery.net
MFC After:	1 month
2017-12-31 22:01:36 +00:00
Alan Cox
7000c58871 The variable "minslptime" is pointless and always has been, ever since its
introduction in r83366.  (At that time, this code appeared in vm/vm_glue.c,
because vm/vm_swapout.c did not exist.)  When the FOREACH_THREAD loop
completes, we know that the sleep time for every thread is above whichever
threshold is being applied.

Reviewed by:	kib
X-MFC with:	r327354
2017-12-31 21:36:42 +00:00
Oleksandr Tymoshenko
c127b9f9d1 Unbreak build broken by r327444
During review iterations function signature has changed in definition
but not in actual call. Fix call to match the definition.

Reported by:	Herbert J. Skuhra
Pointyhat to: gonzo
MFC after:	2 weeks
2017-12-31 21:29:20 +00:00
Bryan Venteicher
4d5c5d3ece Add rc.conf vxlan example
PR:	206288
Submitted by:	james@lodge.me.uk
MFC after:	2 weeks
2017-12-31 21:23:14 +00:00
Colin Percival
0337438d5d Wrap includes in sys/tslog.h with #ifdef TSLOG.
This is necessary because some non-kernel code #defines _KERNEL and then
includes kernel headers; as a result, it was getting conflicting versions
of curthread and curproc.  Non-kernel code should probably refrain from
defining _KERNEL, but for now hiding these indirect inclusions fixes the
build.

Reported by:	Michael Butler, Herbert J. Skuhra
2017-12-31 21:00:21 +00:00
Ian Lepore
a9bcc66178 Chase r327432... sparc64 clock.c now needs to include sys/tslog.h
Discussed with:	 cperciva
2017-12-31 20:30:51 +00:00
Nathan Whitehorn
3972f4c1d4 Remove PIR from PCPU data. It has an implementation-defined meaning that
is of limited utility outside of platform-specific code and can vary
at runtime when running as a hypervisor guest, so does not even have the
virtue of being a static identifier.

Reviewed by:	jhibbits
2017-12-31 20:23:39 +00:00
Oleksandr Tymoshenko
29f61a2f42 vt(4): add support for configurable console palette
Introduce new set of loader tunables kern.vt.color.N.rgb, where N is a
number from 0 to 15. The value is either comma-separated list decimal
numbers ranging from 0 to 255 that represent values of red, green, and
blue components respectively (i.e. "128,128,128") or 6-digit hex triplet
commonly used to represent colors in HTML or xterm settings (i.e. #808080)

Each tunable overrides one of the 16 hardcoded palette codes and can be set
in loader.conf(5)

Reviewed by:	bcr(docs), jilles, manu, ray
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D13645
2017-12-31 20:21:05 +00:00
Nathan Whitehorn
4e05ac247c Fix 32-bit build. 2017-12-31 20:20:55 +00:00
Nathan Whitehorn
f81dfc7f6b Make newer binutils happy by using a bl-type branch instead of b, which
displeases it for some reason. LR is not relevant in this code, so just
do what it wants.
2017-12-31 20:10:08 +00:00