Commit Graph

267341 Commits

Author SHA1 Message Date
Dmitry Chagin
3c886cb691 freebsd32: Remove unused umtx.h include.
Differential Revision:	https://reviews.freebsd.org/D31246
MFC after:		2 weeks
2021-07-29 12:40:08 +03:00
Dmitry Chagin
32a18e9abd freebsd32: Eliminate spaces at end of line.
Reviewed by:		kib
Differential Revision:	https://reviews.freebsd.org/D31245
MFC after:		2 weeks
2021-07-29 12:39:30 +03:00
Wojciech Macek
fe8ce390b8 Fix mac_veriexec version mismatch
mac_veriexec sets its version to 1, but the mac_veriexec_shaX modules which depend on it expect MAC_VERIEXEC_VERSION = 2.
Be consistent and use MAC_VERIEXEC_VERSION everywhere.
This unbreaks loading of mac_veriexec modules at boot time.

Authored by: 		Kornel Duleba <mindal@semihalf.com>
Obtained from: 		Semihalf
Sponsored by: 		Stormshield
Differential Revision: 	https://reviews.freebsd.org/D31268
2021-07-29 11:05:13 +02:00
Andrew Turner
2d6d5f88d1 Add missing arm64 ID registers
These may contain values we export to userpsace.

Sponsored by:	The FreeBSD Foundation
2021-07-28 19:01:30 +00:00
Andrew Turner
c3f2fcf5b9 Sort the arm64 ID_AA64* user registers
Sponsored by:	The FreeBSD Foundation
2021-07-28 19:01:30 +00:00
David Malone
fd309107e9 Minor language improvements. Note that they can't be changed
by sysctl (I think they can be changed as a tuneable.)
2021-07-29 09:26:19 +01:00
Luiz Otavio O Souza
5afe81a7b2 virtio: enable VTNET_LEGACY_TX when ALTQ is enabled.
ALTQ only works on network drivers which use if_start (rather than
if_transmit). vtnet uses if_start if built with VTNET_LEGACY_TX. Default
to that the kernel is built with ALTQ enabled, to reduce user surprise.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-07-29 07:54:39 +02:00
Kristof Provost
728958fb1b UPDATING: document if_bridge MTU changes
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-07-29 09:36:52 +02:00
Dmitry Chagin
f337940144 linux(4): Fix gcc buld.
gcc failed as it didn't inlined the builtins and generates calls to
the libgcc, ld can't find libgcc as cross-toolchain libgcc is not installed.
To avoid this add internal vDSO ffs functions without optimized builtins.

Reported by:		jhb
MFC after:		2 weeks
2021-07-29 09:52:33 +03:00
Poul-Henning Kamp
272144ab41 hexdump: Flush stdout after '*' (repeat) lines.
The canonical annoying example being:   hexdump < /dev/zero | less
2021-07-29 06:40:57 +00:00
Conrad Meyer
7f8f79a5c4 libc qsort(3): Eliminate ambiguous sign comparison
The left side of the MIN() expression is the (signed) result of pointer
subtraction (ptrdiff_t).  The right hand side is the also the (signed)
result of pointer subtraction, additionally subtracting the element size
('es'), which is unsigned size_t.  This coerces the right-hand
expression into an unsigned value.  MIN(signed, unsigned) triggers
-Wsign-compare.

Sorting elements of size greater than SSIZE_MAX is nonsensical, so we
can instead treat the element size as ssize_t, leaving the right-hand
result the same signedness as the left.

Reviewed by:		arichardson, kib
Differential Revision:	https://reviews.freebsd.org/D31292
2021-07-28 20:59:20 -07:00
Kyle Evans
e3707726c1 kern: remove deprecated makesyscalls.sh
makesyscalls was rewritten in Lua and introduced in d3276301ab.  In the
time since, no objections have risen and a warning was introduced long
ago on invocation of makesyscalls.sh that it would be removed before
FreeBSD 13. Belatedly follow through on that.
2021-07-28 22:22:23 -05:00
Warner Losh
6b51baf6a8 cli.lua.8: make the command match the code
It's disable-device, not device-disable

Spotted by:		jrtc27
Sponsored by:		Netflix
2021-07-28 20:54:14 -06:00
Alexander Motin
aefe0a8c32 Refactor/optimize cpu_search_*().
Remove cpu_search_both(), unused for many years.  Without it there is
less sense for the trick of compiling common cpu_search() into separate
cpu_search_lowest() and cpu_search_highest(), so split them completely,
making code more readable.  While there, split iteration over children
groups and CPUs, complicating code for very small deduplication.

Stop passing cpuset_t arguments by value and avoid some manipulations.
Since MAXCPU bump from 64 to 256, what was a single register turned
into 32-byte memory array, requiring memory allocation and accesses.
Splitting struct cpu_search into parameter and result parts allows to
even more reduce stack usage, since the first can be passed through
on recursion.

Remove CPU_FFS() from the hot paths, precalculating first and last CPU
for each CPU group in advance during initialization.  Again, it was
not a problem for 64 CPUs before, but for 256 FFS needs much more code.

With these changes on 80-thread system doing ~260K uncached ZFS reads
per second I observe ~30% reduction of time spent in cpu_search_*().

MFC after:	1 month
2021-07-28 22:00:29 -04:00
Bryan Drewery
7cbf1de38e debugnet: Fix false-positive assertions for dp_state
debugnet_handle_arp:
  An assertion is present to ensure the pcb is only modified when the state is
  DN_STATE_INIT. Because debugnet_arp_gw() is asynchronous it is possible for
  ARP replies to come in after the gateway address is known and the state
  already changed.

debugnet_handle_ip:
  Similarly it is possible for packets to come in, from the expected
  server, during the gateway mac discovery phase.  This can happen from
  testing disconnects / reconnects in quick succession.  This later
  causes some acks to be sent back but hit an assertion because the
  state is wrong.

Reviewed by:	cem, debugnet_handle_arp: markj, vangyzen
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D31327
2021-07-28 16:34:14 -07:00
Warner Losh
07c4b78d0a lua loader: Add disable-device to disable a device.
disable-device fooX will set hint.foo.X.disabled=1 as a way to easily
disable a device attaching during boot.

Reviewed by:		tsoome
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D31297
2021-07-28 16:53:00 -06:00
Rick Macklem
efea1bc1fd nfscl: Cache an open stateid for the "oneopenown" mount option
For NFSv4.1/4.2, if the "oneopenown" mount option is used,
there is, at most, only one open stateid for each NFS vnode.
When an open stateid for a file is acquired, set a pointer to
the open structure in the NFS vnode.  This pointer can be used to
acquire the open stateid without searching the open linked list
when the following is true:
- No delegations have been issued for the file.  Since delegations
  can outlive an NFS vnode for a file, use the global
  NFSMNTP_DELEGISSUED flag on the mount to determine this.
- No lock stateid has been issued for the file.  To determine
  this, a new NFS vnode flag called NMIGHTBELOCKED is set when a lock
  stateid is issued, which can then be tested.

When this open structure pointer can be used, it avoids the need to
acquire the NFSCLSTATELOCK() and searching the open structure list for
an open.  The NFSCLSTATELOCK() can be highly contended when there are
a lot of opens issued for the NFSv4.1/4.2 mount.

This patch only affects NFSv4.1/4.2 mounts when the "oneopenown"
mount option is used.

MFC after:	2 weeks
2021-07-28 15:48:27 -07:00
Rick Macklem
54ff3b3986 nfscl: Set correct lockowner for "oneopenown" mount option
For NFSv4.1/4.2, the client may use either an open, lock or
delegation stateid as the stateid argument for an I/O operation.
RFC 5661 defines an order of preference of delegation, then lock
and finally open stateid for the argument, although NFSv4.1/4.2
servers are expected to handle any stateid type.

For the "oneopenown" mount option, the lock owner was not being
correctly generated and, as such, the I/O operation would use an
open stateid, even when a lock stateid existed.  Although this
did not and should not affect an NFSv4.1/4.2 server's behaviour,
this patch makes the behaviour for "oneopenown" the same as when
the mount option is not specified.

Found during inspection of packet captures.  No failure during
testing against NFSv4.1/4.2 servers of the unpatched code occurred.

MFC after:	2 weeks
2021-07-28 15:23:05 -07:00
Ed Maste
4dbac528db pkgbase: improve pkg --version parsing
In some cases `pkg --version` might produce unexpected or additional
output.  Use a regex /^[0-9.]+$/ to match only the line containing the
version number.

Reported by:	Michael Butler on freebsd-current@
Fixes:		4e224e4be7 ("pkgbase: accommodate pkg < 1.17")
Sponsored by:	The FreeBSD Foundation
2021-07-28 17:14:33 -04:00
Alexander Motin
5a49f19141 Do not expose to scheduler caches of single CPU.
Before this change my dual-Xeon(R) Gold 6242R always reported 3 levels
or topology (root, package/L3 and core/L2).  But with SMT disabled
core/L2 matches thread, so additional topology level only causes more
traversal work.  With this change SMT case is reported same as before,
while non-SMT is reported with only 2 much more simple levels.

MFC after:	2 weeks
2021-07-28 16:38:01 -04:00
Dimitry Andric
cc55ee8009 compilert-rt: build out-of-line LSE atomics helpers for aarch64
Both clang >= 12 and gcc >= 10.1 now default to -moutline-atomics for
aarch64. This requires a bunch of helper functions in libcompiler_rt.a,
to avoid link errors like "undefined symbol: __aarch64_ldadd8_acq_rel".

(Note: of course you can use -mno-outline-atomics as a workaround too,
but this would negate the potential performance benefit of the faster
LSE instructions.)

Bump __FreeBSD_version so ports maintainers can easily detect this.

PR:		257392
MFC after:	2 weeks
2021-07-28 22:30:04 +02:00
Kristof Provost
441d15a482 bridge tests: verify that we can't change MTU of bridge member interfaces
Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31305
2021-07-28 22:03:38 +02:00
Kristof Provost
01ad0c0079 net: disallow MTU changes on bridge member interfaces
if_bridge member interfaces should always have the same MTU as the
bridge itself, so disallow MTU changes on interfaces that are part of an
if_bridge.

Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31304
2021-07-28 22:03:30 +02:00
Kristof Provost
6e43950640 bridge tests: test changing the bridge MTU
Changing the bridge MTU will now also change all of the member interface
MTUs. Test this.

Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31289
2021-07-28 22:01:12 +02:00
Kristof Provost
3330649382 if_bridge: allow MTU changes
if_bridge used to only allow MTU changes if the new MTU matched that of
all member interfaces. This doesn't really make much sense, in that we
really shouldn't be allowed to change the MTU of bridge member in the
first place.

Instead we now change the MTU of all member interfaces. If one fails we
revert all interfaces back to the original MTU.

We do not address the issue where bridge member interface MTUs can be
changed here.

Reviewed by:	donner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31288
2021-07-28 22:01:12 +02:00
John Hood
dbdf2b52f5 loader: support.4th resets the read buffer incorrectly
Large nextboot.conf files (over 80 bytes) are not read correctly by the
Forth loader, causing file parsing to abort, and nextboot configuration
fails to apply.

Simple repro:

nextboot -e foo=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
shutdown -r now

That will cause the bug to cause a parse failure but shouldn't otherwise
affect the boot.  Depending on your loader configuration, you may also
have to set beastie_disable and/or reduce the number of modules loaded
to see the error on a small console screen.  12.0 or CURRENT users will
also have to explicitly use the Forth loader instead of the Lua loader.
The error will look something like:

Warning: syntax error on file /boot/loader.conf.local
foo="xxxxxxxxxxxxxxnextboot_enable="YES"
                                    ^
/boot/support.4th has crude file I/O buffering, which uses a buffer
'read_buffer', defined to be 80 bytes by the 'read_buffer_size'
constant.  The loader first tastes nextboot.conf, reading and parsing
the first line in it for nextboot_enable="YES".  If this is true, then
it reopens the file and parses it like other loader .conf files.

Unfortunately, the file I/O buffering code does not fully reset the
buffer state in the reset_line_reading word.  If the last file was read
to the end, that doesn't matter; the file buffer is treated as empty
anyway.  But in the nextboot.conf case, the loader will not read to the
end of file if it is over 80 bytes, and the file buffer may be reused
when reading the next file.  When the file is reread, the corrupt text
may cause file parsing to abort on bad syntax (if the corrupt line has
<>2 quotes in it), the wrong variable to be set, no variable to be set
at all, or (if the splice happens to land at a line ending) something
approximating normal operation.

The bug is very old, dating back to at least 2000 if not before, and is
still present in 12.0 and CURRENT r345863 (though it is now hidden by
the Lua loader by default).

Suggested one-line attached.  This does change the behavior of the
reset_line_reading word, which is exported in the line-reading
dictionary (though the export is not documented in loader man pages).
But repo history shows it was probably exported for the PNP support
code, which was never included in the loader build, and was removed 5
months ago.

One thing that puzzles me: how has this bug gone unnoticed/unfixed for
nearly 2 decades?  I find it hard to believe that nobody's tried to do
something interesting with nextboot, like load a kernel and filesystem,
which is what I'm doing.

Tested by:		Gary Jennejohn
PR:			239315
MFC After:		3 weeks
Reviewed by:		imp (and correctly applied this time)
Differential Revision:	https://reviews.freebsd.org/D31328
2021-07-28 13:50:38 -06:00
Warner Losh
824897a3ae genoffset: simplify and rewrite in sh
genoffset used the fully generic ASSYM macro to generate the offsets
needed for the thread_lite structure. However, since these are offsets
into a structure, they will always be necessarily small and positive. As
such, just create a simple character array of the right size and use a
naming convention such that we can recover the field name, structure
name and type. Use nm -t d and sort -n to sort these into order, then
loop over the resutls to generate the thread_lite structure.

MFC After:		2 weeks
Reviewed by:		kib, markj (earlier versions)
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D31203
2021-07-28 13:50:09 -06:00
Warner Losh
46dd3ef033 genassym.sh: Fix two minor issues found by shellcheck
o Remove redunant $ in $(( )) expression.
o Quote arg passed to work so paths with spaces, etc will work.

MFC After:		2 weeks
Reviewed by:		kib
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D31335
2021-07-28 13:49:16 -06:00
Ed Maste
29e9b487c1 vnic: add TODO list item for multicast filter support
PR:		223573
2021-07-28 14:09:32 -04:00
Leandro Lupori
7844e5a4fc powerpc: change mfpvr return type to uint32_t
As the Processor Version Register (PVR) is a 32-bit PowerPC
register, change mfpvr() return type to match it and avoid
type casts on its callers.

Suggested by:		jhibbits
Reviewed by:		jhibbits, imp
Sponsored by:		Instituto de Pesquisas Eldorado (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D31332
2021-07-28 14:08:19 -03:00
Roy Marples
7045b1603b socket: Implement SO_RERROR
SO_RERROR indicates that receive buffer overflows should be handled as
errors. Historically receive buffer overflows have been ignored and
programs could not tell if they missed messages or messages had been
truncated because of overflows. Since programs historically do not
expect to get receive overflow errors, this behavior is not the
default.

This is really really important for programs that use route(4) to keep
in sync with the system. If we loose a message then we need to reload
the full system state, otherwise the behaviour from that point is
undefined and can lead to chasing bogus bug reports.

Reviewed by:	philip (network), kbowling (transport), gbe (manpages)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D26652
2021-07-28 09:35:09 -07:00
Eirik Øverby
33ff39796f Add zfskeys rc.d script for auto-loading encryption keys
ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.

This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.

Also supports (optionally by force) unmounting filesystems and unloading
associated keys.

Sponsored by:	Modirum
Differential Revision:	https://reviews.freebsd.org/D30015
2021-07-28 16:26:45 +00:00
Bjoern A. Zeeb
fed248a6ac LinuxKPI: add read_poll_timeout()
Add an implementation of read_poll_timeout() and the atomic variant
which I did at some point last year for rtw88 and now updated based
on feedback.

MFC after:	10 days
Reviewed by:	hsealsky
Differential Revision: https://reviews.freebsd.org/D30980
2021-07-28 16:21:12 +00:00
Julien Grall
ac959cf544 xen: introduce xen_has_percpu_evtchn()
xen_vector_callback_enabled is x86 specific and availability of
per-cpu event channel delivery differs on other architectures.

Introduce a new helper to check if there's support for per-cpu event
channel injection.

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29402
2021-07-28 17:27:05 +02:00
Julien Grall
46c46edd18 xen/control: print warning on call of xctrl_suspend()
Presently suspend/resume and migration aren't supported on Xen/ARM.  As
such this shouldn't ever occur.

This likely applies to future Xen architectures (RISC-V) and
xctrl_suspend() needs dependency on intr_machdep.h fixed.

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29599
2021-07-28 17:27:05 +02:00
Elliott Mitchell
7de88bb4a2 xen/grant_table: cleanup max_nr_grant_frames()
This is no more or less than returning the smaller of two values.  Since
this is what min() does, use that to shrink max_nr_grant_frames() down
to the single line.

Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29840
2021-07-28 17:27:04 +02:00
Julien Grall
0b4f30c236 xen/control: introduce xen_pv_shutdown_handler()
While x86 only register PV shutdown handler for PV guests. ARM guests
are always using HVM and requires the PV shutdown handler.

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29406
2021-07-28 17:27:04 +02:00
Julien Grall
69c6eee756 xen: introduce xen_pv_disks_disabled()
ARM guest is considered as HVM in Freebsd but they only support PV disk
(no emulation available).

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29403
2021-07-28 17:27:04 +02:00
Julien Grall
5f70008327 xen/netfront: introduce xen_pv_nics_disabled()
ARM guest is considered as HVM but it only supports PV nics (no
emulation available).

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29405
2021-07-28 17:27:04 +02:00
Elliott Mitchell
c89f1f12b0 xen/xen-os: move inclusion of machine/xen-os.h later
Several of x86 enable/disable functions depend upon the xen*domain()
functions.  As such the xen*domain() functions need to be declared
before machine/xen-os.h.

Officially declare direct inclusion of machine/xen/xen-os.h verboten as
such will break these functions/macros.  Remove one such soon to be
broken inclusion.

Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29811
2021-07-28 17:27:04 +02:00
Elliott Mitchell
e627e25d76 xen/xenpv: remove low memory limit for non-x86
For embedded devices reserved addresses will be known in advance.  More
recently added devices will also likely be correctly updated.  As a
result using any available address is reasonable on non-x86.

Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29304
2021-07-28 17:27:03 +02:00
Elliott Mitchell
9976c5a540 xen/intr: use __func__ instead of function names
Functions tend to get renamed and unless the developer is careful
often debugging messages are missed. As such using func is far
superior.  Replace several instances of hard-coded function names.

Reviewed by: royger
Differential revision: https://reviews.freebsd.org/D29499
2021-07-28 17:27:03 +02:00
Julien Grall
ae59812748 xen/timer: make xen timer optional
The timer is not used on ARM.

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29041
2021-07-28 17:27:03 +02:00
Elliott Mitchell
5ca00e0c98 xen/intr: use struct xenisrc * as xen_intr_handle_t
Since xen_intr_handle_t is meant to be an opaque handle and the only
use is retrieving the associated struct xenisrc *, directly use it as
the opaque handler.

Also add a wrapper function for converting the other direction.  If some
other value becomes appropriate in the future, these two functions will
be the only spots needing modification.

Reviewed by: mhorne, royger
Differential Revision: https://reviews.freebsd.org/D29500
2021-07-28 17:27:03 +02:00
Elliott Mitchell
d3705b5a7f xen/control: gate x86 specific code in the preprocessor
Commit 1522652230 was implemented strictly for x86.  Unfortunately
one of the pieces was mixed into a common area breaking other
architectures. For now disable these bits on !x86, this should be
cleaned up later.

Fixes: 1522652230 ('xen: fix dropping bitmap IPIs during resume')
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29306
2021-07-28 17:27:02 +02:00
Julien Grall
d561380eb3 xen/xen-os: don't let anyone else defining __XEN_INTERFACE_VERSION__
FreeBSD should always use the same version across the source. If not
it's a call for problem.

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29407
2021-07-28 17:27:02 +02:00
Elliott Mitchell
b6ff9345a4 xen: create VM_MEMATTR_XEN for Xen memory mappings
The requirements for pages shared with Xen/other VMs may vary from
architecture to architecture.  As such create a macro which various
architectures can use.

Remove a use of PAT_WRITE_BACK in xenstore.c.  This is a x86-ism which
shouldn't have been present in a common area.

Original idea: Julien Grall <julien@xen.org>, 2014-01-14 06:44:08
Approach suggested by: royger
Reviewed by: royger, mhorne
Differential Revision: https://reviews.freebsd.org/D29351
2021-07-28 17:27:02 +02:00
Julien Grall
a48f7ba444 xen: move x86/xen/xenpv.c to dev/xen/bus/xenpv.c
Minor changes are necessary to make this processor-independent, but
moving the file out of x86 and into common is the first step (so
others don't add /more/ x86-isms).

Submitted by: Elliott Mitchell <ehem+freebsd@m5p.com>
Reviewed by: royger
Differential Revision: https://reviews.freebsd.org/D29042
2021-07-28 17:27:02 +02:00
Andrew Turner
10f6680faa Add macros for arm64 special reg op and CR values
Use these to simplify the definition of the user_regs array.

Reviewed by:	imp, markj
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31333
2021-07-28 01:34:21 +00:00
Mark Johnston
64432ad2a2 pf: Validate user string nul-termination before copying
Some pf ioctl handlers use strlcpy() to copy strings when converting
from user structures to their in-kernel representations.  strlcpy()
ensures that the destination will be nul-terminated, but it assumes that
the source is nul-terminated.  In particular, it returns the full length
of the source string, so if the source is not nul-terminated, strlcpy()
will keep scanning until it finds a nul byte, and it may encounter an
unmapped page first.  Add a helper to validate user strings before
copying.

There are also places where we look up a ruleset using a user-provided
anchor string.  In some ioctl handlers we were already nul-terminating
the string, avoiding the same problem, but in other places we were not.
Fix those by nul-terminating as well.  Aside from being consistent,
anchors have a maximum length of MAXPATHLEN - 1 so calling strnlen()
might not be so desirable.

Reported by:	syzbot+35a1549b4663e9483dd1@syzkaller.appspotmail.com
Reviewed by:	kp
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31169
2021-07-28 10:41:01 -04:00