Commit Graph

250154 Commits

Author SHA1 Message Date
kp
01a46893f7 pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS
Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and
DIOCRSETTFLAGS ioctls with invalid values. These may succeed (because
the kernel uses the minimally required size, not the specified size),
but should not trigger kernel panics.

MFC after:	1 week
2018-04-06 15:57:20 +00:00
kp
337a0778fc pf: Improve ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS
These ioctls can process a number of items at a time, which puts us at
risk of overflow in mallocarray() and of impossibly large allocations
even if we don't overflow.

Limit the allocation to required size (or the user allocation, if that's
smaller). That does mean we need to do the allocation with the rules
lock held (so the number doesn't change while we're doing this), so it
can't M_WAITOK.

MFC after:	1 week
2018-04-06 15:54:30 +00:00
kevans
87196146cf lualoader: Fix menu skipping with loader.conf(5) vars
Earlier efforts to stop loading the menu broke the ability to skip the menu
with, e.g., beastie_disable in loader.conf(5) as it was decided before
configuration was read.

Defer bringing in the menu module until we've loaded configuration so that
we can make a more informed decision on whether the menu should be skipped
or not.
2018-04-06 15:19:48 +00:00
kevans
86cea92a59 aw_sid(4): Use prctl read for all reads when it's required
It was later found that some operation on the OrangePi one will cause
direct accesses to the eeprom to return wrong data again, so reading it all
once via prctl at attach time is no longer sufficient.
2018-04-06 15:17:09 +00:00
jtl
b94f9c58dc In cases where an application issues certain IPMI commands at a high
enough rate, the IPMI code can print large numbers of messages to the
console, such as:
  ipmi0: KCS: Failed to read completion code
  ipmi0: KCS error: ff
  ipmi0: KCS: Failed to read completion code
  ipmi0: KCS error: ff

These seem to be innocuous from a system standpoint, and the user-
space code can deal with the failures. Therefore, suppress printing
these messages to the console unless bootverbose is enabled.

Obtained from:	Netflix, Inc.
2018-04-06 15:15:21 +00:00
kp
7cad8d5216 pf tests: Basic ioctl validation tests
Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after:	1 week
2018-04-06 15:03:48 +00:00
kp
8f7d14d304 pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES
The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of
tables at a time, and as such try to allocate <number of tables> *
sizeof(struct pfr_table). This multiplication can overflow. Thanks to
mallocarray() this is not exploitable, but an overflow does panic the
system.

Arbitrarily limit this to 65535 tables. pfctl only ever processes one
table at a time, so it presents no issues there.

MFC after:	1 week
2018-04-06 15:01:45 +00:00
ed
591ef7c807 Let syslog(3) use RFC 5424.
With r332099 changing syslogd(8) to parse RFC 5424 formatted syslog
messages, go ahead and also change the syslog(3) libc function to
generate them. Compared to RFC 3164, RFC 5424 has various advantages,
such as sub-second precision for log entry timestamps.

As this change could have adverse effects when not updating syslogd(8)
or using a different system logging daemon, add a notice to UPDATING and
increase __FreeBSD_version.

Differential Revision:	https://reviews.freebsd.org/D14926
2018-04-06 13:00:45 +00:00
ed
6301688144 Add RFC 5424 syslog message parsing to syslogd.
Syslogd currently uses the RFC 3164 format for its log messages.One
limitation of RFC 3164 is that it cannot be used to log entries with
sub-second precision timestamps. One of our users has expressed a desire
for doing this for doing some basic performance measurements.

This change attempts to make a first cut at switching to RFC 5424 based
logging. The first step is to alter syslogd's input path to properly
parse such messages. It alters the logmsg() prototype to match the
fields of RFC 5424. The parsemsg() function is extended to parse both
RFC 3164 and 5424 messages and call into logmsg() accordingly.

Additional changes include:

- Introducing proper parsing of timestamps, so that they can be printed
  in any desired output format. This means we need to infer the year and
  timezone for RFC 3164 timestamps.
- Removing ISKERNEL. This can now be realised by simply providing an
  APP-NAME (== "kernel").
- Extending RFC 3164 parsing to trim off the TAG prefix and using that
  to derive APP-NAME and PROCID.
- Increase MAXLINE. RFC 5424 mentions we should support 2k messages.

Differential Revision:	https://reviews.freebsd.org/D14926
2018-04-06 12:57:01 +00:00
royger
e1f89be1d3 remove GiB/MiB macros from param.h
And instead define them in the files where they are used.

Requested by: bde
2018-04-06 11:20:06 +00:00
emaste
5e76fb407e stand: pass --no-rosegment for i386 bits when linking with lld
btxld does not correctly handle input with other than 2 PT_LOAD
segments.  Passing --no-rosegment lets lld produce output eqivalent to
ld.bfd: 2 PT_LOAD segments and no PT_GNU_RELRO.

PR:		225775
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14956
2018-04-06 02:57:58 +00:00
brooks
0080e81d7c Add 32-bit compat for ioctls that take struct ifgroupreq.
Use an accessor to access ifgr_group and ifgr_groups.

Use an macro CASE_IOC_IFGROUPREQ(cmd) in place of case statements such
as "case SIOCAIFGROUP:". This avoids poluting the switch statements
with large numbers of #ifdefs.

Reviewed by:	kib
Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14960
2018-04-05 22:14:55 +00:00
brooks
8f46ff8fe4 ifconf(): Always zero the whole struct ifreq.
The previous split of zeroing ifr_name and ifr_addr seperately is safe
on current architectures, but would be unsafe if pointers were larger
than 8 bytes. Combining the zeroing adds no real cost (a few
instructions) and makes the security property easier to verify.

Reviewed by:	kib, emaste
Obtained from:	CheriBSD
MFC after:	3 days
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14912
2018-04-05 21:58:28 +00:00
brooks
416a043285 Added SAL annotatations to system calls.
Modify makesyscalls.sh to strip out SAL annotations.

No functional change.

This is based on work I started in CheriBSD and use to validate fat
pointers at the syscall boundary.  Tal Garfinkel reviewed the changes,
added annotations to COMPAT* syscalls and is using them in a record and
playback framework.  One can envision other uses such as a WITNESS-like
validator for copyin/out as speculated on in the review.

As this time we are only annotating sys/kern/syscalls.master as that is
sufficient for userspace work.  If kernel use cases materialize, we can
annotate other syscalls.master as needed.

Submitted by:	Tal Garfinkel <talg@cs.stanford.edu>
Sponsored by:	DARPA, AFRL (in part)
Differential Revision:	https://reviews.freebsd.org/D14285
2018-04-05 20:31:45 +00:00
benno
818a504b94 Add an ISO9660 "partition table" type to loader.
When booted via isoboot(8) loader will be handed a disk that simply contains
an ISO9660 image. Currently this confuses it greatly. Teach it how to spot
that it's in this situation and that ISO9660 has one "partition" covering
the whole disk.

Reviewed by:	imp
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D14915
2018-04-05 19:45:30 +00:00
benno
0b8d8dcffd Add isoboot(8) for booting BIOS systems from HDDs containing ISO images.
This is part of a project for adding the ability to create hybrid CD/USB boot
images. In the BIOS case when booting from something that isn't a CD we need
some extra boot code to actually find our next stage (loader) within an
ISO9660 filesystem. This code will reside in a GPT partition (similar to
gptboot(8) from which it is derived) and looks for /boot/loader in an
ISO9660 filesystem on the image.

Reviewed by:	imp
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D14914
2018-04-05 19:40:46 +00:00
benno
c45837807b Various style(9) fixes.
Reviewed by:	strip --strip-debug -o - gptboot.o | md5
Sponsored by:	iXsystems, Inc.
2018-04-05 19:29:22 +00:00
benno
75db17a2d6 Use consistent whitespace.
Reviewed by:	strip --strip-debug -o - gptboot.o | md5
Sponsored by:	iXsystems, Inc.
2018-04-05 19:27:24 +00:00
brooks
198d9fcdd8 Allow -DNO_CLEAN buildworld after r332080. 2018-04-05 18:19:48 +00:00
brooks
9928a4ad73 Remove architecture specific shmat.S files.
These files are identical to the generated system calls.
In the case of MIPS, the file was already disconnected from the build.

Submitted by:	Ali Mashtizadeh <ali@mashtizadeh.com>
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D14976
2018-04-05 18:17:46 +00:00
markj
53726df9f4 Fix the definitions of get_cpu() and put_cpu().
They are supposed to disable preemption.

Reported by:	rstone
MFC after:	5 days
2018-04-05 17:26:03 +00:00
br
7d671d9b44 Add support for the Coresight technology from ARM Ltd.
ARM Coresight is a solution for debug and trace of complex SoC designs.

This includes a collection of drivers for ARM Coresight interconnect
devices within a small Coresight framework.

Supported devices are:
o Embedded Trace Macrocell v4 (ETMv4)
o Funnel
o Dynamic Replicator
o Trace Memory Controller (TMC)
o CPU debug module

Devices are connected to each other internally in SoC and the
configuration of each device endpoints is described in FDT.

Typical trace flow (as found on Qualcomm Snapdragon 410e):
CPU0 -> ETM0 -> funnel1 -> funnel0 -> ETF -> replicator -> ETR -> DRAM
CPU1 -> ETM1 -^
CPU2 -> ETM2 -^
CPU3 -> ETM3 -^

Note that both Embedded Trace FIFO (ETF) and Embedded Trace Router (ETR)
are hardware configurations of TMC.

This is required for upcoming HWPMC tracing support.

This is tested on single-core system only.

Reviewed by:	andrew (partially)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14618
2018-04-05 15:45:54 +00:00
rgrimes
0b35cef2b2 Exit with usage when extra arguments are on command line
preventing mistakes such as "halt 0p" for "halt -p".
Approved by:	bde (mentor), phk (mentor)
MFC after:	1 week
2018-04-05 15:00:08 +00:00
royger
5f1547e410 x86: improve reservation of AP trampoline memory
So that it doesn't rely on physmap[1] containing an address below
1MiB. Instead scan the full physmap and search for a suitable address
to place the trampoline code (below 1MiB) and the initial memory pages
(below 4GiB).

Sponsored by:		Citrix Systems R&D
Reviewed by:		kib
Differential Revision:	https://reviews.freebsd.org/D14878
2018-04-05 14:39:51 +00:00
royger
6699cd8b0f introduce GiB and MiB macros
This macros convert from GiB or MiB into bytes.

Sponsored by: Citrix Systems R&D
2018-04-05 14:31:54 +00:00
sbruno
2e02693803 Squash error from geom by sizing ident strings to DISK_IDENT_SIZE.
Display attribute in future error strings and differentiate g_handleattr()
error messages for ease of debugging in the future.

"g_handleattr: md1 bio_length 24 strlen 31 -> EFAULT"

Reported by:	swills
Reviewed by:	imp cem avg
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D14962
2018-04-05 13:56:40 +00:00
kib
85654290ba Fix ERESTART for lcall $7,$0 syscalls.
The lcall trampoline enters kernel by int $0x80, which sets up invalid
length of the instruction for %rip rewind.

Reviewed by:	bde
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-04-05 11:03:21 +00:00
kib
22ab7ec03b Make the INTO instruction operational in 32bit mode.
Having the IDT entry specify ring 0 DPL caused delivery of #GP instead
of #OF.

The instruction is not valid in 64bit mode, which probably explains
why the IDT entry for #OF was initially set this way.  It is
interesting to note that the BOUND instruction works with the IDT #BR
entry DPL 0, most likely CPU considers #BR from BOUND as generated by
a machine, not user.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-04-05 11:03:05 +00:00
emaste
a5aa6a91a2 remove special handling for stale ptrace dependencies
r318957 added special handling for stale ptrace dependency files to
support a -DNO_CLEAN build in a tree last built before r305012.  That
revision is now over a year and a half old, so retire the special case.

Sponsored by:	The FreeBSD Foundation
2018-04-05 03:26:42 +00:00
mckusick
50d7ca2454 Renumber soft-update types starting at 1 instead of 0 to avoid confusion
of zero'ed memory appearing to have a valid soft-update type.

Also correct some comments.

Reviewed by: kib
2018-04-05 00:32:01 +00:00
np
6f570a6cb8 cxgbe(4): Always display an error message if SIOCSIFFLAGS will leave
IFF_UP and IFF_DRV_RUNNING out of sync.  ifhwioctl in the kernel pays no
attention to the return code from the driver ioctl during SIOCSIFFLAGS
so these messages are the only indication that the ioctl was called but
failed.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2018-04-04 22:52:24 +00:00
brooks
d2b366f384 Allow -DNO_CLEAN builds over r332048. 2018-04-04 22:46:30 +00:00
brooks
797201a4c8 Remove architecture specific sigreturn.S files.
All of these files are identical (modulo license blocks and VCS IDs) to
the files generated by lib/libc/sys/Makefile.inc and serve no purpose.

Reported by:	Ali Mashtizadeh <ali@mashtizadeh.com>
Reviewed by:	kib
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14953
2018-04-04 22:45:08 +00:00
vmaffione
6dfc9aee0f netmap: align if_ptnet guest driver to the upstream code (commit 0e15788)
The change upgrades the driver to use the split Communication Status
Block (CSB) format. In this way the variables written by the guest
and read by the host are allocated in a different cacheline than
the variables written by the host and read by the guest; this is
needed to avoid cache thrashing.

Approved by:	hrs (mentor)
2018-04-04 21:31:12 +00:00
ian
cf4f9e9181 Add a missing MODULE_DEPEND(). 2018-04-04 21:19:33 +00:00
emaste
44d4315517 Fix kernel memory disclosure in tcp_ctloutput
strcpy was used to copy a string into a buffer copied to userland, which
left uninitialized data after the terminating 0-byte.  Use the same
approach as in tcp_subr.c: strncpy and explicit '\0'.

admbugs:	765, 822
MFC after:	1 day
Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by:	Vlad Tsyrklevich
Security:	Kernel memory disclosure
Sponsored by:	The FreeBSD Foundation
2018-04-04 21:12:35 +00:00
markj
958788bce2 Typo.
MFC after:	3 days
2018-04-04 20:15:41 +00:00
emaste
31cf3ac440 Fix kernel memory disclosure in linux_ioctl_socket
strlcpy is used to copy a string into a buffer to be copied to userland,
previously leaving uninitialized data after the terminating NUL.  Zero
the buffer first to avoid a kernel memory disclosure.

admbugs:	765, 811
MFC after:	1 day
Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
Reported by:	Vlad Tsyrklevich
Sponsored by:	The FreeBSD Foundation
2018-04-04 19:58:25 +00:00
pfg
e7dda4dab8 pthread.h: minor indentation cleanups.
No functional change.

X-MFC with:	r331969
2018-04-04 15:16:04 +00:00
emaste
43703b52c4 linux_ioctl_hdio: fix kernel memory disclosure
Stack-allocated struct linux_hd_big_geometry has undeclared padding
copied to userland.

admbugs:	765
Reported by:	Vlad Tsyrklevich
MFC after:	1 day
Security:	Kernel memory disclosure
Sponsored by:	The FreeBSD Foundation
2018-04-04 14:41:48 +00:00
br
5239c9c2e4 Add new shared library -- libopencsd.
OpenCSD is an ARM CoreSight(tm) trace packets decoder.

- Connect libopencsd to the arm64 build.
- Install opencsd headers to /usr/include/opencsd/

Sponsored by:	DARPA, AFRL
2018-04-04 14:31:56 +00:00
andrew
57a7385e25 Remove fdt_pm_is_enabled as it's Marvell specific. Replace the only call to
it with a call to the helper function fdt_pm_is_enabled would call.

Sponsored by:	DARPA, AFRL
2018-04-04 13:37:59 +00:00
mw
b1260fda95 Enable Marvell gpio driver to work with many controllers
This patch moves all global data structures into mv_gpio_softc,
and puts device_t parameter to functions calls everywhere where needed.
As a result, we can create multiple driver instances.

Removed names in function declaration to keep style.

Submitted by: Patryk Duda <pdk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14755
2018-04-04 13:20:29 +00:00
mw
be27da2726 Improve interrupt and resource allocation in Marvell GPIO driver
This patch adds support for more than one interrupts
in GPIO controller. It reads necessary information (such as cell size)
from FDT, so there are no magic numbers.

Note that interrupts are still not working, but this patch makes
one good step in correct direction

Submitted by: Patryk Duda <pdk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14754
2018-04-04 13:12:49 +00:00
mw
a4fbc43cfc Introduce port debouncing mechanism in mv_gpio driver
This patch introduces gpio debouncing mechanism
with fixed memory allocation in critical section.

When you press button, value at gpio pin connected to button
is changing many times which will cause in unexpected behaviour.
Debouncing mechanism will prevent this phenomenon

Submitted by: Patryk Duda <pdk@semihalf.com>
	      Wojciech Macek <wma@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14753
2018-04-04 13:08:51 +00:00
mw
a28b344c25 Match Marvell Armada38X PCIE ranges in dts with Linux
If driver cannot determine ranges based on fdt, it will calculate
them based on number and type of current port.

Submitted by: Rafal Kozik <rk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14752
2018-04-04 13:01:14 +00:00
br
0c2c623a27 Import OpenCSD -- an ARM CoreSight(tm) Trace Decode Library.
Sponsored by:	DARPA, AFRL
2018-04-04 12:55:31 +00:00
mw
283e42b853 Change reg in Marvell Armada38X pcie FDT
Ranges in pcie-controller are unused, so could be changed to match Linux
device tree represntation. Same with interrupt-cells and interrupt-parent.
In PCI controller driver ocd_data are used for matching driver and
choose proper resources acquisition function.
fdt_win_process_child have new argument which provide information
about fdt node containing addresses of MMIO registers.

Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: manu [DT part]
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14751
2018-04-04 12:54:18 +00:00
mw
ad8db5b0cc Add api for creating resource list based on 'assigned-addresses'
According to device tree binding 'assigned-addresses' can refer to PCIE MMIO
register space. New function ofw_bus_assigned_addresses_to_rl is
provided to support it.

Submitted by: Rafal Kozik <rk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14750
2018-04-04 12:47:41 +00:00
mw
1913111f19 Match Marvell Armada38X PCI compatible with Linux
In Linux FDT pcie does not have compatible string.
Configuration of windows in mv_common was based on fdt compatible.
Now pcie windows are configured by their parent: pcie_controller.
Processing is moved to fdt_win_process_child. fdt_win_process now
only walk through the tree. SOC_NODE_PCI is position of pcie function in
soc_node_spec array.

PCIe probe cannot use ofw_bus_search_compatible, because it needs to
check also device type and parents compatible.

Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: manu [DT part]
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14749
2018-04-04 12:41:42 +00:00