261036 Commits

Author SHA1 Message Date
fsu
37919d6102 Remove unneeded mount point unlock call.
Reported by:    Christopher Krah, Thomas Barabosch, and Jan-Niclas Hilgert of Fraunhofer FKIE
Reported as:    FS-11-EXT2-6: Denial Of Service in write-1 (ext2_balloc)

MFC after:	2 weeks
2019-07-07 08:53:52 +00:00
dougm
e853380451 A style-related change, r349791, made unclear the meaning of a
comment. Rewrite that comment to improve its clarity.

Reported by: cem
Reviewed by: alc, cem
Approved by: kib, markj (mentors, implicit)
Differential Revision: https://reviews.freebsd.org/D20871
2019-07-07 06:57:04 +00:00
alc
6b5e2b6223 Three changes to pmap_enter():
1. Use _pmap_alloc_l3() instead of pmap_alloc_l3() in order to handle the
possibility that a superpage mapping for "va" was created while we slept.
(This is derived from the amd64 version.)

2. Eliminate code for allocating kernel page table pages.  Kernel page
table pages are preallocated by pmap_growkernel().

3. Eliminate duplicated unlock operations when KERN_RESOURCE_SHORTAGE is
returned.

MFC after:	2 weeks
2019-07-07 06:06:48 +00:00
kib
dd4da0248c Document atomicity for read(2) and write(2).
Take part of the text from POSIX 2018 edition and describe the
atomicity requirements for read and write syscalls.  See p1003.1-2018,
Vol.2, 2.9.7 Threads interaction with Regular File Operations.

Reviewed by:	asomers
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D20867
2019-07-06 20:31:37 +00:00
dim
da9211c814 Upgrade our copies of clang, llvm, lld, lldb, compiler-rt, libc++,
libunwind and openmp to the upstream release_80 branch r364487
(effectively, 8.0.1 rc3).  The 8.0.1 release will most likely
have no further changes.

MFC after:	1 week
X-MFC-With:	r349004
2019-07-06 18:02:29 +00:00
dougm
2c610cf7b5 Fix style(9) violations involving division by PAGE_SIZE.
Reviewed by: alc
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D20847
2019-07-06 15:55:16 +00:00
dougm
75b709b489 Change blist_next_leaf_alloc so that it can examine more than one leaf
after the one where the possible block allocation begins, and allocate
a larger number of blocks than the current limit. This does not affect
the limit on minimum allocation size, which still cannot exceed
BLIST_MAX_ALLOC.

Use this change to modify swp_pager_getswapspace and its callers, so
that they can allocate more than BLIST_MAX_ALLOC blocks if they are
available.

Tested by: pho
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D20579
2019-07-06 06:15:03 +00:00
alc
1b381cfc3c Restructure cache_handle_range to avoid repeated barriers. Specifically,
restructure cache_handle_range so that all of the data cache operations are
performed before any instruction cache operations.  Then, we only need one
barrier between the data and instruction cache operations and one barrier
after the instruction cache operations.

On an Amazon EC2 a1.2xlarge instance, this simple change reduces the time
for a "make -j8 buildworld" by 9%.

Reviewed by:	andrew
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20848
2019-07-05 20:01:06 +00:00
dougm
d707ae5ef8 Based on work posted at https://reviews.freebsd.org/D13484, change
swap_pager_swapoff_object and swp_pager_force_pagein so that they can
page in multiple pages at a time to a swap device, rather than doing
one I/O operation for each page.

Tested by: pho
Submitted by: ota_j.email.ne.jp (Yoshihiro Ota)
Reviewed by: alc, markj, kib
Approved by: kib, markj (mentors)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20635
2019-07-05 16:49:34 +00:00
alc
93d0ca1e9d Merge r349526 from amd64. When we protect an L3 entry, we only call
vm_page_dirty() when, in fact, we are write protecting the page and the L3
entry has PTE_D set.  However, pmap_protect() was always calling
vm_page_dirty() when an L2 entry has PTE_D set.  Handle L2 entries the
same as L3 entries so that we won't perform unnecessary calls to
vm_page_dirty().

Simplify the loop calling vm_page_dirty() on L2 entries.
2019-07-05 05:23:23 +00:00
vmaffione
8899f2676e netmap: Remove pointer leakage in netmap_mem2.c
PR:		238641
Submitted by:	Fuqian Huang <huangfq.daxian@gmail.com>
Reviewed by:	vmaffione
MFC after:	1 week
2019-07-04 21:31:49 +00:00
vmaffione
79f73ddaa4 netmap: fix kernel pointer printing in netmap_generic.c
Print the adapter name rather than the address of the adapter
to avoid kernel address leakage.

PR:		Bug 238642
Submitted by:	Fuqian Huang <huangfq.daxian@gmail.com>
Reviewed by:	vmaffione
MFC after:	1 week
2019-07-04 21:11:45 +00:00
emaste
f6ef3ada2d Update Linux compat version to 2.6.36
New system calls between 2.6.32 and 2.6.26 are already implemented.

This should be mostly NFC as far as contemporary Linux applications are
concerned though, as Linux kernel 3.2 is the oldest supported by a
number of popular distros today; work is in progress by others to enable
support for those applications.

Discussed with:	trasz
MFC after:	1 month
2019-07-04 20:42:08 +00:00
trasz
fded509cb9 Return ENOTSUP for Linux FS_IOC_FIEMAP ioctl.
Linux man(1) calls it for no good reason; this avoids the console spam
(eg '(man): ioctl fd=4, cmd=0x660b ('f',11) is not implemented').

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20690
2019-07-04 20:16:04 +00:00
trasz
eea94a5c4c Add support for PTRACE_O_TRACEEXIT to linuxulator ptrace(2).
This fixes strace 4.25 from Ubuntu 19.04.

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20689
2019-07-04 19:46:58 +00:00
trasz
9f88a23460 Implement PTRACE_GETSIGINFO. This makes Linux strace(1) quieter
in some cases (strace -f man id > /dev/null).

Reviewed by:	dchagin
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20691
2019-07-04 19:44:13 +00:00
trasz
f343e8b139 Fix linuxulator prlimit64(2) with pid == 0. This makes 'ulimit -a'
return something reasonable, and helps linux binaries which attempt
to close all the files, eg apt(8).

Reviewed by:	emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20692
2019-07-04 19:40:01 +00:00
dougm
68c0df92bc Move an assignment, drop a label, and change gotos to break statements
in vm_map_unwire. The code generated on amd86 is unchanged.

Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D20850
2019-07-04 19:25:30 +00:00
dougm
1de352edfc Replace a 'goto' with an 'else' in vm_map_wire_locked.
Reviewed by: alc
Approved by: markj (mentor)
Differential Revision:	https://reviews.freebsd.org/D20855
2019-07-04 19:17:55 +00:00
dougm
31080dabb9 Change boolean_t variables in vm_map_unwire and vm_map_wire_locked to
bool. Drop result variable. Add holes_ok bool to replace repeated
masking of flags parameter.

Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D20846
2019-07-04 19:12:13 +00:00
dougm
0faea81414 Drop a temp variable from vm_map_insert, with no effect on the
resulting amd64 machine code.

Reviewed by: alc
Approved by: kib, markj (mentors, implicit)
Differential Revision: https://reviews.freebsd.org/D20849
2019-07-04 18:28:49 +00:00
markj
7de92ecfe7 Defer funsetown() calls for a TTY to tty_rel_free().
We were otherwise failing to call funsetown() for some descriptors
associated with a tty, such as pts descriptors.  Then, if the
descriptor is closed before the owner exits, we may get memory
corruption.

Reported by:	syzbot+c9b6206303bf47bac87e@syzkaller.appspotmail.com
Reviewed by:	ed
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-07-04 15:42:02 +00:00
br
b78d15fb37 Fix transfers that don't use busdma or bounce buffer (e.g. software dmas).
Busdma data loaded by different function (the bug introduced in r349727).

Sponsored by:	DARPA, AFRL
2019-07-04 15:26:02 +00:00
imp
af6e9d0f2e Fix cut-and-pasto that slipped through my testing. 2019-07-04 15:09:58 +00:00
markj
b6697ced84 elfcopy: Clear errors after fetching the shstrtab index.
Otherwise a future call to elf_errno() will return a non-zero value.
update_shdr(), for example, treats any errors associated with the ELF
descriptor as fatal.  Clear the error per the first example in
elf_errmsg.3.

Convert to elf_getshdrstrndx() while here since elf_getshstrndx() is
apparently deprecated.

Reported by:	royger
Reviewed by:	emaste
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20852
2019-07-04 15:07:19 +00:00
bdrewery
3f7167a6b6 Consider *clean targets as non-build targets as well.
MFC after:	2 weeks
Sponsored by:	DellEMC
2019-07-04 14:51:44 +00:00
imp
688b6e2102 Implement missing MMCBR ivars
All MMCBR bridges have to implement all the MMCBR variables. This
implements them for everybody that currently doesn't.

A common routine for this should be written.
2019-07-04 14:15:04 +00:00
br
84fd1988a0 Negate the logic of XCHAN_CAP_NOBUFS macro and rename it to
XCHAN_CAP_BOUNCE.

The only application that uses bounce buffering for now is the Government
Furnished Equipment (GFE) P2's dma core (AXIDMA) with its own dedicated
cacheless bounce buffer.

Sponsored by:	DARPA, AFRL
2019-07-04 14:04:08 +00:00
luporl
dd2eb48e68 [PPC64] pseries llan: fix MAC address
There was an issue in pseries llan driver, that resulted in the first 2 bytes
of the MAC address getting stripped, and the last 2 being always 0.

In most cases the network interface still worked, despite the MAC being
different of what was specified to QEMU, but when some other host or DHCP
server expected a specific MAC, this would fail.

This change fixes this by shifting right by 2 the local-mac-address read from
device tree, if its length is 6 instead of 8, as observed in QEMU DT, that
always presents a 6 bytes value for this property.

PR:		237471
Reported by:	Alfredo Dal'Ava Junior
Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D20843
2019-07-04 12:31:24 +00:00
des
a26dd17d56 Upgrade Unbound to 1.9.2. 2019-07-04 08:40:10 +00:00
marcel
fb8867395a Lock busdma operations and serialize detach against open/close
Use sx to allow M_WAITOK allocations (suggested by markj).

admbugs: 782
Reviewed by:	markj
2019-07-04 02:51:34 +00:00
dougm
a95e42fe08 Eliminate a goto and a label in vm_map_wire_locked by inserting an 'else'.
Reviewed by: alc
Approved by: kib, markj (mentors, implicit)
Differential Revision: https://reviews.freebsd.org/D20845
2019-07-03 22:41:54 +00:00
markj
d4fcec0096 iwm: Drain callouts after stopping the device during detach.
Otherwise there is a window where they may be rescheduled.  This
typically manifested as a page fault shortly after unloading if_iwm.ko.
Close the race by draining callouts after calling iwm_stop_device(),
which is also what Dragonfly does.

Change whitespace to reduce gratuitous diffs with Dragonfly.

Reported and tested by:	seanc
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-07-03 21:05:40 +00:00
tijl
feea77f92b Fix path of lib32 libcasper.
Reported by:	jhb
MFC after:	1 week
2019-07-03 20:52:10 +00:00
emaste
b8dad683df correct pmap_ts_referenced return type
pmap_ts_referenced returns a count, not a boolean, and is supposed to
have int as the return type not boolean_t.

This worked previously because boolean_t is an int typedef.

Discussed with:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2019-07-03 19:59:56 +00:00
vangyzen
6e00d86b09 Save the last callout function executed on each CPU
Save the last callout function pointer (and its argument) executed
on each CPU for inspection by a debugger.  Add a ddb `show callout_last`
command to show these pointers.  Add a kernel module that I used
for testing that command.

Relocate `ce_migration_cpu` to reduce padding and therefore preserve
the size of `struct callout_cpu` (320 bytes on amd64) despite the
added members.

This should help diagnose reference-after-free bugs where the
callout's mutex has already been freed when `softclock_call_cc`
tries to unlock it.

You might hope that the pointer would still be available, but it
isn't.  The argument to that function is on the stack (because
`softclock_call_cc` uses it later), and that might be enough in
some cases, but even then, it's very laborious.  A pointer to the
callout is saved right before these newly added fields, but that
callout might have been freed.  We still have the pointer to its
associated mutex, and the name within might be enough, but it might
also have been freed.

Reviewed by:	markj jhb
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20794
2019-07-03 19:22:44 +00:00
markj
06e97e4aa5 Cache the next queue element when traversing a page queue.
When QUEUE_MACRO_DEBUG_TRASH is configured, removing a queue element
invalidates its queue linkage pointers.  vm_pageout_collect_batch()
was relying on these pointers remaining valid after a removal, so
modify it to fetch the next queued page before dequeuing the current
page.

Submitted by:	Don Morris <dgmorris@earthlink.net>
Reviewed by:	cem, vangyzen
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20842
2019-07-03 18:46:39 +00:00
seanc
88bb3225d5 bhyve/audio: don't leak resources on failed initialization.
Coverity CID:	1402793
Approved by:	markj, jhb, bhyve
Differential Revision:	https://reviews.freebsd.org/D20841
2019-07-03 17:24:24 +00:00
jhb
9a499315ee Use unmapped (M_NOMAP) mbufs for zero-copy AIO writes via TOE.
Previously the TOE code used its own custom unmapped mbufs via
EXT_FLAG_VENDOR1.  The old version always wired the entire AIO request
buffer first for the duration of the AIO operation and constructed
multiple mbufs which used the wired buffer as an external buffer.

The new version determines how much room is available in the socket
buffer and only wires the pages needed for the available room building
chains of M_NOMAP mbufs.  This means that a large AIO write will now
limit the amount of wired memory it uses to the size of the socket
buffer.

Reviewed by:	gallatin, np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20839
2019-07-03 16:06:11 +00:00
hselasky
e3f6cb45c4 Remove dead code added after r348743 in the LinuxKPI. The
LINUXKPI_VERSION macro is not defined for any compiled LinuxKPI code
which basically means __GFP_NOTWIRED is never checked when allocating
pages. This should work fine with the existing external DRM code as
long as the page wiring and unwiring is balanced.

MFC after:	3 days
Sponsored by:	Mellanox Technologies
2019-07-03 09:48:20 +00:00
tijl
ed60133519 Also remove lib32 versions of libradius.
MFC after:	1 week
2019-07-03 09:14:39 +00:00
tijl
09b4ac4fd9 Also remove lib32 version of libcasper.so.0. 2019-07-03 09:08:17 +00:00
tijl
2b2b5f90e9 Also remove lib32 version of libprivateifconfig after r344530. 2019-07-03 09:06:39 +00:00
ganbold
ee002f95a3 Subclass Rockchip's General Register Files driver from Simple MFD driver. 2019-07-03 03:42:51 +00:00
ganbold
1e4e8f244d Fix build error introduced by r349596. 2019-07-03 01:40:29 +00:00
markj
6bcf6e3fcb Remove the CDIOCREADSUBCHANNEL_SYSSPACE ioctl.
This was added for emulation of Linux's CDROMSUBCHNL, but allows
users with read access to a cd(4) device to overwrite kernel memory
provided that the driver detects some media present.

Reimplement CDROMSUBCHNL by bouncing the data from CDIOCREADSUBCHANNEL
through the linux_cdrom_subchnl structure passed from userspace.

admbugs:	768
Reported by:	Alex Fortune
Security:	CVE-2019-5602
Security:	FreeBSD-SA-19:11.cd_ioctl
2019-07-03 00:10:01 +00:00
emaste
fcc8c9e9b7 libc: correct iconv buffer overflow
admbugs:	920
Submitted by:	Andrea Venturoli, gabor
Reported by:	Andrea Venturoli <security@netfence.it>, NetFence
Security:	CVE-2019-5600
Security:	FreeBSD-SA-19:09.iconv
2019-07-02 23:56:37 +00:00
alc
b233a7ed74 Implement pmap_copy(). (This includes the changes applied to the amd64
pmap_copy() in r349585.)

Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D20790
2019-07-02 23:02:52 +00:00
jhb
54afd9642b Invoke ext_free function when freeing an unmapped mbuf.
Fix a mis-merge when extracting the unmapped mbuf changes from
Netflix's in-kernel TLS changes where the call to the function that
freed the backing pages from an unmapped mbuf was missed.

Sponsored by:	Chelsio Communications
2019-07-02 22:58:21 +00:00
jhb
cd1cca4ae5 Fix description of debug.obsolete_panic.
MFC after:	1 week
2019-07-02 22:57:24 +00:00