Commit Graph

245999 Commits

Author SHA1 Message Date
Konstantin Belousov
fa83f68917 Add x86 msr tweak KPI.
Use the KPI to tweak MSRs in mitigation code.

Reviewed by:	markj, scottl
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22431
2019-11-18 20:53:57 +00:00
John Baldwin
03b0d68c72 Check for errors from copyout() and suword*() in sv_copyout_args/strings.
Reviewed by:	brooks, kib
Tested on:	amd64 (amd64, i386, linux64), i386 (i386, linux)
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D22401
2019-11-18 20:07:43 +00:00
Mark Johnston
85e06c728c Set MALLOC_DEBUG_MAXZONES=1 in GENERIC-NODEBUG configurations.
The purpose of this option is to make it easier to track down memory
corruption bugs by reducing the number of malloc(9) types that might
have recently been associated with a given chunk of memory.  However, it
increases fragmentation and is disabled in release kernels.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-11-18 20:03:28 +00:00
Kyle Evans
6cd7d8a648 bcm2835_sdhci: use a macro for interrupts we handle
This is just further simplification, very little functional change. In the
DMA interrupt handler, we *do* now acknowledge both DATA_AVAIL | SPACE_AVAIL
every time -- these operations are mutually exclusive, so while this is a
functional change, it's effectively a nop. Removing the 'mask' local allows
us to further simplify in a future change.
2019-11-18 19:28:09 +00:00
Mark Johnston
ccd7667c1b Fix grammar in gpart.8.
PR:		241973
MFC after:	3 days
2019-11-18 19:05:52 +00:00
Kyle Evans
c22f8ca6cc bcm2835_sdhci: push DATA_END handling out of DMA interrupt path
This simplifies the DMA interrupt handler quite a bit. The sdhci framework
will call platform_finish_transfer() if it's received SDHCI_INT_DATA_END, so
we can take care of any final cleanup there and simply not worry about the
possibility of it ending in the DMA interrupt path.
2019-11-18 18:40:35 +00:00
Mark Johnston
066d9631cb Fix inconsistencies in anonymous DOF files.
The DOF file output by dtrace -A contains only the loadable sections.
However, as it was created by a call to dtrace_dof_create() without
flags, the original DOF was created with the loadable sections.  The
result is that the DOF includes the section headers for the unloadable
sections (COMMENTS and UTSNAME) without these sections actually being
present.  This is inconsistent.

A simple change to anon_prog() ensures that the missing sections are
present in the outputted DOF.  Alternatively, the call to
dtrace_dof_create() could pass the DTRACE_D_STRIP flag stripping out the
loadable sections.  As the unloadable sections contain info useful for
debugging purposes they haven't been stripped.

Submitted by:	Graeme Jenkinson <graeme.jenkinson@cl.cam.ac.uk>
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D21875
2019-11-18 18:34:23 +00:00
Mark Johnston
fe6d5344c2 Group per-domain reservation data in the same structure.
We currently have the per-domain partially populated reservation queues
and the per-domain queue locks.  Define a new per-domain padded
structure to contain both of them.  This puts the queue fields and lock
in the same cache line and avoids the false sharing within the old queue
array.

Also fix field packing in the reservation structure.  In many places we
assume that a domain index fits in 8 bits, so we can do the same there
as well.  This reduces the size of the structure by 8 bytes.

Update some comments while here.  No functional change intended.

Reviewed by:	dougm, kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D22391
2019-11-18 18:25:51 +00:00
Mark Johnston
3a2ba9974d Widen the vm_page aflags field to 16 bits.
We are now out of aflags bits, whereas the "flags" field only makes use
of five of its sixteen bits, so narrow "flags" to eight bits.  I have no
intention of adding a new aflag in the near future, but would like to
combine the aflags, queue and act_count fields into a single atomically
updated word.  This will allow vm_page_pqstate_cmpset() to become much
simpler and is a step towards eliminating the use of the page lock array
in updating per-page queue state.

The change modifies the layout of struct vm_page, so bump
__FreeBSD_version.

Reviewed by:	alc, dougm, jeff, kib
Sponsored by:	Netflix, Intel
Differential Revision:	https://reviews.freebsd.org/D22397
2019-11-18 18:22:41 +00:00
Mark Johnston
c7181c5ab0 Implement vm.pmap.kernel_maps for arm64.
Reviewed by:	alc
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22142
2019-11-18 15:37:01 +00:00
Mark Johnston
d2624609e6 Let arm64 pmap_qenter() and pmap_kenter() unconditionally set NX.
As on amd64, there is no need for mappings created by these functions to
be executable.

Reviewed by:	alc, andrew
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22141
2019-11-18 15:36:46 +00:00
Alan Somers
af4b7924f1 Update the ses(4) man page
This driver was largely rewritten in 2015 (svn r235911) but the man page was
never updated to match.

Reviewed by:	trasz
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D22339
2019-11-18 14:12:33 +00:00
David Bright
2d5603fe65 Jail and capability mode for shm_rename; add audit support for shm_rename
Co-mingling two things here:

  * Addressing some feedback from Konstantin and Kyle re: jail,
    capability mode, and a few other things
  * Adding audit support as promised.

The audit support change includes a partial refresh of OpenBSM from
upstream, where the change to add shm_rename has already been
accepted. Matthew doesn't plan to work on refreshing anything else to
support audit for those new event types.

Submitted by:	Matthew Bryan <matthew.bryan@isilon.com>
Reviewed by:	kib
Relnotes:	Yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22083
2019-11-18 13:31:16 +00:00
Andriy Gapon
d2e690132e fix up r354804, add new ZFS file mmp.c to kernel files
Reported by:	CI LINT build
MFC after:	4 weeks
X-MFC with:	r354804
2019-11-18 10:46:55 +00:00
Andriy Gapon
2d54db4cc9 fix up r354804, link zstreamdump with libzfs
Since r354804 libzpool depends on libzfs for get_system_hostid symbol.
Except for zstreamdump, all binaries linked with libzpool were already
linked with libzfs.  So, zstreamdump is the only fall-out.

It's interesting that on amd64 not only I was able to successfully build
zstreamdump, I am able to run it despite having the unresolved symbol in
libzpool.

MFC after:	4 weeks
X-MFC with:	r354804
2019-11-18 10:34:27 +00:00
Edward Tomasz Napierala
dfe91e5e34 Make linux(4) open(2)/openat(2) return ELOOP instead of EMLINK,
when being passed O_NOFOLLOW.  This fixes LTP testcase openat02:5.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D22384
2019-11-18 10:19:16 +00:00
Andriy Gapon
a8c08e008a MFV r354378,r354379,r354386: 10499 Multi-modifier protection (MMP)
10499 Multi-modifier protection (MMP)
illumos/illumos-gate@e0f1c0afa4
e0f1c0afa4
https://www.illumos.org/issues/10499
  Port the following ZFS commits from ZoL to illumos.
  379ca9cf2 Multi-modifier protection (MMP)
  bbffb59ef Fix multihost stale cache file import
  0d398b256 Do not initiate MMP writes while pool is suspended

10701 Correct lock ASSERTs in vdev_label_read/write
illumos/illumos-gate@58447f688d
58447f688d
https://www.illumos.org/issues/10701
  Port of ZoL commit:
  0091d66f4e Correct lock ASSERTs in vdev_label_read/write
  At a minimum, this fixes a blown assert during an MMP test run when running on
  a DEBUG build.

11770 additional mmp fixes
illumos/illumos-gate@4348eb9012
4348eb9012
https://www.illumos.org/issues/11770
  Port a few additional MMP fixes from ZoL that came in after our
  initial MMP port.
  4ca457b065 ZTS: Fix mmp_interval failure
  ca95f70dff zpool import progress kstat
  (only minimal changes from above can be pulled in right now)
  060f0226e6 MMP interval and fail_intervals in uberblock

Note from the committer (me).
I do not have any use for this feature and I have not tested it.  I only
did smoke testing with multihost=off.
Please be aware.
I merged the code only to make future merges easier.

Portions contributed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Portions contributed by: Tim Chase <tim@chase2k.com>
Portions contributed by: sanjeevbagewadi <sanjeev.bagewadi@gmail.com>
Portions contributed by: John L. Hammond <john.hammond@intel.com>
Portions contributed by: Giuseppe Di Natale <dinatale2@llnl.gov>
Portions contributed by: Prakash Surya <surya1@llnl.gov>
Portions contributed by: Brian Behlendorf <behlendorf1@llnl.gov>
Author: Olaf Faaland <faaland1@llnl.gov>

MFC after:	4 weeks
2019-11-18 09:38:35 +00:00
Xin LI
f327c2ba2f MFV r354798:
Apply vendor fixes:

06de62c Detect multiplication overflow when computing sector position
46a8443 Limit the number of elements in a vector (found by oss-fuzz)

Requested by:	wen
MFC after:	3 days
Security:	CVE-2019-18218
2019-11-18 04:22:04 +00:00
Conrad Meyer
470182bb6e Link in NetBSD's unifdef(1) tests
Skip one, is it currently fails.
2019-11-18 04:03:11 +00:00
Li-Wen Hsu
e9b30d7fcb Also clean LINT64 kernel configuration for powerpc
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-11-18 01:56:19 +00:00
Xin LI
d824749b30 Apply vendor fixes:
06de62c Detect multiplication overflow when computing sector position

46a8443 Limit the number of elements in a vector (found by oss-fuzz)
2019-11-17 20:56:25 +00:00
Justin Hibbits
0700132b16 powerpc: Re-add -Wno-redundant-decls to DPAA build flags
Since the DPAA code is from a third party, with minimal edits, there is no
intent to fix these specific warnings at this time.  Hide these warnings to
prevent the noise from hiding real warnings.
2019-11-17 20:49:24 +00:00
Alex Richardson
21697a7a3a Fix error found by new clang operator precendence warning
error: operator '?:' has lower precedence than '|'; '|' will be evaluated first

I discovered this in CheriBSD after updating our fork of clang to the latest
upstream master.

Reviewed By:	ian
Differential Revision: https://reviews.freebsd.org/D22433
2019-11-17 19:04:02 +00:00
Doug Moore
abdab7b633 Add a helper function for testing a swap block and freeing it if empty.
Submitted by: ota_j.email.ne.jp
Approved by: alc, kib, dougm
Differential Revision: https://reviews.freebsd.org/D22402
2019-11-17 18:38:37 +00:00
Alan Cox
8a19cf92cf Achieve two goals at once: (1) Avoid an unnecessary broadcast TLB
invalidation in pmap_remove_all(). (2) Prevent an "invalid ASID" assertion
failure in pmap_remove_all().

The architecture definition specifies that the TLB will not cache mappings
that don't have the "AF" bit set, so pmap_remove_all() needn't issue a TLB
invalidation for mappings that don't have the "AF" bit set.

We allocate ASIDs lazily.  Specifically, we don't allocate an ASID for a
pmap until we are activating it.  Now, consider what happens on a fork().
Before we activate the child's pmap, we use pmap_copy() to copy mappings
from the parent's pmap to the child's.  These new mappings have their "AF"
bits cleared.  Suppose that the page daemon decides to reclaim a page that
underlies one of these new mappings.  Previously, the pmap_invalidate_page()
performed by pmap_remove_all() on a mapping in the child's pmap would fail
an assertion because that pmap hasn't yet been assigned an ASID.  However,
we don't need to issue a TLB invalidation for such mappings because they
can't possibly be cached in the TLB.

Reported by:	bob prohaska <fbsd@www.zefox.net>
Reviewed by:	markj
MFC after:	1 week
X-MFC-before:	r354286
Differential Revision:	https://reviews.freebsd.org/D22388
2019-11-17 17:38:53 +00:00
Konstantin Belousov
0857931660 Update controlelf(1) to ahndle stack gap disable flag.
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22379
2019-11-17 14:54:43 +00:00
Konstantin Belousov
156e865494 Add elf image flag to disable stack gap.
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22379
2019-11-17 14:54:07 +00:00
Konstantin Belousov
01a2b5679b kern_exec: p_osrel and p_fctl0 were obliterated by failed execve(2) attempt.
Zeroing of them is needed so that an image activator can update the
values as appropriate (or not set at all).

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22379
2019-11-17 14:52:45 +00:00
Konstantin Belousov
b2e1b88984 amd64 copyout: remove irrelevant comment.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2019-11-17 14:41:47 +00:00
Konstantin Belousov
7ce4a1458e Document required size of buffer for elf_aux_info(3).
PR:	241884
Reported by:	jbeich
Reviewed by:	brooks
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D22380
2019-11-17 14:11:08 +00:00
Kyle Evans
d3276301ab Add makesyscalls.lua, a rewrite of makesyscalls.sh
This currently requires a suitable lua + luafilesystem + luaposix from the
ports tree to build. Discussion is underway in D21893 to add a suitable lua
to the base system, cleverly disguised and out of the way of normal
consumers.

makesyscalls.sh is a good target for rewrite into lua as it's currently a
sh+sed+awk script that can be difficult to add on to, at times. For
instance, adding a new COMPAT* option (that mimicks the behaivor of most
other COMPAT* options) requires a fairly substantial amount of copy/paste;
see r352693 for instance. Attempts to generate part of the awk script for
COMPAT* handling was (very kindly) rejected with a desire to just rewrite
the script in a single language that can handle all of it.

Reviewed by:	brooks
Differential Revision:	https://reviews.freebsd.org/D21775
2019-11-17 14:08:19 +00:00
Doug Moore
bdb90e7613 The loop in vm_map_protect that verifies that all transition map
entries are stabilized, repeatedly verifies the same entry. Check each
entry in turn.

Reviewed by: kib (code only), alc
Tested by: pho
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D22405
2019-11-17 06:50:36 +00:00
Justin Hibbits
5979bb0b7d powerpc: Return SIGILL if DSCR does not exist in m{f,t}spr emulation
Guard against programs written for one powerpc target running on another,
and panicking the system due to not having the DSCR register.
2019-11-17 01:01:02 +00:00
Brandon Bergren
7316504cd5 [PowerPC] Fix *context on ELFv2
Due to ELFv1 specific code in _ctx_start.S and makecontext.c, userspace
context switching was completely broken on ELFv2.

With this change, we now pass the libthr test suite.

Approved by: jhibbits (mentor)
Differential Revision: https://reviews.freebsd.org/D22421
2019-11-16 20:33:46 +00:00
Alan Somers
a3851eec6e Actually hook CAM_IO_STATS up to the build
It's still disabled by default, but now it can be enabled with config(5) and
it will be build in LINT.

Reviewed by:	imp
MFC after:	1 week
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D22383
2019-11-16 19:12:17 +00:00
Justin Hibbits
6a51741fc7 gcore: Don't add VSX notes on powerpcspe
powerpcspe does not support VSX at all, but gets the 'VMX' notes for free,
providing the SPE registers.
2019-11-16 18:24:28 +00:00
Conrad Meyer
9cbefe25d4 Update to Zstandard 1.4.4
The full release notes can be found on Github:

  https://github.com/facebook/zstd/releases/tag/v1.4.4

Notable changes in this release include improved decompression speed (about
10%).  See the Github release notes for more details.

MFC after:	I'm not going to, but feel free
Relnotes:	yes
2019-11-16 16:39:08 +00:00
Justin Hibbits
6f83eb8b21 powerpcspe: Don't leak kernel registers in SPE dumps
save_vec_int() for SPE saves off only the high word of the register, leaving
the low word as "garbage", but really containing whatever was in the kernel
register at the time.  This leaks into core dumps, and in a near future
commit also into ptrace.  Instead, save the GPR in the low word in
save_vec_nodrop(), which is used only for core dumps and ptrace.
2019-11-16 16:36:20 +00:00
Justin Hibbits
fe6277692f powerpcspe: Mark asm statement in spe_save_reg_high as clobbering memory
Modern gcc errors that "'vec[0]' is used uninitialized in this function"
without us telling it that vec is clobbered.  Neither clang nor gcc 4.2.1
error on the existing construct.

Submitted by:	bdragon
2019-11-16 16:27:31 +00:00
Michael Tuexen
c968c769af Add boundary and overflow checks to the formulas used in the TCP CUBIC
congestion control module.

Submitted by:		Richard Scheffenegger
Reviewed by:		rgrimes@
Differential Revision:	https://reviews.freebsd.org/D19118
2019-11-16 12:00:22 +00:00
Michael Tuexen
b0c1a13e4e Improve TCP CUBIC specific after idle reaction.
The adjustments are inspired by the Linux stack, which has had a
functionally equivalent implementation for more than a decade now.

Submitted by:		Richard Scheffenegger
Reviewed by:		Cheng Cui
Differential Revision:	https://reviews.freebsd.org/D18982
2019-11-16 11:57:12 +00:00
Michael Tuexen
35cd141b4b Implement a tCP CUBIC-specific after idle reaction.
This patch addresses a very common case of frequent application stalls,
where TCP runs idle and looses the state of the network.

Submitted by:		Richard Scheffenegger
Reviewed by:		Cheng Cui
Differential Revision:	https://reviews.freebsd.org/D18954
2019-11-16 11:37:26 +00:00
Michael Tuexen
453e633384 Revert https://svnweb.freebsd.org/changeset/base/354708
I used the wrong Differential Revision, so back it out and do it right
in a follow-up commit.
2019-11-16 11:10:09 +00:00
Toomas Soome
182d1b7133 loader: remove unused variable from efipart.c 2019-11-16 08:16:50 +00:00
Mitchell Horne
9b461fa36e RISC-V: busdma_bounce: fix BUS_DMA_ALLOCNOW for non-paged aligned sizes
RISC-V inherited this code from arm64, so implement the fix from r354712.
See the revision for the full description.

Submitted by:	kevans (arm64 version)
2019-11-16 01:25:51 +00:00
Scott Long
e372160177 TSX Asynchronous Abort mitigation for Intel CVE-2019-11135.
This CVE has already been announced in FreeBSD SA-19:26.mcu.

Mitigation for TAA involves either turning off TSX or turning on the
VERW mitigation used for MDS. Some CPUs will also be self-mitigating
for TAA and require no software workaround.

Control knobs are:
machdep.mitigations.taa.enable:
        0 - no software mitigation is enabled
        1 - attempt to disable TSX
        2 - use the VERW mitigation
        3 - automatically select the mitigation based on processor
	    features.

machdep.mitigations.taa.state:
        inactive        - no mitigation is active/enabled
        TSX disable     - TSX is disabled in the bare metal CPU as well as
                        - any virtualized CPUs
        VERW            - VERW instruction clears CPU buffers
	not vulnerable	- The CPU has identified itself as not being
			  vulnerable

Nothing in the base FreeBSD system uses TSX.  However, the instructions
are straight-forward to add to custom applications and require no kernel
support, so the mitigation is provided for users with untrusted
applications and tenants.

Reviewed by:	emaste, imp, kib, scottph
Sponsored by:	Intel
Differential Revision:	22374
2019-11-16 00:26:42 +00:00
Bjoern A. Zeeb
808c432f62 nd6: retire defrouter_select(), use _fib() variant.
Burn bridges and replace the last two calls of defrouter_select() with
defrouter_select_fib().  That allows us to retire defrouter_select()
and make it more clear in the calling code that it applies to all FIBs.

Sponsored by:	Netflix
2019-11-16 00:17:35 +00:00
Bjoern A. Zeeb
f592d0c377 nd6_rtr:
Pull in the TAILQ_HEAD() as it is not needed outside nd6_rtr.c.
Rename the TAILQ_HEAD() struct and the nd_defrouter variable from
"nd_" to "nd6_" as they are not part of the RFC 3542 API which uses "ND_".

Ideally I'd like to also rename the struct nd_defrouter {} to "nd6_*"
but given that is used externally there is more work to do.

No functional changes.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-11-16 00:02:36 +00:00
Scott Long
de890ea465 Create a new sysctl subtree, machdep.mitigations. Its purpose is to organize
knobs and indicators for code that mitigates functional and security issues
in the architecture/platform.  Controls for regular operational policy should
still go into places security, hw, kern, etc.

The machdep root node is inherently architecture dependent, but mitigations
tend to be architecture dependent as well.  Some cases like Spectre do cross
architectural boundaries, but the mitigation code for them tends to be
architecture dependent anyways, and multiple architectures won't be active
in the same image of the kernel.

Many mitigation knobs already exist in the system, and they will be moved
with compat naming in the future.  Going forward, mitigations should collect
in machdep.mitigations.

Reviewed by:	imp, brooks, rwatson, emaste, jhb
Sponsored by:	Intel
2019-11-15 23:27:17 +00:00
Bjoern A. Zeeb
d9a61c960c if_llatbl: change htable_unlink_entry() to early exist if no work to do
Adjust the logic in htable_unlink_entry() to the one in
htable_link_entry() saving a block indent and making it more clear
in which case we do not do any work.

No functional change.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-11-15 23:12:19 +00:00