Commit Graph

208505 Commits

Author SHA1 Message Date
Mark Johnston
785eb42adf Clear the cookie pointer on error in tmpfs_readdir().
It is otherwise left dangling, and callers that request cookies always free
the cookie buffer, even when VOP_READDIR(9) returns an error. This results
in a double free if tmpfs_readdir() returns an error to the NFS server or
the Linux getdents(2) emulation code.

Reported by:	pho
MFC after:	1 week
Security:	double free of malloc(9)-backed memory
Sponsored by:	EMC / Isilon Storage Division
2016-02-12 20:43:53 +00:00
Navdeep Parhar
748d440809 Remove duplicate definition (CPL_TRACE_PKT_T5). 2016-02-12 20:14:03 +00:00
Mark Felder
02686fb806 Document the new jail_reverse_stop parameter
While here clean up the documentation for jail_list

PR:		196152
Approved by:	jamie, wblock
MFC after:	1 week, with r295471
Differential Revision:	https://reviews.freebsd.org/D5243
2016-02-12 17:55:06 +00:00
Andrew Turner
ee211e0268 Stop adding an extra null terminator to strings, OF_getprop already returns
a null terminated string.
2016-02-12 17:04:03 +00:00
Benjamin Kaduk
3c56cded4e Update .Dd for r295565 2016-02-12 17:03:24 +00:00
Ian Lepore
0c0a157c15 Clarify the difference between 7- and 8-bit i2c addresses, used in FDT
versus hints-based configuration, respectively.

Reported by: Jukka Ukkonen <jau789@gmail.com>
2016-02-12 16:59:42 +00:00
Ruslan Bukin
f3d389ee9e Use __uint64_t type for floating point registers
as compiler don't know about __uint128_t yet.

Discussed with:	theraven, kib
2016-02-12 14:29:14 +00:00
Andrew Turner
770fd1c976 Only update curthread and curpcb after we have finished using the old
values.

If switching from a thread that used floating-point registers to a thread
that is still running, but holding the blocked_lock lock we would switch
the curthread to the new (running) thread, then call critical_enter. This
will non-atomically increment td_critnest, and later call critical_exit to
non-atomically decrement this value.

This can happen at the same time as the new thread is still running on the
old core, also calling these functions. In this case there will be a race
between these non-atomic operations. This can be an issue as we could loose
one of these operations leading to the value to not return to zero.

If, later on, we then hit a data abort we check if the td_critnest is zero.
If this check fails we will panic the kernel.

This has been observed when running pcmstat on a Cavium ThunderX. The pcm
thread will use the blocked_lock lock and there is a high chance userspace
will use the floating-point registers. When, later on, pmcstat triggers a
data abort we will hit this panic.

The fix is to update these values after storing the floating-point state.
This means we use the correct curthread while storing the state so it will
not be an issue that the changes to td_critnest are non-atomic.

Sponsored by:	ABT Systems Ltd
2016-02-12 12:38:04 +00:00
Alexander Motin
c85285a96b Don't check CmdSN for initial login request.
This fixes connection errors for some initiators not starting CmdSN
from zero.

While there, fix wrong status details reported for couple errors.

MFC after:	3 days
2016-02-12 10:58:13 +00:00
Konstantin Belousov
90edf67ecf POSIX states that #include <signal.h> shall make both mcontext_t and
ucontext_t available.  Our code even has XXX comment about this.

Add a bit of compliance by moving struct __ucontext definition into
sys/_ucontext.h and including it into signal.h and sys/ucontext.h.

Several machine/ucontext.h headers were changed to use namespace-safe
types (like uint64_t->__uint64_t) to not depend on sys/types.h.
struct __stack_t from sys/signal.h is made always visible in private
namespace to satisfy sys/_ucontext.h requirements.

Apparently mips _types.h pollutes global namespace with f_register_t
type definition.  This commit does not try to fix the issue.

PR:	207079
Reported and tested by:	Ting-Wei Lan <lantw44@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2016-02-12 07:38:19 +00:00
Konstantin Belousov
411c83ccd6 If full width writes to the performance monitoring counters are
supported, use full-width aliases MSRs for writes.  This fixes the
"[pmc,X] negative increment" assertion on the context switch when
clipped counter value is sign-extended.

Add definitions for the MSR IA32_PERF_CAPABILITIES needed to detect
the feature.

PR:	207068
Submitted by:	joss.upton@yahoo.com
MFC after:	2 weeks
2016-02-12 07:27:24 +00:00
Konstantin Belousov
70c1d5a32a Adjust the size of PMC_DEFAULT_DEBUG_FLAGS to match the size of the
structure.

PR:	207068
Submitted by:	joss.upton@yahoo.com
MFC after:	2 weeks
2016-02-12 07:20:27 +00:00
Konstantin Belousov
0c8cc7b076 Remove tautological cast.
PR:	207068
Submitted by:	joss.upton@yahoo.com
MFC after:	2 weeks
2016-02-12 07:19:59 +00:00
Michal Meloun
3c7b90774d UART: Fix spurious interrupts generated by ns8250 and lpc drivers:
- don't enable transmitter empty interrupt before filling TX FIFO.
 - add missing uart_barrier() call in interrupt service routine
2016-02-12 05:14:58 +00:00
Devin Teske
4b9a5d61f2 Comments and fix small bug
Reduce differences between jib/jng and fix a bug that would prevent
additional interfaces from being created if the first of many already
existed (counter wasn't incremented before calling only continue).
2016-02-12 02:53:44 +00:00
Devin Teske
4fa10b673c Interpret vnet_interface/vnet.interface as array 2016-02-12 02:50:36 +00:00
Devin Teske
1ccea30f71 Add syntax to disable MAC allocation
Adding `!' before an interface name will disable MAC allocation, falling
back to driver mechanics. Alternatively adding `=' before an interface name
causes the MAC address to be cloned (for ng_bridge(4) back-end only). While
here, disable the auto-detection of wlan* since this knocks the host off;
requiring the host that defines the jail to explicitly enable this feature
by preceding the interface with `='.
2016-02-12 01:41:40 +00:00
Devin Teske
78954c3be3 Refactor conversion to hex 2016-02-12 01:12:44 +00:00
Michael Tuexen
e51963a7bb Loopback addresses are 127.0.0.0/8, not 127.0.0.1/32.
MFC after: 1 week
2016-02-11 22:29:39 +00:00
Devin Teske
b35d45aadf Add support for bridging iwn(4) based wlan(4)
Documented in iwn(4), "Only one virtual interface may be configured at any
time." However, netgraph with a cloned MAC address is able to communicate
over an ng_eiface attached to an ng_bridge linked to the wlan(4) interface.
While here, introduce syntax to specify the MAC address is to be cloned if
the named interface begins with equals [=].
2016-02-11 22:10:54 +00:00
Gleb Smirnoff
5e4bc63b7c o Gather all mbuf(9) allocation functions into kern_mbuf.c, and all
mbuf(9) manipulation functions into uipc_mbuf.c.  This looks like
  the initial intent, but had diffused in the last decade.

o Gather all declarations in mbuf.h in one place and sort them.

o Uninline m_clget() and m_cljget().

There are no functional changes in this patch.

The patch comes from a larger version, where all mbuf(9) allocation was
uninlined, which allowed to make mbuf(9) UMA zones private to kern_mbuf.c.
The performance impact of the total uninlining is still unclear, so we
are holding on now with larger version.

Together with:	melifaro, olivier
2016-02-11 21:32:23 +00:00
Devin Teske
7e4b7c797a Centralize MAC derivation formula 2016-02-11 21:28:34 +00:00
Devin Teske
e0c45153ac Add example VIMAGE config required by vnet jails 2016-02-11 18:37:02 +00:00
Michael Tuexen
b028cf319e Use 4 spaces instead of a tab. 2016-02-11 18:35:46 +00:00
Andrew Turner
77fc1120a7 Enable ARM_INTRNG on all kernel configs where we use the Generic Interrupt
Controller.

Sponsored by:	ABT Systems Ltd
2016-02-11 18:01:10 +00:00
Dag-Erling Smørgrav
a982c4c7f5 Fix double-free error: r289419 moved all error handling in http_connect()
to the end of the function, but did not remove a fetch_close() call which
was made redundant by the one in the shared error-handling code.

PR:		206774
Submitted by:	Christian Heckendorf <heckendorfc@gmail.com>
MFC after:	3 days
2016-02-11 17:48:15 +00:00
Dag-Erling Smørgrav
0de4f1bf64 Use the new insecure-lan-zones option instead of listing each AS112 zone
separately.

MFC after:	3 days
2016-02-11 17:37:02 +00:00
Dag-Erling Smørgrav
8232a681f5 Remove unbound-contrl-setup since we use a local control socket which
does not require keys.

MFC after:	3 days
Relnotes:	yes
2016-02-11 17:33:55 +00:00
Jim Harris
7b036d7790 nvme: avoid duplicate SET_NUM_QUEUES commands
nvme(4) issues a SET_NUM_QUEUES command during device
initialization to ensure enough I/O queues exists for each
of the MSI-X vectors we have allocated.  The SET_NUM_QUEUES
command is then issued again during nvme_ctrlr_start(), to
ensure that is properly set after any controller reset.

At least one NVMe drive exists which fails this second
SET_NUM_QUEUES command during device initialization.  So
change nvme_ctrlr_start() to only issue its SET_NUM_QUEUES
command when it is coming out of a reset - avoiding the
duplicate SET_NUM_QUEUES during device initialization.

Reported by:	gallatin
MFC after:	3 days
Sponsored by:	Intel
2016-02-11 17:32:41 +00:00
Dag-Erling Smørgrav
e24c5f9706 Apply upstream r3619, r3620, r3621: add insecure-lan-zone option 2016-02-11 17:25:12 +00:00
Devin Teske
41c0ec9a16 Merge SVN r295220 (bz) from projects/vnet/
Fix a panic that occurs when a vnet interface is unavailable at the time the
vnet jail referencing said interface is stopped.

Sponsored by:	FIS Global, Inc.
2016-02-11 17:07:19 +00:00
Andrew Turner
34096f3c06 Include the correct header to get a phandle_t needed by ofw_bus_if.h. While
here only include opt_platform.h once.

Sponsored by:	ABT Systems Ltd
2016-02-11 16:43:23 +00:00
Pedro F. Giffuni
a633908d21 Ext4: Use boolean type instead of '0' and '1'
There are precedents of uses of bool in the kernel and
it is incorrect style to use integers as replacement for
a boolean type.
2016-02-11 15:27:14 +00:00
Ed Maste
b2390166cd Explain that boot1.efi prefers ZFS over UFS
Reported by:	smh
2016-02-11 14:45:18 +00:00
Ruslan Bukin
cfddfe4cd5 o Move non-generic kernel configuration out from GENERIC.
o Add kernel configuration for QEMU.

Both SPIKE and QEMU kernel configs are temporary (until
we will be able to obtain DTB from loader).

Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
2016-02-11 13:28:52 +00:00
Justin Hibbits
64a982ea56 Migrate the PTE format for book-e to standardize on the 'indirect PTE' format
Summary:
The revised Book-E spec, adding the specification for the MMUv2 and e6500,
includes a hardware PTE layout for indirect page tables.  In order to support
this in the future, migrate the PTE format to match the MMUv2 hardware PTE
format.

Test Plan: Boot tested on a P5020 board.  Booted to multiuser mode.

Differential Revision: https://reviews.freebsd.org/D5224
2016-02-11 13:15:37 +00:00
Zbigniew Bodek
6cd36342c0 Support interrupts binding in GICv3 and ITS
- Add MOVI command and routine for the LPI migration
- Allow to search for the ITS device descriptor using
  not only devID but also LPI number.
- Bind SPIs in the Distributor
- Don't bind its_dev to collection. Keep track of the collection
  IDs for each LPI.

Reviewed by:   wma
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5231
2016-02-11 12:04:58 +00:00
Zbigniew Bodek
907a0579aa Implement finer locking in ITS
- Change locks' names to be more suitable
- Don't use blocking mutex. Lock only basic operations such
  as lists or bitmaps modifications.

Reviewed by:   wma
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5230
2016-02-11 12:03:11 +00:00
Zbigniew Bodek
47a1ff355e Initially bind all interrupts to the boot CPU when using GICv3
This should be done by routing all interrupts to CPU0,
different assignment will be induced by either interrupts
shuffling or bus_bind_intr().

Reviewed by:   wma
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5229
2016-02-11 12:01:33 +00:00
Zbigniew Bodek
55bdcadded Call pmc_hook() correctly in the ARM64 interrupt handler
pmc_hook() was called only in case of the stray interrupt but should
rather be called on each interrupt. Move in to the arm_cpu_intr()
handler, out of the critical section too.

Reviewed by:   br
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5161
2016-02-11 11:59:32 +00:00
Zbigniew Bodek
be7aab76ec Introduce bus_bind_intr method for ARM64
It can be used to bind specific interrupt to a particular CPU.
Requires PIC support for interrupts binding.

Reviewed by:   wma
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5122
2016-02-11 11:58:27 +00:00
Zbigniew Bodek
513411c9f5 Fix bugs in interrupts allocation on ARM64
Separate interrupt descriptors lookup from allocation. It was possible
to perform config on non-existing interrupt simply by allocating spurious
descriptor.
Must lock the interrupt descriptors table lookup to avoid mismatches.
This ought to prevent trouble while setting up new interrupt
and dispatching existing one.
Use spin mutex rather than sleep mutex. This is mainly due to lock in
arm_dispatch_intr.
This should be eventually changed to a lock-less solution without
walking through a linked list on each interrupt.

Reviewed by:   andrew, wma
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5121
2016-02-11 11:57:13 +00:00
Roger Pau Monné
8f28a42ee7 xen-netfront: remove useless NULL check in netif_free
xn_ifp is allocated in create_netdev with if_alloc(IFT_ETHER).
According to the current arrangement it can't be NULL.

Coverity ID:		1349805
Submitted by:		Wei Liu <wei.liu2@citrix.com>
Reviewed by:		royger
Sponsored by:		Citrix Systems R&D
Differential revision:	https://reviews.freebsd.org/D5252
2016-02-11 11:57:12 +00:00
Zbigniew Bodek
8133eda921 Minor clean-ups for ARM64 GICv3 and GIC drivers
GICv3:
- move ICC_SGI1R_EL1 definitions to armreg.h and use proper system
  register's names
GIC:
- remove unused functions

Reviewed by:   andrew
Obtained from: Semihalf
Sponsored by:  Cavium
Differential Revision: https://reviews.freebsd.org/D5119
2016-02-11 11:55:37 +00:00
Roger Pau Monné
d4dae2b1fb xen-netfront: rearrange error paths in setup_txqs
Coverity spotted double free errors in error path. Fix that by
removing the extraneous calls.

Coverity ID:		1349798
Submitted by:		Wei Liu <wei.liu2@citrix.com>
Reviewed by:		royger
Sponsored by:		Citrix Systems R&D
Differential revision:	https://reviews.freebsd.org/D5251
2016-02-11 11:53:32 +00:00
Roger Pau Monné
7803499440 xen-netfront: remove pointless assignment in xn_ioctl
The variable error is assigned to 0 before entering the switch.
Assigning error to 0 before break pointless rewrites the real error
value that should be returned.

Coverity ID:		1304974
Submitted by:		Wei Liu <wei.liu2@citrix.com>
Reviewed by:		royger
Sponsored by:		Citrix Systems R&D
Differential revision:	https://reviews.freebsd.org/D5250
2016-02-11 11:50:31 +00:00
Andrew Turner
647a3bac7e Stop defining fdt_pic_table when building for ARM_INTRNG. 2016-02-11 11:49:27 +00:00
Ruslan Bukin
2150fb09b9 Stop device enumeration when we see first empty slot.
This fixes operation in QEMU and saves some booting time as well.

Pointed out by:	Sagar Karandikar <skarandikar@berkeley.edu>
Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
2016-02-11 11:21:45 +00:00
Andrew Turner
75d36854d4 Remove unused Zedboard config files. files.zedboard was empty other than
comments, and std.zedboard just pointed to files.zedboard and std.xilinx.
2016-02-11 10:48:15 +00:00
Hans Petter Selasky
3e9470b721 Use a pair of ifs when comparing the 32-bit flowid integers so that
the sign bit doesn't cause an overflow. The overflow manifests itself
as a sorting index wrap around in the middle of the sorted array,
which is not a problem for the LRO code, but might be a problem for
the logic inside qsort().

Reviewed by:		gnn @
Sponsored by:		Mellanox Technologies
Differential Revision:	https://reviews.freebsd.org/D5239
2016-02-11 10:03:50 +00:00