Commit Graph

257938 Commits

Author SHA1 Message Date
Ryan Libby
13d4f96130 shared shadow vm object invalidation regression test
Add a regression test for a scenario where a shadow vm object is shared
by multiple mappings.  If a page COW occurs through one of the mappings,
then the virtual-to-physical mapping may become invalidated.

This tests the scenario from CVE-2021-29626 which was fixed by
982693bb72.

Reviewed by:	markj
Sponsored by:	Dell EMC Isilon
2021-04-07 12:39:05 -07:00
Mariusz Zaborski
2b1d0c0087 fileargs: fix double caching of the same file
In situations when the current file name wasn't the first element on
the list we were cleaning the current name too early.
This might cause us to pre-cache the same file twice.
2021-04-07 21:16:37 +02:00
Alexander Motin
5a8d32b53b Add IDs for ASMedia ASM116x PCIe 3.0 AHCI controllers.
MFC after:	1 week
2021-04-07 15:09:56 -04:00
Yongbo Yao
5984246f96 Loader: support booting OS from memory disk (MD)
Until now, the boot image can be embedded into the loader with
/sys/tools/embed_mfs.sh, and memory disk (MD) is already supported
in loader source. But due to memory disk (MD) driver isn't registered
to the loader yet, the boot image can't be boot from embedded memory
disk.

Reviewed by:	dab, tsoome
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D29512
2021-04-07 13:40:57 -05:00
Mark Johnston
0f07c234ca Remove more remnants of sio(4)
Reviewed by:	imp
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29626
2021-04-07 14:33:02 -04:00
Mark Johnston
274579831b capsicum: Limit socket operations in capability mode
Capsicum did not prevent certain privileged networking operations,
specifically creation of raw sockets and network configuration ioctls.
However, these facilities can be used to circumvent some of the
restrictions that capability mode is supposed to enforce.

Add capability mode checks to disallow network configuration ioctls and
creation of sockets other than PF_LOCAL and SOCK_DGRAM/STREAM/SEQPACKET
internet sockets.

Reviewed by:	oshogbo
Discussed with:	emaste
Reported by:	manu
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29423
2021-04-07 14:32:56 -04:00
Eric van Gyzen
12db51d208 uefisign: handle empty sections
loader.efi has an empty set_Xfic section.  Handle it correctly.

```
Sections:
Idx Name          Size      VMA               LMA               File off  Algn
[...]
3 set_Xcom      00000168  00000000000d4000  00000000000d4000  000d0e00  2**2
	      CONTENTS, ALLOC, LOAD, DATA
4 set_Xfic      00000000  00000000000d4168  00000000000d4168  00000000  2**2
	      ALLOC, LOAD, DATA
5 .sdata        00000448  00000000000d5000  00000000000d5000  000d1000  2**2
	      CONTENTS, ALLOC, LOAD, DATA
[...]
```

Reviewed by:	trasz, dab
Reported by:	andy.y.liu@dell.com
Tested by:	andy.y.liu@dell.com
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D29606
2021-04-07 11:23:11 -05:00
Roman Bogorodskiy
066a576c5f ipfw: update man page example for nat show log
In d6164b77f8 the ability to show
ranges of nat log entries was removed.

PR:	254192
Reviewed by:	allanjude
2021-04-07 15:37:46 +00:00
Kristof Provost
f37667e235 pf tests: Test multi-wan rdr
This replicates an issue observed on pfSense: https://redmine.pfsense.org/issues/11436

In essence, reply-to is needed to ensure that connections always leave
the WAN interface they came in on, but this confused the state tracking.

MFC after:	2 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-04-07 17:03:20 +02:00
Kristof Provost
6d786845cf pf: Do not short-circuit processing for REPLY_TO
When we find a state for packets that was created by a reply-to rule we
still need to process the packet. The state may require us to modify the
packet (e.g. in rdr or nat cases), which we won't do with the shortcut.

MFC after:	2 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-04-07 17:03:17 +02:00
Kristof Provost
ab8d25880e libnv: Allow use in non-sleepable contexts
44c125c4ce switched the nvlist allocations
to be M_WAITOK, but this precludes the use in non-sleepable contexts.
(E.g. with a nonsleepable lock held).

All callers for these allocation functions already cope with memory
alloation failures, so there's no reason to allow sleeping during
allocations.

Reviewed by:	melifaro, oshogbo
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29556
2021-04-07 15:54:10 +02:00
Kurosawa Takahiro
5a5623397c pf tests: make synproxy and nat work correctly even if inetd is running
tests/sys/netfil/pf/synproxy fails if inetd has been running
outside of the jail because pidfile_open() fails with EEXIST.
tests/sys/netfil/pf/nat has the same problem but the test succeeds
because whether inetd is running is not so important.

Fix the problem by changing the pidfile path from the default
location.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D29622
2021-04-07 13:05:23 +02:00
Ka Ho Ng
86a52e262a Document vnode_pager_setsize(9)
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Reviewed by:	bcr
Approved by:	philip (mentor)
Differential Revision:	https://reviews.freebsd.org/D29408
2021-04-07 19:11:26 +08:00
Alex Richardson
2bca8aa7a7 libarchive: Make test_read_append_filter_wrong_program pass again
libarchive: Apply upstream commit a1b7bf8013fb7a11a486794247daae592db6f5ae

This fixes the failing test_read_append_filter_wrong_program test in CI
which has been failing since 01-Dec-2020.

Commit message from a1b7bf8013

    Silence stderr in test_read_append_filter_program

    When the FreeBSD testsuite runs the libarchive tests it checks that stderr
    is empty. Since #1382 this is no longer the case. This change restores
    the behaviour of silencing bunzip2 stderr but doesn't bring back the
    output text check.

    Partially reverts 2e7aa5d9

MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29036
2021-04-07 11:35:10 +01:00
Alex Richardson
83532eb68c tests/sys/net/routing: XFAIL the two failing tests
They have been failing for 1.5 months and the patch to fix them is stuck
in review so mark them as XFAIL for now to get Jenkins back to green.

To be reverted when https://reviews.freebsd.org/D28886 (or similar) is
commited.

Reviewed By:	kp
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29528
2021-04-07 10:34:22 +01:00
John-Mark Gurney
b8028f9d3c add Xr to the rc.d script... 2021-04-06 16:32:57 -07:00
Alexander Motin
ac503c194c Introduce "soft" serseq variant.
With new ZFS prefetcher improvements it is no longer needed to fully
serialize reads to reach decent prediction hit rate.  Softer variant
only creates small time window to reduce races instead of completely
blocking following reads while previous is running.  It much less
hurts the performance in case of prediction miss.

MFC after:	1 month
2021-04-06 17:27:16 -04:00
Mateusz Guzik
13b3862ee8 cache: update an assert on CACHE_FPL_STATUS_ABORTED
Since symlink support it can get upgraded to CACHE_FPL_STATUS_DESTROYED.

Reported by:	bdrewery
2021-04-06 22:31:58 +02:00
Rene Ladan
11f47f17e1 ports(7): update instructions for git
Reviewed by:	gjb, imp, lwhsu, mat
Differential Revision:	https://reviews.freebsd.org/D29502
2021-04-06 22:26:03 +02:00
Mark Johnston
2425f5e912 mount: Disallow mounting over a jail root
Discussed with:	jamie
Approved by:	so
Security:	CVE-2020-25584
Security:	FreeBSD-SA-21:10.jail_mount
2021-04-06 14:49:36 -04:00
Mark Johnston
982693bb72 vm_fault: Shoot down multiply mapped COW source page mappings
Reviewed by:	kib, rlibby
Discussed with:	alc
Approved by:	so
Security:	CVE-2021-29626
Security:	FreeBSD-SA-21:08.vm
2021-04-06 14:49:28 -04:00
Nathan Whitehorn
afb6a168f8 Allocate extra inodes in makefs when leaving free space in UFS images.
By default, makefs(8) has very few spare inodes in its output images,
which is fine for static filesystems, but not so great for VM images
where many more files will be added. Make makefs(8) use the same
default settings as newfs(8) when creating images with free space --
there isn't much point to leaving free space on the image if you
can't put files there. If no free space is requested, use current
behavior of a minimal number of available inodes.

Reviewed by:	manu
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D29492
2021-04-06 13:43:29 -04:00
Eric van Gyzen
9e6158d274 uefisign: fix handling of errors from child proc
Close the unused pipe file descriptors so the parent will notice if
the child exits prematurely.  Previously, the parent would block
forever on a read from the pipe.

    $ uefisign -c foo.cert -k foo.key -o loader.efi loader.efi.unsigned
    uefisign: section points inside the headers
    load: 0.06  cmd: uefisign 4502 [piperd] 7.25r 0.00u 0.00s 0% 5968k
    ... _sleep+0x1be pipe_read+0x3d6 kern_readv+0x8c sys_read+0x83 ...

Reviewed by:	trasz
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D29605
2021-04-06 12:13:59 -05:00
Marcin Wojtas
9857e00a52 pci_user: fix build for 32-bit platforms
Commit: f2f1ab39c0 ("pci_user: call bus_translate_resource before BAR mmap")
broke build for 32-bit platforms due to rman_res_t and vm_paddr_t
incompatible types. Fix that.
2021-04-06 18:50:36 +02:00
Marcin Wojtas
f2f1ab39c0 pci_user: call bus_translate_resource before BAR mmap
On some armv8 machines it is possible that the mapping between CPU
and PCI bus BAR base addresses is not 1:1. In case a BAR is allocated
in kernel using bus_alloc_resource_any this translation is handled in
ofw_pci_activate_resource.

Do the same in pci_user.c by calling bus_translate_resource devmethod.
This fixes mmaping BARs to userspace on Marvell SoCs (Armada 7k8k/CN913x)
and possibly many other platforms.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: kib
Obtained from: Semihalf
Sponsored by: Marvell
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D29604
2021-04-06 17:15:04 +02:00
Marcin Wojtas
1c1ead9b94 pciconf: Use VM_MEMATTR_DEVICE on supported architectures
Some architectures - armv7, armv8 and riscv use VM_MEMATTR_DEVICE
when mapping device registers in kernel. Do the same in pciconf.
On armada8k SoC all reads from BARs mapped with hitherto attribute
(VM_MEMATTR_UNCACHEABLE) return 0xff's.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: kib
Obtained from: Semihalf
Sponsored by: Marvell
Differential revision: https://reviews.freebsd.org/D29603
2021-04-06 17:00:05 +02:00
Marcin Wojtas
57dbb3c259 pci_dw: fix outbound I/O window configuration
Use viewport "2" instead of "0" and change window type from MEM to IO.
Without these changes the MEM ATU window can be overwritten with the IO one.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Obtained from: Semihalf
Sponsored by: Marvell
Differential revision: https://reviews.freebsd.org/D29516
2021-04-06 14:31:39 +02:00
Leandro Lupori
28d14569c8 powerpc64: add missing TLB invalidations to radix
Radix MMU code was missing TLB invalidations when some Level 3 PDEs were
modified. This caused TLB multi-hit machine check interrupts when
superpages were enabled.

Reviewed by:		jhibbits
MFC after:		2 weeks
Sponsored by:		Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D29511
2021-04-06 08:31:44 -03:00
Poul-Henning Kamp
6c709cbf03 Add Siemens SITOP UPS500S usb device 2021-04-06 10:56:27 +00:00
Stefan Eßer
b55a927bc8 [bc] Update to version 4.0.0
This version fixes an issue (missing pop of top-of-stack value in the
"P" command of the dc program).

This issue did not affect the bc program, since it does not use dc as
an back-end to actually perform the calculations as was the case with
the traditional bc and dc programs.

The major number has been bumped due to Windows support that has been
added to this version. It does not correspond to a major change that
might affect FreeBSD.

MFC after:   3 days
2021-04-06 11:57:07 +02:00
Stefan Eßer
7e5c51e523 Merge commit '7a590c074ceede12b2b6e794f8703d6fa5749918'
Update to version 4.0.0

This version fixes an issue (missing pop of top-of-stack value in the
"P" command of the dc program).

This issue did not affect the bc program, since it does not use dc as
an back-end to actually perform the calculations as was the case with
the traditional bc and dc programs.

The major number has been bumped due to Windows support that has been
added to this version. It does not correspond to a major change that
might affect FreeBSD.
2021-04-06 10:48:09 +02:00
Stefan Eßer
7a590c074c Vendor import of Gavin D. Howard's bc version 4.0.0 2021-04-06 10:44:52 +02:00
Warner Losh
42cd37dfbd gptboot.efi: Add man page
Add a man page for gptboot.efi. Describe when and how to use this as it differs
from the BIOS cases. Include cross reference for the preferred method described
in efibootmgr(8) as well as cross links in both gptboot(8) and gptboot.efi(8) to
the other.

This man page was heavily copied from the gptboot.8 man page by Warren Block.
They are different enough to need separate man pages for clarity, but there's
enough similarity that I worry about the duplication. In the really long term,
gptboot(8) will disappear, so having the same info here will help when that
day comes. In the short to medium term, the information is likely to not
change in gptboot(8) and any changes to gptboot.efi(8) will be easier to
make in a separate copy.

loader.efi(8) needs a complete rewrite from scratch, otherwise I'd have
referenced gptboot.efi(8) from there.

Suggetions from:	cress@, mhorne@
Reviewed by:		rpokala@
Differential Revision:	https://reviews.freebsd.org/D29591
2021-04-05 23:57:57 -06:00
Philip Paeps
e5fc416c28 bsdinstall: remove ftp7.ua.freebsd.org mirror
PR:		254779
Reported by:	Dmytro <dima@dima.rv.ua>
2021-04-06 10:32:52 +08:00
Philip Paeps
e270eebc97 bsdconfig: remove ftp7.ua.freebsd.org mirror
PR:		254779
Reported by:	Dmytro <dima@dima.rv.ua>
2021-04-06 10:32:23 +08:00
Konstantin Belousov
5b3b19db73 linuxkpi: remove erronously committed diff save file
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:42:13 +03:00
Konstantin Belousov
8011fb795b linuxkpi: drop single-use variable
Reviewed by:	hselasky
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:38:29 +03:00
Konstantin Belousov
f6b108837e linuxkpi: avoid counting per-thread use for the embedded linux cdevs
The counter is not used to control destroy.

Reviewed by:	hselasky
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:38:29 +03:00
Konstantin Belousov
7f9867f8c6 linuxkpi: do not destroy/free embedded linux cdevs
They have their own lifetime managed by the containing objects.
Premature and unexpected free causes corruption.

Reviewed by:	hselasky
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:38:29 +03:00
Konstantin Belousov
28b482e2ba linuxkpi: rename cdev to ldev
the variables hold pointers to a linux_cdev, not to a FreeBSD cdev.

Reviewed by:	hselasky
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:38:28 +03:00
Konstantin Belousov
7b0125cbec linuxkpi: copy ldev into local to test and free the same pointer
Reviewed by:	hselasky
Sponsored by:	Mellanox Technologies/NVidia Networking
MFC after:	1 week
2021-04-06 03:38:28 +03:00
Konstantin Belousov
d36d681615 rtld dl_iterate_phdr(): dlpi_tls_data is wrong
dl_iterate_phdr() dlpi_tls_data should provide the TLS module segment
address, and not the TLS init segment address as it does now.

Reported by:	emacsray@gmail.com
PR:	254774
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-04-06 03:23:08 +03:00
Mark Johnston
843d16436d qat: Make prototypes consistent with the implementation
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2021-04-05 16:30:00 -04:00
Mark Johnston
3b666932d4 libc: Fix the WITH_HESIOD build
Reported by:	Daniel Braniss <danny@cs.huji.ac.il>
MFC after:	1 week
2021-04-05 16:30:00 -04:00
Krzysztof Galazka
20a52706c8 ixl(4): Add tunable to override Flow Control settings
Add flow_control to hw.ixl tunables tree to let override
initial flow control configuration for all interfaces.
Keep using configuration set by NVM by default.

Reviewed by:	erj@, gallatin@
Tested by:	gowtham.kumar.ks_intel.com
MFC after:	1 week
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D29338
2021-04-05 11:17:55 -07:00
Ed Maste
741223a65c freebsd-update: improve mandoc db generation
freebsd-update compares the dates on man pages with mandoc.db, and if
any newer pages are found it regenerates mandoc.db.

Previously, if mandoc.db did not already exist the check failed and
freebsd-update then failed to create one.  Now, check that mandoc.db
exists before performing the check for newer pages.

Reported by:	bdrewery (in D10482)
Reviewed by:	gordon
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29575
2021-04-05 13:23:37 -04:00
Ed Maste
4bbfa3d3ba release: move installworld before installkernel
To support -DNO_ROOT work.  The top-level installworld target creates a
new METALOG starting with `#mtree 2.0` so it needs to be first, to avoid
overwriting installkernel METALOG entries.

Reviewed by:	gjb
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29582
2021-04-05 13:16:01 -04:00
Brandon Bergren
0c9f52d4ce powerpc: Fix programmer's switch driver and add to GENERIC
Older G4 and G3 models have a programmer's switch that can be used to
generate an interrupt to drop into the debugger.

This code hadn't been tested for a long time. It had been broken back
in 2005 in r153050.

Repair and modernize the code and add it to GENERIC.

Reviewed by:	jhibbits (approved w/ removal of unused sc_dev var)
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D29131
2021-04-05 12:04:12 -05:00
Chuck Tuffli
f30f11f878 wait for device mounts in zpool and dumpon
If the root file system is composed from multiple devices, wait for
devices to be ready before running zpool and dumpon rc scripts.

An example of this is if the bulk of the root file system exists on a
fast device (e.g. NVMe) but the /var directory comes from a ZFS dataset
on a slower device (e.g. SATA). In this case, it is possible that the
zpool import may run before the slower device has finished being probed,
leaving the system in an intermediate state.

Fix is to add root_hold_wait to the zpool and dumpon (which has a
similar issue) rc scripts.

PR:		242189
Reported by:	osidorkin@gmail.com
Reviewed by:	allanjude
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D29101
2021-04-05 09:25:04 -07:00
Edward Tomasz Napierala
015351de04 rc: make ctld depend on NETWORKING
This fixes a problem where ctld(8) would refuse to start on boot
with a specific IP address to listen on configured in ctl.conf(5).
It also fixes a problem where ctld(8) would fail to start with
some network interfaces which require a sysctl.conf(5) tweak
to configure them, eg to switch them from InfiniBand to IP mode.

PR:		232397
Reported By:	Mahmoud Al-Qudsi <mqudsi at neosmart.net>
Submitted By:	Jeremy Faulkner <gldisater at gmail.com>
Reviewed By:	mav
Differential Revision:	https://reviews.freebsd.org/D29578
2021-04-05 16:40:54 +01:00