Allocation or I/O failures in fsck_ffs(8) could cause segment
faults because of missing checks or not-yet-initialized data
structures. Correct these issues.
Reported by: Peter Holm
Sponsored by: The FreeBSD Foundation
The commit message documented it as /etc/src.conf but the comment in the
source mentioned the non-existent /etc/loader.conf.
Fixes: f8a199f28f9d ("stand: Raise limit to 550,000 bytes for loader")
into ffs_sbsearch() to allow use by other parts of the system.
Historically only fsck_ffs(8), the UFS filesystem checker, had code
to track down and use alternate UFS superblocks. Since fsdb(8) used
much of the fsck_ffs(8) implementation it had some ability to track
down alternate superblocks.
This change extracts the code to track down alternate superblocks
from fsck_ffs(8) and puts it into a new function ffs_sbsearch() in
sys/ufs/ffs/ffs_subr.c. Like ffs_sbget() and ffs_sbput() also found
in ffs_subr.c, these functions can be used directly by the kernel
subsystems. Additionally they are exported to the UFS library,
libufs(8) so that they can be used by user-level programs. The new
functions added to libufs(8) are sbfind(3) that is an alternative
to sbread(3) and sbsearch(3) that is an alternative to sbget(3).
See their manual pages for further details.
The utilities that have been changed to search for superblocks are
dumpfs(8), fsdb(8), ffsinfo(8), and fsck_ffs(8). Also, the prtblknos(8)
tool found in tools/diag/prtblknos searches for superblocks.
The UFS specific mount code uses the superblock search interface
when mounting the root filesystem and when the administrator doing
a mount(8) command specifies the force flag (-f). The standalone UFS
boot code (found in stand/libsa/ufs.c) uses the superblock search
code in the hope of being able to get the system up and running so
that fsck_ffs(8) can be used to get the filesystem cleaned up.
The following utilities have not been changed to search for
superblocks: clri(8), tunefs(8), snapinfo(8), fstyp(8), quot(8),
dump(8), fsirand(8), growfs(8), quotacheck(8), gjournal(8), and
glabel(8). When these utilities fail, they do report the cause of
the failure. The one exception is the tasting code used to try and
figure what a given disk contains. The tasting code will remain
silent so as not to put out a slew of messages as it trying to taste
every new mass storage device that shows up.
Reviewed by: kib
Reviewed by: Warner Losh
Tested by: Peter Holm
Differential Revision: https://reviews.freebsd.org/D36053
Sponsored by: The FreeBSD Foundation
Summary:
NVMe operations indicate the memory region(s) associated with a command
via physical region pages (PRPs). Since each PRP has a fixed size,
contiguous memory regions larger than the PRP size require multiple PRP
entries.
Instead of issuing a blockif call for each PRP, the NVMe emulation
concatenates multiple contiguous PRP entries into a single blockif
request. The test for contiguous regions has a bug such that it
mistakenly treats an initial PRP address of zero as a contiguous range
and concatenates it with the previous. But because there is no previous
IOV, the concatenation code corrupts the IO request structure and leads
to a segmentation fault when the blockif request completes.
Fix is to test for the existence of a previous range before trying to
concatenate the current range with the previous one.
While in the area, rename pci_nvme_append_iov_req()'s lba parameter to
offset to match its usage.
PR: 264177
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35328
TARGET_ARCH is always wrong when not used at the toplevel Makefile*, or
in something that has to be included from there. Switch to using
MACHINE_ARCH exclusively here since there's no benefit from assigning
TARGET_ARCH the value of MACHINE_ARCH and then using TARGET_ARCH (and
make TARGET_ARCH=xxx won't work).
Sponsored by: Netflix
We don't need the compress rotuines, nor zstd_opt.c. Remove them.
Expand the number of places we omit code for IN_LIBSA (which are FreeBSD
specific). Due to the agressive optimization, though, this doesn't
reduce the size of the loader. It does reduce the number of 'false
positives' for places to omit to reduce the size as well as reducing the
build time slightly.
Sponsored by: Netflix
Reviewed by: tsoome, delphij
Differential Revision: https://reviews.freebsd.org/D36145
The BIOS loader operates in a very constrained environment. The messages
for the super block integrity tests take up about 12k of space. Compile
them out for the BIOS loader, while leaving it intact for all other
loaders that aren't space constrained. These aren't used in the 'super
tiny' *boot* programs, so no adjustment is needed there.
We reply on the fact that (a) i386 doesn't support 32-bit UEFI booting
and (b) LIBSA_CPUARCH is "i386" when building on both i386 and when
we're building the 32-bit libsa32 library.
This saves about 12k of space for this constrained envrionment and will
take a bit of the pressure off some machines where the loader has grown
too big for their BIOS (see comments in i386/loader/Makefile for
details).
Sponsored by: Netflix
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D36175
Raise the limit for /boot/loader to be 550k. The IBM PC imposes a limit
of 640k of RAM below 1MB, which is needed for real mode calls. BTX takes
40k of that. The BIOS takes some amount (25k seems a good "99% take less
than or equal to this" estimate for that, though some systems consume
more). Most typical setups need 25k of stack. This leaves 550k for
code. We set the limit to 550,000 which gives about an extra 13,000
bytes of buffer for machines that whose setups use a little more stack
or whose BIOS reserves a bit more...
Add this derivation in the Makefile. Also recommend setting LOADERSIZE
lower in /etc/src.conf when the loader has to run on a system whose BIOS
takes up more space, or for a complex setup. Add a recipe for how to
find how much RAM your BIOS uses as well (thanks to jhb@ for the
trick). Network cards that boot via PXE and HBAs with their BIOS enabled
are known to be large consumers of lomem space.
Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D36152
The functions pbuf_init, kva_alloc, and keg_alloc_slab are significant
contributors to the kernel boot time when FreeBSD boots inside the
Firecracker VMM. Instrument them so they show up on flamecharts.
For some reason protosw.h is used during world complation and userland
is not aware of caddr_t, a relic from the first version of C. Broken
buildworld is good reason to get rid of yet another caddr_t in kernel.
Fixes: 886fc1e80490fb03e72e306774766cbb2c733ac6
The validator always returned true due to an incorrect check.
Reviewed by: mhorne, imp
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D36125
This is consistent with what other uid-morphing utilities
do, i.e. jexec(1), su(1) etc.
MFC after: 2 weeks
Reviewed by: gbe
Differential Revision: https://reviews.freebsd.org/D36148
This is expensive and useless call. It has been useless since Alexander
melifaro@ moved the forwarding table to nexthops with passive invalidation.
What happens now is that cached route in a inpcb would get invalidated
on next ip_output().
These were the last users of pfctlinput(), so garbage collect it.
Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36156
* factor out underlying llentry check into a separate function and use it consistently
* enter epoch once instead of per-router enter/exit
* don't execute body with fibnum = `RT_ALL_FIBS`
Differential Revision: https://reviews.freebsd.org/D35523
MFC after: 2 weeks
Finish 02e05b8faec1:
* add gateway matcher function that can be used in rib_del_route_px()
or any rib_walk-family functions. It will be used in the upcoming
migration to the new KPI
* rename gw_fulter_func to match_gw_one() to better signal the
function purpose / semantic.
MFC after: 1 month
Turns out there's two hidden a.out dependencies. pxeldr.S assumes it has
access to the a.out header from /boot/loader and cdboot.S assumes that
/boot/loader is also a.out and doesn't use boot2.
So, go back to making a.out files for these and adjust the size checks
to use ls, but we only need to check loader.bin. Trim the size we check
against by 2,000. The difference in size between loader and loader.bin
is about 3000 bytes, but clang15 produces binaries that are a smidge
bigger so we need to relax the check just a little and accept some
additional risk for the moment.
Add some comments to loader's Makefile about this.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D36142
The default ones are install them to /usr/libdata/pkgconfig, and we can't
use this path for compat libraries, so we use /usr/lib<suffix>/pkgconfigi here.
Test Plan: grep -rn libdir= ./usr/lib32/pkgconfig/*.pc
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34939
It does not work with ULE, which is the default scheduler for over a
decade.
Reviewed by: emaste, kib
Differential Revision: https://reviews.freebsd.org/D36094
Previously, it would only ignore failures due to csmapper conversion
failure. It may be the case that the input string contains invalid
sequences that also need to be ignored.
A good example of //IGNORE application is sanitizing user- or remotely-
specified strings that are expected to be UTF-8; perhaps as part of a
pipeline that will feed the result into a system less tested against or
tolerant of illegal UTF-8 sequences.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34345
A future commit will actually implement //IGNORE so that applications
using base iconv can, e.g., sanitize UTF-8 strings. To do this, the
iconv_std module needs to be able to determine the minimum width for any
given encoding so that it can skip that many bytes in the input buffer.
This is mainly an issue for UTF-16 and UTF-32.
This commit bumps shlib versions to 5 for libiconv modules to reflect
the ABI change. It also fixes OptionalObsoleteFiles to remove the
libiconv modules if WITHOUT_ICONV is in use.
re: _ENCODING_MB_CUR_MIN, note that this file (citrus_stdenc_template.h)
is included at the bottom of an encoding *implementation*, so the
implementation is free to #define it prior. UTF1632 is a good example,
as it redefines the minimum to be a property on the encodinginfo, and
the minimum is set to 2 or 4 bytes for UTF-16 and UTF-32 respectively.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34344
Make it vaguely aware of options in the sense that it now knows that it
can zap any trailing //. It now copies the entire string in realsrc and
realdst, then terminates them at the options.
__bsd___iconv_open can now stop trying to allocate memory just for this
purpose, and the new version is technically more correct. GNU libiconv
will ignore options on the `in` codeset and still do the right thing.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34343
If the -c flag is used, then we can set it with ICONV_SET_DISCARD_ILSEQ;
otherwise, leave it alone. The user may have specified //IGNORE in the
'to' codeset specification, there's no reason we can't allow that but
we'll currently turn it off.
Reviewed by: thj
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34342
Record error condition when iconv_open() fails rather than leaving a
bogus iconv_t that iconv_close() can later choke on; this is one failure
mode.
If we opened MAX_LIMIT files with success, we need to rewind one so that
we don't iconv_close() one past the end of cd; this is the second
failure mode.
Sponsored by: Klara, Inc.
It's sometimes desirable to override the size limit: It's a soft limit
and there are times we exceed the limit by just a little bit and don't
want the build to fail (or we are hitting runtime failures below the
510,000 byte limit).
Sponsored by: Netflix
devformat produces the same output as i386_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Reviewed by: tsoome
Differential Revision: https://reviews.freebsd.org/D35927
devformat produces the same output as uboot_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35926
devformat produces the same output as userboot_fmtdev, so just use it to
reduce on the dependencies. In addition, we don't need to use the
incomplete struct userboot_devdesc type, we can use struct devdesc
instead (in fact, there's no userboot_devdesc defined anywhere).
Sponsored by: Netflix
Reviewed by: jhb (prior version)
Differential Revision: https://reviews.freebsd.org/D35925
devformat produces the same output as efi_fmtdev, so just use it to
reduce on the dependencies.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35924
Add a generic way to get the string representation of a zfs device / mount.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35923
Use devformat instead of disk_devfmt. This allows us to avoid knowing
the details of the device that's underneath us. Remove disk.h include
and the -I${LDRSRC} from the build of ufs.c since they are no longer
needed.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35922
Fix layering violation and use devformat to get the string
representation of the device to see if we're mounted yet or not. Remove
added include to pickup disk.h.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35919
All of the archsw fmtdev functions treat DEVT_DISK as a call to
disk_fmtdev. Set all disks' dv_fmtdev to disk_fmtdev so devformat
will return the same thing.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35917
Use dv_fmtdev to return a formatted string for a device. If this is a
null pointer, return the device name and unit followed by a colon (eg
disk3:).
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35916
Add a new pointer, dv_devfmt, to allow devices to format themselves. We
will use this to simplify many of the fmtdev functions in the tree as
they are all almost the same, or all are isomorphic to each other.
Sponsored by: Netflix
Reviewed by: tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35915
We do a number of games with ploymorphism for different types struct
*devdesc. Adjust one place that this affects to take the address of the
base class (most others have void * at the moment). This is more type
safe than a bare void *.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35914
Rather than have the magic, hand-crafted fields that have to align with
fields in other structures at the end of i386_devdesc, make it into
anonymous union and adjust the code accordingly. This is safer and
similar to what CAM does.
Sponsored by: Netflix
Reviewed by: kevans, tsoome (prior version)
Differential Revision: https://reviews.freebsd.org/D35965
While here remove some code that was compat legacy back in 2005, added
in a1f7e5f8ee7fe.
Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36128
While here, address the unlocked 'dst' read. Solve that by storing
a pointer either to the inpcb or to the sockaddr. If we end up
copying address out of the inpcb, that would be done under the read
lock section.
Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36127
