Fix possible integer overflow in guest memory bounds checking, which could
lead to access from the virtual machine to the heap of the bhyve(8) process.
Submitted by: Felix Wilhelm <fwilhelm ernw.de>
Patch by: grehan
Security: FreeBSD-SA-16:38.bhyve
Fix possible buffer overflow(s) in link_ntoa(3).
A specially crafted sockaddr_dl argument can trigger a static buffer overflow
in the libc library, with possibility to rewrite with arbitrary data following
static buffers that belong to other library functions.
Reviewed by: kib
Security: FreeBSD-SA-16:37.libc
When telnetd(8) composes argument list for login(1), an unexpected sequence
of memory allocation failures combined with insufficient error checking
could result in the construction and execution of an argument sequence that
was not intended.
Fix that treating malloc(3) failures as fatal condition.
Submitted by: brooks
Security: FreeBSD-SA-16:36.telnetd
Cleanup old debug dirs in delete-old-dirs target
Any .debug or .symbols files under /usr/lib/debug which correspond to
OLD_FILES entries in ObsoleteFiles.inc are also automatically cleaned up
by the delete-old target. Make this also apply to any OLD_DIRS entries.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D8683
There are 4 independent knobs in T5+ chips to include or exclude PAUSE
frames from the "total frames" and "multicast frames" counters in either
direction. This change lets the driver deal with any combination of
these settings.
cxgbe(4): Fix bug in the calculation of the number of physically
contiguous regions in an mbuf chain.
If the payload of an mbuf ends at a page boundary count_mbuf_nsegs would
incorrectly consider the next mbuf's payload physically contiguous based
solely on a KVA comparison.
306821:
cxgbe(4): Add an ioctl to copy a firmware config file to the card's flash.
306823:
cxgbetool: Add a loadcfg subcommand to allow a user to upload a firmware
configuration file to the card.
305908,306062,306063,306137,306138,306206,306216,306273,306295,306301,
306465,309302:
Add support for adapters using the Terminator T6 ASIC.
305695:
cxgbe(4): Set up fl_starve_threshold2 accurately for T6.
305696:
cxgbe(4): Use correct macro for header length with T6 ASICs. This
affects the transmit of the VF driver only.
305699:
cxgbe(4): Update the pad_boundary calculation for T6, which has a
different range of boundaries.
305702:
cxgbe(4): Use smaller min/max bursts for fl descriptors with a T6.
305703:
cxgbe(4): Deal with the slightly different SGE_STAT_CFG in T6.
305713:
cxgbe(4): Add support for additional port types and link speeds.
305715:
cxgbe(4): Catch up with the rename of tlscaps -> cryptocaps. TLS is one
of the capabilities of the crypto engine in T6.
305827:
cxgbe(4): Use the interface's viid to calculate the PF/VF/VFValid fields
to use in tx work requests.
305852:
cxgbe(4): Attach to cards with the Terminator 6 ASIC. T6 cards will
come up as 't6nex' nexus devices with 'cc' ports hanging off them.
The T6 firmware and configuration files will be added as soon as they
are released. For now the driver will try to work with whatever
firmware and configuration is on the card's flash.
305906:
cxgbe/t4_tom: The SMAC entry for a VI is at a different location in the T6.
305908:
cxgbe/t4_tom: Update the active/passive open code to support T6. Data
path works as-is.
306062:
cxgbe(4): Show wcwr_stats for T6 cards.
306063:
cxgbe(4): Setup congestion response for T6 rx queues.
306137:
cxgbetool: Add T6 support to the SGE context decoder.
306138:
Fix typo.
306206:
cxgbe(4): Catch up with the different layout of WHOAMI in T6.
Note that the code moved below t4_prep_adapter() as part of this change
because now it needs a working chip_id().
306216:
cxgbe(4): Fix the output of the "tids" sysctl on T6.
306273:
cxgbe(4): Fix netmap with T6, which doesn't encapsulate SGE_EGR_UPDATE
message inside a FW_MSG. The base NIC already deals with updates in
either form.
306295:
cxgbe(4): Support SIOGIFXMEDIA so that ifconfig displays correct media
for 25Gbps and 100Gbps ports. This should have been part of r305713,
which is when the driver first started reporting extended media types.
306301:
cxgbe(4): Use the port's top speed to figure out whether it is "high
speed" or not (for the purpose of calculating the number of queues etc.)
This does the right thing for 25Gbps and 100Gbps ports.
306465:
cxgbe(4): Claim the T6 -DBG card.
309302:
cxgbe(4): Include firmware for T6 cards in the driver. Update all
firmwares to 1.16.12.0.
Sponsored by: Chelsio Communications
cxgbe/t4_tom: toepcb should be all-zero on allocation because the code
that cleans up on failure assumes that non-NULL values indicate
initialized items.
303688:
cxgbe/t4_tom: Read the chip's DDP page sizes and save them in a
per-adapter data structure. This replaces a global array with hardcoded
page sizes.
303750:
cxgbe/t4_tom: The page pod arena allocates from pod address space and
not index space. The minimum valid allocation out of this arena is the
size of a single page pod.
305166:
cxgbe/t4_tom: Add general purpose routines to deal with page pod regions
and allocations within them. Switch to these routines to manage the TOE
DDP region.
305167:
cxgbe/t4_tom: Two new routines to allocate and write page pods for a
buffer in the kernel's address space.
Sponsored by: Chelsio Communications
For RTT calculations mid-session, we explicitly ignore ACKs with tsecr of 0 as
many borken middle-boxes tend to do that. But during 3whs, in syncache_expand(),
we don't do that which causes us to send a RST to such a client. Relax this
constraint by only using tsecr to compare against timestamp that we sent when it
is not 0. As a result, we'd now accept the final ACK of 3whs with tsecr of 0.
Sponsored by: Limelight Networks
O_NOFOLLOW.
We return [EMLINK] instead of [ELOOP] when trying to open a symlink with
O_NOFOLLOW, so that the original case of [ELOOP] can be distinguished. Code
like cmp -h and xz takes advantage of this.
PR: 214633
Modify umount so that it does not do an Unmount RPC for NFSv4 mounts
and uses TCP for the Unmount RPC if the mount is over TCP.
Without this patch, umount does an Unmount RPC over UDP for all NFS mounts.
Check for lengths being <= 0. Note that this interface can only
be accessed by root. It uses unsigned ints instead of size_t
to preserve the ABI.
PR: 207627
Fix getfsstat(2) with MNT_WAIT to not skip filesystems that are in the
process of being unmounted. Previously it would skip them, even if the
unmount eventually failed eg due to the filesystem being busy.
This behaviour broke autounmountd(8) - if you tried to manually unmount
a mounted filesystem, using 'automount -u', and the autounmountd attempted
to refresh the filesystem list in that very moment, it would conclude that
the filesystem got unmounted and not try to unmount it afterwards.
Fix getfsstat(2) handling of flags. The 'flags' argument is an enum,
not a bitfield. For the intended usage - being passed either MNT_WAIT,
or MNT_NOWAIT - this shouldn't introduce any changes in behaviour.
[evdev] Add evdev support to kbdmux(4) driver
To enable event sourcing from kbdmux(4) kern.evdev.rcpt_mask value
should have bit 1 set (this is default)
Submitted by: Vladimir Kondratiev <wulf@cicgroup.ru>
Differential Revision: https://reviews.freebsd.org/D8437
Don't build :strvis_locale if VIS_NOLOCALE is undefined
The copy of contrib/libc-vis on ^/stable/10 doesn't contain all of the features
in the ^/stable/11 // ^/head version, including VIS_NOLOCALE. The risk is lower
in conditionally running the test instead of backporting the newer version of
libc-vis
Restore pathing for factor(1), which unnecessarily diverged in r278616
factor lives in /usr/games/, not /usr/bin, in NetBSD.
The correct way to handle this is do on-the-fly manipulation of the test
script via ATF_TESTS_SH_SED_<foo>, not by modify the pathing directly in
the test script.
This is being done to resolve an unnecessary conflict made when pulling
back ^/head@r309469 (contrib/netbsd-tests update) to ^/stable/10.
No functional change
Fix lib/libc/rpc test assumptions added in r305358
- Require root in the tcp/udp subtests (it's needed on FreeBSD when
registering services).
- Skip the tests if service registration fails.
r304797 (by jmmv):
Make use of Kyua's work directories.
Change the vnode tests to use the current directory when creating temporary
files, which we can assume is a volatile work directory, and then make the
kqueue_test.sh driver _not_ abandon the directory created by Kyua.
This makes the various kqueue tests independent of each other, and ensures
the temporary file is cleaned up on failure.
Problem spotted by asomers@ when reviewing D4254.
r305467:
Move tests/sys/kqueue/... to tests/sys/kqueue/libkqueue/...
This is being done to clearly distinguish the libkqueue tests
from the (soon to be imported) NetBSD tests.
r305468:
Port contrib/netbsd-tests/kernel/kqueue/... as tests/sys/kqueue/...
proc2_test must be skipped because the invariant tested
(`ke.fflags & NOTE_TRACKERR`) doesn't pass.
r305483:
Fix tests/sys/kqueue NetBSD tests on 32-bit platforms by using proper
format specifier for pointers when printing them out with printf(3)
Pointyhat to: ngie
Update contrib/netbsd-tests with new content from NetBSD
This updates the snapshot from 09/30/2014 to 08/11/2016
This brings in a number of new testcases from upstream, most
notably:
- bin/cat
- lib/libc
- lib/msun
- lib/libthr
- usr.bin/sort
lib/libc/tests/stdio/open_memstream_test.c was moved to
lib/libc/tests/stdio/open_memstream2_test.c to accomodate
the new open_memstream test from NetBSD.
Tested on: amd64 (VMware fusion VM; various bare metal platforms); i386 (VMware fusion VM); make tinderbox
cxgbe(4): Initialize the adapter queues (fwq and mgmtq) instead of
returning EAGAIN if they aren't available when the user tries to program
a filter. Do this after validating the filter so that the driver
doesn't bring up the queues if it doesn't have to.
302440:
cxgbe(4): Add sysctl to display the RSS indirection table size for an
interface.
dev.cxl.<n>.rss_size
dev.vcxl.<n>.rss_size
304873:
cxgbe(4): Provide more details about the card in the sysctl MIB.
dev.t5nex.0.%desc: Chelsio T580-CR
dev.t5nex.0.hw_revision: 1
dev.t5nex.0.sn: PT13140042
dev.t5nex.0.pn: 110117150A0
dev.t5nex.0.ec: 0000000000000000
dev.t5nex.0.na: 0007432AF490
dev.t5nex.0.vpd_version: 3
dev.t5nex.0.scfg_version: 53255
dev.t5nex.0.bs_version: 1.1.0.0
dev.t5nex.0.er_version: 1.0.0.68
dev.t5nex.0.tp_version: 0.1.4.9
dev.t5nex.0.firmware_version: 1.16.2.0
305704:
cxgbe(4): Rename the debug_flags driver tunable/sysctl to dflags.
Tunables that end with _flags are special.
305985:
cxgbe(4): Fixes to wrq stats.
- Increment tx_wrs_copied in the correct place.
- Add tx_wrs_sspace to the sysctl MIB.
306787:
cxgbe(4): Fix whitespace in the pm_stats display.
307531:
cxgbe(4): Adjust whitespace to line up the column titles in cim_qcfg
with the values displayed.
Sponsored by: Chelsio Communications
- Return appropriate error code instead of ENOMEM when sosend() fails in
send_mpa_req.
- Fix for problematic race during destroy_qp.
- Abortive close in the failure of send_mpa_reject() instead of normal close.
- Remove the unnecessary doorbell flowcontrol logic.
Sponsored by: Chelsio Communications
The other CPU might resume and see a still-empty runq and go back to
sleep before sched_add() adds the thread to the runq. This results
in a lost wakeup and a potential hang if the system is otherwise
completely idle.
The race originated due to a micro-optimization (my fault) in 4BSD in
that it avoided putting a thread on the run queue if the scheduler was
going to preempt to the new thread. To avoid complexity while fixing
this race, just drop this optimization. 4BSD now always sets the
"owepreempt" flag when a preemption is warranted and defers the actual
preemption to the thread_unlock of the caller the same as ULE.
Use the same logic to calculate the nominal CPU frequency from the P-state
MSRs on family 0x12, 0x15, and 0x16 CPUs as is used for family 0x10.
Family 0x14 was included in the original patch in the PR but I left that
out as the BIOS writer's guide for family 0x14 CPUs show a different layout
for the relevant MSR and include a different formulate for calculating the
frequency.
While here, simplify a few expressions and print out the family of
unsupported CPUs in hex rather than decimal.
PR: 212020
303753:
Don't permit mappings of invalid physical addresses on amd64 via /dev/mem.
308004:
MFamd64: Add bounds checks on addresses used with /dev/mem.
Reject attempts to read from or memory map offsets in /dev/mem that are
beyond the maximum-supported physical address of the current CPU.
bhyve: stability and performance improvement for dbgport
The TCP server implementation in dbgport does not track clients, so it
may try to write to a disconected socket resulting in SIGPIPE.
Avoid that by setting SO_NOSIGPIPE socket option.
Because dbgport emulates an I/O port to guest, the communication is done
byte by byte. Reduce latency of the TCP/IP transfers by using
TCP_NODELAY option. In my tests that change improves performance of
kgdb commands with lots of output (e.g. info threads) by two orders of
magnitude.
A general note. Since we have a uart emulation in bhyve, that can be
used for the console and gdb access to guests. So, bvmconsole and bvmdebug
could be de-orbited now. But there are many existing deployments that
still dependend on those.
Discussed with: julian, jhb
Sponsored by: Panzura
slite style changes. There is an incoming patch that rewrites a
lot of this module and I want to get the style and whitespace changes in
a separate commit (or maybe more).
PR: 206185
Submitted by: Dmitry Vagin
