Commit Graph

229593 Commits

Author SHA1 Message Date
Mariusz Zaborski
1acf348551 Add SPDX tags for nv(9).
MFC after:	2 weeks
2018-01-27 12:58:21 +00:00
Mariusz Zaborski
28b6f7c86a Add SPDX tags for libcasper(3) and services.
MFC after:	2 weeks
2018-01-27 12:55:34 +00:00
Mariusz Zaborski
0fc4adbe06 Don't truncate name of glabel.
If it's to long just report that.

Reviewed by:	trasz@
Differential Revision:	https://reviews.freebsd.org/D13746
2018-01-27 12:28:52 +00:00
Mariusz Zaborski
56a791046d Document the grp Casper service.
Reviewed by:	brueffer@, bcr@
Differential Revision:	https://reviews.freebsd.org/D13821
2018-01-27 11:54:51 +00:00
Konstantin Belousov
c8f9c1f3d9 Use PCID to optimize PTI.
Use PCID to avoid complete TLB shootdown when switching between user
and kernel mode with PTI enabled.

I use the model close to what I read about KAISER, user-mode PCID has
1:1 correspondence to the kernel-mode PCID, by setting bit 11 in PCID.
Full kernel-mode TLB shootdown is performed on context switches, since
KVA TLB invalidation only works in the current pmap. User-mode part of
TLB is flushed on the pmap activations as well.

Similarly, IPI TLB shootdowns must handle both kernel and user address
spaces for each address.  Note that machines which implement PCID but
do not have INVPCID instructions, cause the usual complications in the
IPI handlers, due to the need to switch to the target PCID temporary.
This is racy, but because for PCID/no-INVPCID we disable the
interrupts in pmap_activate_sw(), IPI handler cannot see inconsistent
state of CPU PCID vs PCPU pmap/kcr3/ucr3 pointers.

On the other hand, on kernel/user switches, CR3_PCID_SAVE bit is set
and we do not clear TLB.

I can imagine alternative use of PCID, where there is only one PCID
allocated for the kernel pmap. Then, there is no need to shootdown
kernel TLB entries on context switch. But copyout(3) would need to
either use method similar to proc_rwmem() to access the userspace
data, or (in reverse) provide a temporal mapping for the kernel buffer
into user mode PCID and use trampoline for copy.

Reviewed by:	markj (previous version)
Tested by:	pho
Discussed with:	alc (some aspects)
Sponsored by:	The FreeBSD Foundation
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D13985
2018-01-27 11:49:37 +00:00
Konstantin Belousov
e65c8c1afb Fix native_lapic_ipi_alloc().
When PTI is enabled, empty IDT slots point to rsvd_pti.

Reported by:	Dexuan-BSD Cui <dexuan.bsd@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	5 days
2018-01-27 11:33:21 +00:00
Michal Meloun
a36b6ec0f9 Implement mitigation for Spectre version 2 attacks on ARMv7.
Similarly as we already do for arm64, for mitigation is necessary to
flush branch predictor when we:
- do task switch
- receive prefetch abort on non-userspace address

The user can disable this mitigation by setting 'machdep.disable_bp_hardening'
sysctl variable, or it can check actual system status by reading
'machdep.spectre_v2_safe'

The situation is complicated by fact that:
- for Cortex-A8, the BPIALL instruction is effectively NOP until the IBE bit
  in ACTLR is set.
- for Cortex-A15, the BPIALL is always NOP. The branch predictor can be
  only flushed by doing ICIALLU with special bit (Enable invalidates  of BTB)
  set in ACTLR.

Since access to the ACTLR register is locked to secure monitor/firmware on
most boards, they will also need update of firmware / U-boot.
In worst case, when secure monitor is on-chip ROM (e.g. PandaBoard),
the board is unfixable.

MFC after:	2 weeks
Reviewed by:	imp, emaste
Differential Revision:	https://reviews.freebsd.org/D13931
2018-01-27 11:19:41 +00:00
Michal Meloun
116a5567dd Fix pmap_fault().
- special fault handling for break-before-make mechanism should be also
  applied for instruction translation faults, not only for data translation
  faults.

- since arm64_address_translate_...() functions are not atomic,
  use these with disabled interrupts.
2018-01-27 09:49:47 +00:00
Conrad Meyer
9ea9c34ba5 ccp(4): Store IV in output buffer in GCM software fallback when requested
Apply r328361 to duplicate copy of ccr_gcm_soft in ccp(4).

Properly honor the lack of the CRD_F_IV_PRESENT flag in the GCM software
fallback case for encryption requests.
2018-01-27 07:41:31 +00:00
Scott Long
da2f5dfb35 Finish the incomplete move of CAM_PERIPH_PRINT().
Reported by:	kevans
2018-01-27 07:18:02 +00:00
John Baldwin
95c4f0f257 Clarify some comments in the MIPS makecontext().
- N32 and N64 do not have a $a0-3 gap.
- Use 'sp += 4' to skip over the gap for O32 rather than '+= i'.  It
  doesn't make a functional change, but makes the code match the comment.

Sponsored by:	DARPA / AFRL
2018-01-27 00:39:49 +00:00
Edward Tomasz Napierala
d3f19d3f57 Remove mention of sys/boot/ from hier(7), it doesn't exist anymore.
MFC after:	2 weeks
2018-01-27 00:09:43 +00:00
Scott Long
15747cacb4 Move CAM_PERIPH_PRINT() to cam_periph.h 2018-01-26 23:56:07 +00:00
John Baldwin
5425750f03 Move per-operation data out of the csession structure.
Create a struct cryptop_data which contains state needed for a single
symmetric crypto operation and move that state out of the session. This
closes a race with the CRYPTO_F_DONE flag that can result in use after
free.

While here, remove the 'cse->error' member.  It was just a copy of
'crp->crp_etype' and cryptodev_op() and cryptodev_aead() checked both
'crp->crp_etype' and 'cse->error'.  Similarly, do not check for an
error from mtx_sleep() since it is not used with PCATCH or a timeout
so cannot fail with an error.

PR:		218597
Reviewed by:	kib
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D13928
2018-01-26 23:21:50 +00:00
Warner Losh
60b7691d56 Fix a sleepable malloc in ndastart. We shouldn't be sleeping
here. Return ENOMEM when we can't malloc a buffer for the DSM
TRIM. This should fix the WITNESS warnings similar to the following:

uma_zalloc_arg: zone "16" with the following non-sleepable locks held:
exclusive sleep mutex CAM device lock (CAM device lock) r = 0 (0xfffff800080c34d0) locked @ /usr/src/sys/cam/nvme/nvme_da.c:351

Reviewed by: scottl@
Sponsored by: Netflix
2018-01-26 23:14:46 +00:00
Alexander Motin
3986af1f65 Use bus_dmamem_alloc(9) KPI instead of contigmalloc(9).
I suppose it should make this code NUMA-aware with recent NUMA drop-in,
trying to allocate shared memory buffers from domain closer to NT-bridge.

MFC after:	2 weeks
2018-01-26 22:22:26 +00:00
Warner Losh
47940d8594 Tag unreachable places as such. I left the while (1); in place since
in this context we want to busy wait to stop.

Suggested by: pfg@
2018-01-26 22:22:21 +00:00
Warner Losh
71710c12d6 Make exit() never return until host_exit can be written. 2018-01-26 21:51:13 +00:00
Warner Losh
fe4709c915 BERI isn't BTX, so we don't have to provide exit(). Just remove it
since it's unused.
2018-01-26 21:51:09 +00:00
Warner Losh
39bdddcd8c Now that exit is __dead2, we need to tag ub_exit() as __dead2. To do
that, we have to put a while (1); after the syscall that will never
return to fake out the compiler....
2018-01-26 21:50:59 +00:00
Scott Long
074cc5f66d Fix a cut-and-paste error in a panic message 2018-01-26 18:42:28 +00:00
Kirk McKusick
4d93711d80 For many years the message "fsync: giving up on dirty" has occationally
appeared on UFS/FFS filesystems. In some cases it was promptly followed
by a panic of "softdep_deallocate_dependencies: dangling deps". This fix
should eliminate both of these occurences.

Submitted by: Andreas Longwitz <longwitz at incore.de>
Reviewed by:  kib
Tested by:    Peter Holm (pho)
PR:           225423
MFC after:    1 week
2018-01-26 18:17:11 +00:00
Warner Losh
919cf86c87 Gross hack to omit printing hex floating point when the lua number
type is int64. While lua is setup for the representation, it's not
setup to properly print the numbers as ints. This is the least-gross
way around that, and won't affect the bootloader where we do this.
2018-01-26 17:56:20 +00:00
Ian Lepore
4dbbaf2021 Add support to the imx5/6 watchdog for the external reset signal. Also, if
the "power down" watchdog used by the ROM boot code is still active when the
regular watchdog is activated, turn off the power-down watchdog.

This adds support for the "fsl,ext-reset-output" FDT property.  When
present, that property indicates that a chip reset is accomplished by
asserting the WDOG1_B external signal, which is supposed to trigger some
external component such as a PMIC to ready the hardware for reset (for
example, adjusting voltages from idle to full-power levels), and assert the
POR signal to SoC when ready.  To guard against misconfiguation leading to a
non-rebootable system, the external reset signal is backstopped by code
that asserts a normal internal chip reset if nothing responds to the
external reset signal within one second.
2018-01-26 17:55:17 +00:00
Warner Losh
30883627ed abort() should be marked __dead2 since it won't return. 2018-01-26 17:40:13 +00:00
Warner Losh
18dd077da6 Preserve the original luaconf.h in a convenient place. Clients will
almost certainly need to override this, so reinforce that. If that's
not hte case, clients can always do a #include luaconf.h.dist.
2018-01-26 17:24:25 +00:00
Warner Losh
24dfa658e4 Provide abs form stdlib.h.
Sponsored by: Netflix
2018-01-26 17:13:09 +00:00
Warner Losh
2b0268cf0d Implement abort() as a call to panic.
Sponsored by: Netflix
2018-01-26 17:13:04 +00:00
Warner Losh
86bb84d576 Split panic routine
Split panic routine so that the 'Hit Any Key to continue' behavior can
be overriden.

Sponsored by: Netflix
2018-01-26 17:13:00 +00:00
Hans Petter Selasky
e23ae408c0 Decouple Linux files from the belonging character device right after open
in the LinuxKPI. This is done by calling finit() just before returning a magic
value of ENXIO in the "linux_dev_fdopen" function.

The Linux file structure should mimic the BSD file structure as much as
possible. This patch decouples the Linux file structure from the belonging
character device right after the "linux_dev_fdopen" function has returned.
This fixes an issue which allows a Linux file handle to exist after a
character device has been destroyed and removed from the directory index
of /dev. Only when the reference count of the BSD file handle reaches zero,
the Linux file handle is destroyed. This fixes use-after-free issues related
to accessing the Linux file structure after the character device has been
destroyed.

While at it add a missing NULL check for non-present file operation.
Calling a NULL pointer will result in a segmentation fault.

Reviewed by:	kib @
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2018-01-26 10:49:02 +00:00
Wojciech Macek
919736d252 PPC: Add place for NULL chars in intrnames
In a corner case we could fall into OOB error.

Authored by:           Patryk Duda <pdk@semihalf.com>
Submitted by:          Wojciech Macek <wma@semihalf.com>
Obtained from:         Semihalf
Sponsored by:          IBM, QCM Technologies
2018-01-26 09:38:40 +00:00
Maxim Konovalov
53c2c7918d o A command line flag for the syslog_facility fixed in the SYNOPSIS.
PR:		225441
2018-01-26 08:52:28 +00:00
Maxim Konovalov
c042d0ca4a o EMFILE errno documented.
PR:		219209
Submitted by:	yuri (with minor adjustment)
Reviewed by:	brooks
2018-01-26 08:38:26 +00:00
Li-Wen Hsu
78b42ee37c Fix LINT build.
Approved by:	delphij
2018-01-26 06:21:24 +00:00
Eitan Adler
7548968ac2 devd: readd virtual
- my C++ knowledge is old and rusty. re-add virtual
2018-01-26 05:03:37 +00:00
Eitan Adler
510a8c88f0 devd: minor nits
- mark usage as noreturn
- config does not need a virtual destructor
2018-01-26 04:40:41 +00:00
Eitan Adler
6058f7207a example cdev: use make_dev_s
Make use of make_dev_s in the example cdev. While here, fix warnings.

Reviewed by:	rpokala
2018-01-26 04:24:39 +00:00
Eitan Adler
44e0a832f2 dd(1): Use a local swapbytes() function.
swab(3) has restrict qualifiers for src and dst.
Avoid relying on undefined overlapping swab behavior.

Obtained From: OpenBSD
2018-01-26 03:30:05 +00:00
Kirk McKusick
dffce2150e Refactoring of reading and writing of the UFS/FFS superblock.
Specifically reading is done if ffs_sbget() and writing is done
in ffs_sbput(). These functions are exported to libufs via the
sbget() and sbput() functions which then used in the various
filesystem utilities. This work is in preparation for adding
subperblock check hashes.

No functional change intended.

Reviewed by: kib
2018-01-26 00:58:32 +00:00
Justin Hibbits
a99028fc70 Minimum changes for ctl to build on architectures with non-matching physical and
virtual address sizes

Summary:
Some architectures use physical addresses larger than virtual.  This is the
minimal changeset needed to get CAM/CTL to build on these targets.  No
functional changes.  More changes would likely be needed for this to be fully
functional on said platforms, but they can be made when needed.

Reviewed By:	mav, chuck
Differential Revision:	https://reviews.freebsd.org/D14041
2018-01-26 00:58:02 +00:00
Justin Hibbits
51bd6f9618 Minimal change to build linuxkpi on architectures with physical addresses larger
than virtual

Summary:
Some architectures have physical/bus addresses that are much larger
than virtual addresses.  This change just quiets a warning, as DMAP is not used
on those architectures, and on 64-bit platforms uintptr_t is the same size as
vm_paddr_t and void *.

Reviewed By:	hselasky
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D14043
2018-01-26 00:56:09 +00:00
Navdeep Parhar
ea3c5e5d04 cxgbe(4): Accept old names of a couple of tunables. 2018-01-26 00:45:40 +00:00
Navdeep Parhar
39e7cb038b cxgbe(4): Do not display harmless warning in non-debug builds.
MFC after:	3 days
Sponsored by:	Chelsio Communications
2018-01-26 00:03:14 +00:00
Jung-uk Kim
0c731de94c Add declaration of SSL_get_selected_srtp_profile() for OpenSSL.
Because there was an extra declaration in the vendor version, we locally
removed the second one in r238405 with 1.0.1c.  Later, upstream fixed it in
1.0.2d but they removed the first one.  Therefore, both were removed in our
version unfortunately.  Now we revert to the vendor one to re-add it.

MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D10525
2018-01-25 23:38:05 +00:00
Conrad Meyer
b97b91b547 nfs: Remove NFSSOCKADDRALLOC, NFSSOCKADDRFREE macros
They were just thin wrappers over malloc(9) w/ M_ZERO and free(9).

Discussed with:	rmacklem, markj
Sponsored by:	Dell EMC Isilon
2018-01-25 22:38:39 +00:00
Conrad Meyer
222daa421f style: Remove remaining deprecated MALLOC/FREE macros
Mechanically replace uses of MALLOC/FREE with appropriate invocations of
malloc(9) / free(9) (a series of sed expressions).  Something like:

* MALLOC(a, b, ... -> a = malloc(...
* FREE( -> free(
* free((caddr_t) -> free(

No functional change.

For now, punt on modifying contrib ipfilter code, leaving a definition of
the macro in its KMALLOC().

Reported by:	jhb
Reviewed by:	cy, imp, markj, rmacklem
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D14035
2018-01-25 22:25:13 +00:00
Warner Losh
d85487b732 Add new opt_da.h for stand-alone build.
Sponsored by: Netflix
2018-01-25 21:48:07 +00:00
Warner Losh
d047fd281d Track Ref / DeRef and Hold / Unhold that da is doing to track down
leaks. We assume each source can be taken / dropped only once and
don't recurse. These are only enabled via DA_TRACK_REFS or
INVARIANTS. There appreas to be a reference leak under extreme load,
and these should help us colaberatively work it out. It also documents
better the reference / holding protocol better.

Reviewed by: ken@, scottl@
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D14040
2018-01-25 21:38:30 +00:00
Warner Losh
de64cba2c7 When devices are invalidated, there's some cases where ccbs for that
device still wind up in xpt_done after the path has been
invalidated. Since we don't always need sim or devq, add some guard
rails to only fail if we have to use them.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D14040
2018-01-25 21:38:09 +00:00
Wolfram Schneider
a564880c29 `make installkernel' should display a completed message if done
PR:		225159
Reviewed by:	bdrewery
Approved by: 	cem (mentor)
Differential Revision:	https://reviews.freebsd.org/D13940
2018-01-25 21:36:26 +00:00