Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
Reviewed by: emaste, ed, oshogbo, delphij
Approved by: so
MFC after: 3 days
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7358
the l2 entry is a block type and not an l3 page.
While here fix the string to correct the level name and add a missing ')'.
Obtained from: ABT Systems Ltd
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
syscons spinlock for the output routine alone. It is better to extend
the coverage of the first syscons spinlock added in r162285. 2 locks
might work with complicated juggling, but no juggling was done. What
the 2 locks actually did was to cover some of the missing locking in
each other and deadlock less often against each other than a single
lock with larger coverage would against itself. Races are preferable
to deadlocks here, but 2 locks are still worse since they are harder
to understand and fix.
Prefer deadlocks to races and merge the second lock into the first one.
Extend the scope of the spinlocking to all of sc_cnputc() instead of
just the sc_puts() part. This further prefers deadlocks to races.
Extend the kdb_active hack from sc_puts() internals for the second lock
to all spinlocking. This reduces deadlocks much more than the other
changes increases them. The s/p,10* test in ddb gets much further now.
Hide this detail in the SC_VIDEO_LOCK() macro. Add namespace pollution
in 1 nested #include and reduce namespace pollution in other nested
#includes to pay for this.
Move the first lock higher in the witness order. The second lock was
unnaturally low and the first lock was unnaturally high. The second
lock had to be above "sleepq chain" and/or "callout" to avoid spurious
LORs for visual bells in sc_puts(). Other console driver locks are
already even higher (but not adjacent like they should be) except when
they are missing from the table. Audio bells also benefit from the
syscons lock being high so that audio mutexes have chance of being
lower. Otherwise, console drviver locks should be as low as possible.
Non-spurious LORs now occur if the bell code calls printf() or is
interrupted (perhaps by an NMI) and the interrupt handler calls
printf(). Previous commits turned off many bells in console i/o but
missed ones done by the teken layer.
tso_segsz pkthdr field during RX processing, and use the information in TCP for
more correct accounting and as a congestion control input. This is only a start,
and an audit of other uses for the data is left as future work.
Reviewed by: gallatin, rrs
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D7564
set later in the function. This fixes a potential NULL pointer dereference
found on arm64.
Obtained from: ABT Systems Ltd
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
to what the 32-bit arm code does, with the exception that it always assumes
the tag is non-coherent.
Tested by: jmcneill
Obtained from: ABT Systems Ltd
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Change the vnode tests to use the current directory when creating temporary
files, which we can assume is a volatile work directory, and then make the
kqueue_test.sh driver _not_ abandon the directory created by Kyua.
This makes the various kqueue tests independent of each other, and ensures
the temporary file is cleaned up on failure.
Problem spotted by asomers@ when reviewing D4254.
- Increasing queue depth gives ~100% performance improvement for
randwrite fio test in Azure.
- New channel selection, which takes LUN id and the current cpuid
into consideration, gives additional ~20% performance improvement
for ranwrite fio test in Azure.
Submitted by: Hongzhang Jiang <honzhan microsoft com>
Modified by: sephe
MFC after: 1 week
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D7622
Decouple the send and receive limits on the amount of data in a single
iSCSI PDU. MaxRecvDataSegmentLength is declarative, not negotiated, and
is direction-specific so there is no reason for both ends to limit
themselves to the same min(initiator, target) value in both directions.
Allow iSCSI drivers to report their send, receive, first burst, and max
burst limits explicitly instead of using hardcoded values or trying to
derive all of them from the receive limit (which was the only limit
reported by the drivers prior to this change).
Display the send and receive limits separately in the userspace iSCSI
utilities.
Reviewed by: jpaetzel@ (earlier version), trasz@
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D7279
1. Use the leap-seconds version number (update time) to determine
whether to update the file or not.
2. If the version numbers of the files is the same, use the later
expiry date to determine which file to use.
Suggested by: ian@
MFC after: 1 day
to leap-seconds invaldidates validation hash at the end of the file.
Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.
MFC after: 1 day
indicate (potentially partial) success of the open. Use these to
decide what to close in sccnclose(). Only grab/ungrab use open/close
so far.
Add a per-sc variable to count successful keyboard opens and use
this instead of the grab count to decide if the keyboad state has
been switched.
Start fixing the locking by using atomic ops for the most important
counter -- the grab level one. Other racy counting will eventually
be fixed by normal mutex or kdb locking in most cases.
Use a 2-entry per-sc stack of states for grabbing. 2 is just enough
to debug grabbing, e.g., for gets(). gets() grabs once and might not
be able to do a full (or any) state switch. ddb grabs again and has
a better chance of doing a full state switch and needs a place to
stack the previous state. For more than 3 levels, grabbing just
changes the count. Console drivers should try to switch on every i/o
in case lower levels of nesting failed to switch but the current level
succeeds, but then the switch (back) must be completed on every i/o
and this flaps the state unless the switch is null. The main point
of grabbing is to make it null quite often. Syscons grabbing also
does a carefully chosen screen focus that is not done on every i/o.
Add a large comment about grabbing.
Restore some small lost comments.
- in sccnopen(), open the keyboard before the screen. The keyboard
currently requires Giant (although it must be spinlocked to work
correctly as a console), so the previous order would be a LOR if
it has any semblance of locking.
- add a (currently dummy) state arg to scgetc().
As the support for large blocks was enabled in loader zfs code, the
heap in userboot was left not changed, resulting with failure of detecting
and accessing zfs pools for bhyve virtual machines.
This fix does set the heap to use same amount of memory as the zfsloader
is using. To make it possible to test and verify loader functions, bhyve
is providing very useful option, but it also means, we like to keep feature
parity with [zfs]loader as close as possible.
PR: 212038
Reported by: dfh0522@gmail.com
Reviewed by: allanjude, grehan
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D7635
The issue was introduced with adding support for salted checksums, and
was revealed by bhyve userboot.so.
During pool discovery the loader is reading pool label from disks, and
at that time the spa structure is not yet set up, so the NULL pointer
is passed for spa. This condition must be checked to avoid the corruption
of the memory and NULL pointer dereference.
PR: 212114
Reported by: tsoome@freebsd.com
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D7634
needed before enabling superpages on arm64. This code is based on the amd64
pmap with changes as needed to handle the differences between the two
architectures.
Obtained from: ABT Systems Ltd
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).
This commit addresses the tmpdir selection vulnerability fixed in
sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.
Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
Security: CVE-2016-6153
iterate over superpages. We don't yet create these, but soon will.
Obtained from: ABT Systems Ltd
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Where the cloudabi64 kernel can be used to execute 64-bit CloudABI
binaries, this one should be used for 32-bit binaries. Right now it
works on i386 and amd64.
A nice thing about requiring a vDSO is that it makes it incredibly easy
to provide full support for running 32-bit processes on 64-bit systems.
Instead of letting the kernel be responsible for composing/decomposing
64-bit arguments across multiple registers/stack slots, all of this can
now be done in the vDSO. This means that there is no need to provide
duplicate copies of certain system calls, like the sys_lseek() and
freebsd32_lseek() we have for COMPAT_FREEBSD32.
This change imports a new vDSO from the CloudABI repository that has
automatically generated code in it that copies system call arguments
into a buffer, padding them to eight bytes and zero-extending any
pointers/size_t arguments. After returning from the kernel, it does the
inverse: extracting return values, in the process truncating
pointers/size_t values to 32 bits.
Obtained from: https://github.com/NuxiNL/cloudabi
The native CloudABI data types header file used to be pulled in by the
vDSOs when they were still written in C. Since they are now all
rewritten in assembly, this can go away.
In all of these source files, the userspace pointer size corresponds
with the kernelspace pointer size, meaning that casting directly works.
As I'm planning on making 32-bit execution on 64-bit systems work as
well, use TO_PTR() here as well, so that the changes between source
files remain minimal.
Some of the ls(1) tests create really large sparse files to validate
the number formatting features of ls(1). Unfortunately, those tests fail
if the underlying test file system does not support sparse files, as is the
case when /tmp is mounted on tmpfs.
Before running these tests, check if the test file system supports sparse
files by using getconf(1) and skip them if not. Note that the support for
this query was just added to getconf(1) in r304694.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D7609
