Commit Graph

318 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
e55624c605 Implement support for online disk capacity changes.
Obtained from:	Fudo Security
Tested in:	AWS
2019-03-30 07:20:28 +00:00
Konstantin Belousov
10d9120c44 Change the vm_ooffset_t type to unsigned.
The type represents byte offset in the vm_object_t data space, which
does not span negative offsets in FreeBSD VM.  The change matches byte
offset signess with the unsignedness of the vm_pindex_t which
represents the type of the page indexes in the objects.

This allows to remove the UOFF_TO_IDX() macro which was used when we
have to forcibly interpret the type as unsigned anyway.  Also it fixes
a lot of implicit bugs in the device drivers d_mmap methods.

Reviewed by:	alc, markj (previous version)
Tested by:	pho
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-12-02 13:16:46 +00:00
Roger Pau Monné
5ff6c7f363 xen: temporary disable SMAP when forwarding hypercalls from user-space
The Xen page-table walker used to resolve the virtual addresses in the
hypercalls will refuse to access user-space pages when SMAP is enabled
unless the AC flag in EFLAGS is set (just like normal hardware with
SMAP support would do).

Since privcmd allows forwarding hypercalls (and buffers) from
user-space into Xen make sure SMAP is temporary disabled for the
duration of the hypercall from user-space.

Approved by:		re (gjb)
Sponsored by:		Citrix Systems R&D
2018-09-13 07:15:02 +00:00
Kristof Provost
903eaa68f1 xen/netfront: Ensure curvnet is set
netfront_backend_changed() is called from the xenwatch_thread(), which means
that the curvnet is not set. We have to set it before we can call things like
arp_ifinit().

PR:		230845
2018-08-23 16:52:52 +00:00
Alan Somers
6040822c4e Make timespecadd(3) and friends public
The timespecadd(3) family of macros were imported from NetBSD back in
r35029. However, they were initially guarded by #ifdef _KERNEL. In the
meantime, we have grown at least 28 syscalls that use timespecs in some
way, leading many programs both inside and outside of the base system to
redefine those macros. It's better just to make the definitions public.

Our kernel currently defines two-argument versions of timespecadd and
timespecsub.  NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
three-argument versions.  Solaris also defines a three-argument version, but
only in its kernel.  This revision changes our definition to match the
common three-argument version.

Bump _FreeBSD_version due to the breaking KPI change.

Discussed with:	cem, jilles, ian, bde
Differential Revision:	https://reviews.freebsd.org/D14725
2018-07-30 15:46:40 +00:00
Roger Pau Monné
5477025a10 xen/grants: fix deadlocks in the free callbacks
This fixes the panic caused by deadlocking when grant-table free
callbacks are used.

The cause of the recursion is: check_free_callbacks() is always called
with the lock gnttab_list_lock held. In turn the callback function is
also called with the lock held. Then when the client uses any of the grant
reference methods which also attempt the lock the gnttab_list_lock
mutex from within the free callback a deadlock happens.

Fix this by making the gnttab_list_lock recursive.

Submitted by:		Pratyush Yadav <pratyush@freebsd.org>
Differential Revision:	https://reviews.freebsd.org/D16505
2018-07-30 11:41:51 +00:00
Roger Pau Monné
83c2fa73e6 xen-blkfront: fix memory leak in xbd_connect error path
If gnttab_grant_foreign_access() fails for any of the indirection
pages, the code breaks out of both the loops without freeing the local
variable indirectpages, causing a memory leak.

Submitted by:		Pratyush Yadav <pratyush@freebsd.org>
Differential Review:	https://reviews.freebsd.org/D16136
2018-07-30 11:27:51 +00:00
Roger Pau Monné
8b19549b0e xen-blkfront: fix length check
Length is an unsigned integer, so checking against < 0 doesn't make
sense. While there also make clear that a length of 0 always succeeds.

Submitted by:		Pratyush Yadav <pratyush@freebsd.org>
Differential Review:	https://reviews.freebsd.org/D16045
2018-07-30 11:15:20 +00:00
Roger Pau Monné
3653af112f xen: attach the PV CPU if no CPU device is present
When booted as PVHv2, there's no ACPI CPU object, so attach the PV CPU
device in order to take it's place.

This is required in case some device or driver tries to poke at the
PCPU device field.

Sponsored by: Citrix Systems R&D
2018-07-19 08:00:52 +00:00
Roger Pau Monné
fa60904232 xen: do not limit PV console usage to PV guests
The Xen PV console is also available to HVM and PVHv2 guests, so don't
limit the console usage to PV guests only.

Sponsored by: Citrix Systems R&D
2018-07-19 07:58:24 +00:00
Roger Pau Monné
cfa0b7b82f xen: remove direct usage of HYPERVISOR_start_info
HYPERVISOR_start_info is only available to PV and PVHv1 guests, HVM
and PVHv2 guests get this data from HVM parameters that are fetched
using a hypercall.

Instead provide a set of helper functions that should be used to fetch
this data. The helper functions have different implementations
depending on whether FreeBSD is running as PVHv1 or HVM/PVHv2 guest
type.

This helps to cleanup generic Xen code by removing quite a lot of
xen_pv_domain and xen_hvm_domain macro usages.

Sponsored by:	Citrix Systems R&D
2018-07-19 07:54:45 +00:00
Roger Pau Monné
d9b664fd45 xen-netback: fix LOR
lock order reversal: (sleepable after non-sleepable)
 1st 0xfffffe00357ff538 xnb_softc (xen netback softc lock) @ /usr/src/sys/dev/xen/netback/netback.c:1069
 2nd 0xffffffff81fdccb0 intrsrc (intrsrc) @ /usr/src/sys/x86/x86/intr_machdep.c:224

There's no need to hold the lock since the cleaning of the interrupt
cannot happen in parallel due to the XNBF_IN_SHUTDOWN flag being set.
Note that the locking in netback needs some improvement or
clarification.

While there also remove a double newline.

Sponsored by:   Citrix Systems R&D
2018-06-26 14:07:11 +00:00
Roger Pau Monné
de06f02ea4 xen: check if there are clients waiting in gnttab_end_foreign_access_references
Without a call to check_free_callbacks() clients waiting for grant
references would not be woken up even when there are sufficient grant
references available.

The check was likely left out as a mistake when the function was first
added.

Note that other functions used to free grant references already call
check_free_callbacks.

Submitted by:		pratyush
Reviewed by:		royger
Differential review:	https://reviews.freebsd.org/D15899
2018-06-21 15:47:47 +00:00
Roger Pau Monné
791ca5907a xen/evtchn: fix LOR in evtchn device
Remove the device from the list before unbinding it. Doing it in this
order allows calling xen_intr_unbind without holding the bind_mutex
lock.

Sponsored by:	Citrix Systems R&D
2018-05-24 10:20:42 +00:00
Roger Pau Monné
e2e4a0e02a xen-blkback: don't unbind the interrupt while holding the lock
There's no need to perform the interrupt unbind while holding the
blkback lock, and doing so leads to the following LOR:

lock order reversal: (sleepable after non-sleepable)
 1st 0xfffff8000802fe90 xbbd1 (xbbd1) @ /usr/src/sys/dev/xen/blkback/blkback.c:3423
 2nd 0xffffffff81fdf890 intrsrc (intrsrc) @ /usr/src/sys/x86/x86/intr_machdep.c:224
stack backtrace:
#0 0xffffffff80bdd993 at witness_debugger+0x73
#1 0xffffffff80bdd814 at witness_checkorder+0xe34
#2 0xffffffff80b7d798 at _sx_xlock+0x68
#3 0xffffffff811b3913 at intr_remove_handler+0x43
#4 0xffffffff811c63ef at xen_intr_unbind+0x10f
#5 0xffffffff80a12ecf at xbb_disconnect+0x2f
#6 0xffffffff80a12e54 at xbb_shutdown+0x1e4
#7 0xffffffff80a10be4 at xbb_frontend_changed+0x54
#8 0xffffffff80ed66a4 at xenbusb_back_otherend_changed+0x14
#9 0xffffffff80a2a382 at xenwatch_thread+0x182
#10 0xffffffff80b34164 at fork_exit+0x84
#11 0xffffffff8101ec9e at fork_trampoline+0xe

Reported by:    Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
2018-05-24 10:19:54 +00:00
Roger Pau Monné
b3a5ba30e5 dev/xenstore: prevent transaction hijacking
The user-space xenstore device is currently lacking a check to make
sure that the caller is only using transaction ids currently assigned
to it. This allows users of the xenstore device to hijack transactions
not started by them, although the scope is limited to transactions
started by the same domain.

Tested by:      Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
2018-05-24 10:18:31 +00:00
Roger Pau Monné
5d7476948f dev/xenstore: add support for watches
Allow user-space applications to register watches using the xenstore
device.  This is needed in order to run toolstack operations on
domains different than the one where xenstore is running (in which
case the device is not used, since the connection to xenstore is done
using a plain socket).

Tested by:      Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
2018-05-24 10:17:49 +00:00
Roger Pau Monné
7c743c89a0 xenstore: don't wait with the PCATCH flag
Due to the current synchronous xenstore implementation in FreeBSD, we
cannot return from xs_read_reply without reading a reply, or else the
ring gets out of sync and the next request will read the previous
reply and crash due to the type mismatch. A proper solution involves
making use of the req_id field in the message and allowing multiple
in-flight messages at the same time on the ring.

Remove the PCATCH flag so that signals don't interrupt the wait.

Tested by:      Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
2018-05-24 10:17:03 +00:00
Roger Pau Monné
5f8f664619 xenstore: remove the suspend sx lock
There's no need to prevent suspend while doing xenstore transactions,
callers of transactions are supposed to be prepared for a transaction
to fail.

This fixes a bug that could be triggered from the xenstore user-space
device, since starting a transaction from user-space would result in
returning there with a sx lock held, that causes a WITNESS check to
trigger.

Tested by:      Nathan Friess <nathan.friess@gmail.com>
Sponsored by:   Citrix Systems R&D
2018-05-24 10:16:11 +00:00
Roger Pau Monné
ffe4446b33 xen-blkback: do not use state 3 (XenbusStateInitialised)
Linux will not connect to a backend that's in state 3
(XenbusStateInitialised), it needs to be in state 2
(XenbusStateInitWait) for Linux to attempt to connect to the backend.

The protocol seems to suggest that the backend should indeed wait in
state 2 for the frontend to connect, which makes state 3 unusable for
disk backends.

Also make sure blkback will connect to the frontend if the frontend
reaches state 3 (XenbusStateInitialised) before blkback has processed
the results from the hotplug script (Submitted by Nathan Friess).

MFC after:	1 week
2018-05-22 08:51:16 +00:00
Matt Macy
d7c5a620e2 ifnet: Replace if_addr_lock rwlock with epoch + mutex
Run on LLNW canaries and tested by pho@

gallatin:
Using a 14-core, 28-HTT single socket E5-2697 v3 with a 40GbE MLX5
based ConnectX 4-LX NIC, I see an almost 12% improvement in received
packet rate, and a larger improvement in bytes delivered all the way
to userspace.

When the host receiving 64 streams of netperf -H $DUT -t UDP_STREAM -- -m 1,
I see, using nstat -I mce0 1 before the patch:

InMpps OMpps  InGbs  OGbs err TCP Est %CPU syscalls csw     irq GBfree
4.98   0.00   4.42   0.00 4235592     33   83.80 4720653 2149771   1235 247.32
4.73   0.00   4.20   0.00 4025260     33   82.99 4724900 2139833   1204 247.32
4.72   0.00   4.20   0.00 4035252     33   82.14 4719162 2132023   1264 247.32
4.71   0.00   4.21   0.00 4073206     33   83.68 4744973 2123317   1347 247.32
4.72   0.00   4.21   0.00 4061118     33   80.82 4713615 2188091   1490 247.32
4.72   0.00   4.21   0.00 4051675     33   85.29 4727399 2109011   1205 247.32
4.73   0.00   4.21   0.00 4039056     33   84.65 4724735 2102603   1053 247.32

After the patch

InMpps OMpps  InGbs  OGbs err TCP Est %CPU syscalls csw     irq GBfree
5.43   0.00   4.20   0.00 3313143     33   84.96 5434214 1900162   2656 245.51
5.43   0.00   4.20   0.00 3308527     33   85.24 5439695 1809382   2521 245.51
5.42   0.00   4.19   0.00 3316778     33   87.54 5416028 1805835   2256 245.51
5.42   0.00   4.19   0.00 3317673     33   90.44 5426044 1763056   2332 245.51
5.42   0.00   4.19   0.00 3314839     33   88.11 5435732 1792218   2499 245.52
5.44   0.00   4.19   0.00 3293228     33   91.84 5426301 1668597   2121 245.52

Similarly, netperf reports 230Mb/s before the patch, and 270Mb/s after the patch

Reviewed by:	gallatin
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D15366
2018-05-18 20:13:34 +00:00
Roger Pau Monné
2602ef7cfa xen: fix gntdev
Current interface to the gntdev in FreeBSD is wrong, and mostly worked
out of luck before the PTI FreeBSD fixes, when kernel and user-space
where sharing the same page tables.

On FreeBSD ioctls have the size of the passed struct encoded in the
ioctl number, because the generic ioctl handler in the OS takes care
of copying the data from user-space to kernel space, and then calls
the device specific ioctl handler. Thus using ioctl structs with
variable sizes is not possible.

The fix is to turn the array of structs at the end of
ioctl_gntdev_alloc_gref and ioctl_gntdev_map_grant_ref into pointers,
that can be properly accessed from the kernel gntdev driver using the
copyin/copyout functions. Note that this is exactly how it's done for
the privcmd driver.

Sponsored by:   Citrix Systems R&D
2018-05-02 10:19:17 +00:00
Ed Maste
315fbaeca2 Correct pseudo misspelling in sys/ comments
contrib code and #define in intel_ata.h unchanged.
2018-02-23 18:15:50 +00:00
Pedro F. Giffuni
ac2fffa4b7 Revert r327828, r327949, r327953, r328016-r328026, r328041:
Uses of mallocarray(9).

The use of mallocarray(9) has rocketed the required swap to build FreeBSD.
This is likely caused by the allocation size attributes which put extra pressure
on the compiler.

Given that most of these checks are superfluous we have to choose better
where to use mallocarray(9). We still have more uses of mallocarray(9) but
hopefully this is enough to bring swap usage to a reasonable level.

Reported by:	wosch
PR:		225197
2018-01-21 15:42:36 +00:00
Pedro F. Giffuni
26c1d774b5 dev: make some use of mallocarray(9).
Focus on code where we are doing multiplications within malloc(9). None of
these is likely to overflow, however the change is still useful as some
static checkers can benefit from the allocation attributes we use for
mallocarray.

This initial sweep only covers malloc(9) calls with M_NOWAIT. No good
reason but I started doing the changes before r327796 and at that time it
was convenient to make sure the sorrounding code could handle NULL values.
2018-01-13 22:30:30 +00:00
Pedro F. Giffuni
718cf2ccb9 sys/dev: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-27 14:52:40 +00:00
Pedro F. Giffuni
7282444b10 sys/dev: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:36:21 +00:00
Ian Lepore
c82d887d47 Stop calling atrtc_set() from the xen timer clock_settime() method. That
removes the only reference to atrtc_set() from outside of atrtc.c, so make
it static.

The xen timer driver registers as a realtime clock with 1us resolution.  In
the past that resulted in only the xen timer's clock_settime() getting
called, so it would call atrtc_set() to set the hardware clock as well.  As
of r32090, the clock_settime() method of all registered realtime clocks gets
called, so the xen driver no longer needs to chain-call the lower-resolution
driver.

Thanks to royger@ for talking me through the xen stuff, and for testing.
2017-08-11 19:02:11 +00:00
Jason A. Harmening
eb36b1d0bc Clean up MD pollution of bus_dma.h:
--Remove special-case handling of sparc64 bus_dmamap* functions.
  Replace with a more generic mechanism that allows MD busdma
  implementations to generate inline mapping functions by
  defining WANT_INLINE_DMAMAP in <machine/bus_dma.h>.  This
  is currently useful for sparc64, x86, and arm64, which all
  implement non-load dmamap operations as simple wrappers
  around map objects which may be bus- or device-specific.

--Remove NULL-checked bus_dmamap macros.  Implement the
  equivalent NULL checks in the inlined x86 implementation.
  For non-x86 platforms, these checks are a minor pessimization
  as those platforms do not currently allow NULL maps.  NULL
  maps were originally allowed on arm64, which appears to have
  been the motivation behind adding arm[64]-specific barriers
  to bus_dma.h, but that support was removed in r299463.

--Simplify the internal interface used by the bus_dmamap_load*
  variants and move it to bus_dma_internal.h

--Fix some drivers that directly include sys/bus_dma.h
  despite the recommendations of bus_dma(9)

Reviewed by:	kib (previous revision), marius
Differential Revision:	https://reviews.freebsd.org/D10729
2017-07-01 05:35:29 +00:00
Ryan Libby
98018db419 netfront.c: avoid gcc variably-modified warning
gcc produces a "variably modified X at file scope" warning for
structures that use these size definitions.  I think the definitions are
actually fine but can be rephrased with the __CONST_RING_SIZE macro more
cleanly anyway.

Reviewed by:	markj, royger
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential revision:	https://reviews.freebsd.org/D11417
2017-06-30 22:14:22 +00:00
Colin Percival
c74415ed3b Skip setting the MTU in the netfront driver (xn# devices) if the new MTU
is the same as the old MTU.  In particular, on Amazon EC2 "T2" instances
without this change, the network interface is reinitialized every 30
minutes due to the MTU being (re)set when a new DHCP lease is obtained,
causing packets to be dropped, along with annoying syslog messages about
the link state changing.

As a side note, the behaviour this commit fixes was responsible for
exposing the locking problems fixed via r318523 and r318631.

Maintainers of other network interface drivers may wish to consider making
the corresponding change; the handling of SIOCSIFMTU does not seem to
exhibit a great deal of consistency between drivers.

MFC after:	1 week
2017-06-02 07:03:31 +00:00
Roger Pau Monné
477a40c74f xen/netfront: don't drop the RX lock in xn_rxeof
Since netfront uses different locks for the RX and TX paths there's no need to
drop the RX lock before calling if_input.

Suggested by:	jhb
Tested by:	cperciva
Sponsored by:	Citrix Systems R&D
MFC with:	r318523
2017-05-22 11:33:44 +00:00
Roger Pau Monné
bf319173f2 xen/netfront: don't drop the ring RX lock with inconsistent ring state
Make sure the RX ring lock is only released when the state of the ring is
consistent, or else concurrent calls to xn_rxeof might get an inconsistent ring
state and thus some packets might be processed twice.

Note that this is not very common, and could only happen when an interrupt is
delivered while in xn_ifinit.

Reported by:	cperciva
Tested by:	cperciva
MFC after:	1 week
Sponsored by:	Citrix Systems R&D
2017-05-19 08:19:51 +00:00
Roger Pau Monné
e5d27b37e3 xen/blkfront: correctly detach a disk with active users
Call disk_gone when the backend switches to the "Closing" state and blkfront
still has pending users. This allows the disk to be detached, and will call
into xbd_closing by itself when the geom layout cleanup has finished.

Reported by:		bapt
Tested by:		manu
Reviewed by:		bapt
Sponsored by:		Citrix Systems R&D
MFC after:		1 week
Differential revision:	https://reviews.freebsd.org/D10772
2017-05-19 08:11:15 +00:00
Gleb Smirnoff
6286dc78d4 Remove unneeded include of vm_phys.h. 2017-04-17 16:51:04 +00:00
Kevin Lo
dd4b1792c7 Don't initialize if_output to ether_output(), ether_ifattach() does it for
us already.  While here, remove NOTYET code since if_watchdog is no longer
used.

Reviewed by:	royger
MFC after:	3 days
2017-03-24 01:23:07 +00:00
Roger Pau Monné
a81683c371 xen/netfront: fix inbound packet flags for checksum offload
Currently netfront is setting the flags of inbound packets with the checksum
not present (offloaded) to (CSUM_IP_CHECKED | CSUM_IP_VALID | CSUM_DATA_VALID |
CSUM_PSEUDO_HDR). According to the mbuf(9) man page this is not the correct
combination of flags, it should instead be (CSUM_DATA_VALID |
CSUM_PSEUDO_HDR).

Reviewed by:		Wei Liu <wei.liu2@citrix.com>
MFC after:		2 weeks
Sponsored by:		Citrix Systems R&D
Differential revision:	https://reviews.freebsd.org/D9831
2017-03-07 09:18:52 +00:00
Roger Pau Monné
41716b8d51 xenstore: fix suspension when using the xenstore device
Lock the xenstore request mutex when suspending user-space processes, in order
to prevent any process from holding this lock when going into suspension, or
else the xenstore suspend process is going to deadlock.

Submitted by:		Liuyingdong <liuyingdong@huawei.com>
Reviewed by:		royger
MFC after:		2 weeks
Differential revision:	https://reviews.freebsd.org/D9638
2017-03-07 09:17:48 +00:00
Roger Pau Monné
8dee0e9bd6 xen: add support for canceled suspend
When running on Xen, it's possible that a suspend request to the hypervisor
fails (return from HYPERVISOR_suspend different than 0). This means that the
suspend hasn't succeed, and the resume procedure needs to properly handle this
case.

First of all, when such situation happens there's no need to reset the vector
callback, hypercall page, shared info, event channels or grant table, because
it's state is preserved. Also, the PV drivers don't need to be reset to the
initial state, since the connection with the backed has not been interrupted.

Submitted by:		Liuyingdong <liuyingdong@huawei.com>
Reviewed by:		royger
MFC after:		2 weeks
Differential revision:	https://reviews.freebsd.org/D9635
2017-03-07 09:16:51 +00:00
Roger Pau Monné
b8aa60db3d xen/gntdev: prevent unsynchronized accesses to the map entry
vm_map_lookup_done should only be called when the gntdev has finished poking at
the entry.

Reported by:	alc
Reviewed by:	alc
MFC after:	1 week
Sponsored by:	Citrix Systems R&D
2017-02-27 15:31:15 +00:00
Warner Losh
28586889c2 Convert PCIe Hot Plug to using pci_request_feature
Convert PCIe hot plug support over to asking the firmware, if any, for
permission to use the HotPlug hardware. Implement pci_request_feature
for ACPI. All other host pci connections to allowing all valid feature
requests.

Sponsored by: Netflix
2017-02-25 06:11:59 +00:00
Alan Somers
65244d585f Fix the xnb(4) unit tests
One test was inadvertently expecting a bug in the kernel's sscanf
implementation circa 2012. I don't know when that bug got fixed.

Reported by:	royger
Reviewed by:	royger
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9766
2017-02-23 16:54:30 +00:00
Alan Somers
407d708cc7 Misc Coverity fixes in xnb(4)
Most of these are null pointer dereferences or missing error checks in the
unit tests. One is a missing error check in xnb_attach_failed. None can
cause real problems in running systems.

Reported by:	Coverity
CIDs:		1092469 1092468 1092467 2092466 1092465 1092512 1092511 1092510
CIDs:		1092510 1092509 1092508 1092507
Reviewed by:	royger
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9234
2017-02-23 16:31:04 +00:00
Roger Pau Monné
d908d2ef5e xen/gndev: use UOFF_TO_IDX instead of OFF_TO_IDX
The Xen grant table device treats the mmap offset parameter as an unsigned
type, and as so it must use the newly introduced UOFF_TO_IDX.

Sponsored by:   Citrix Systems R&D
MFC after:      2 weeks
X-MFC-with:     r313690
2017-02-23 13:14:28 +00:00
Roger Pau Monné
de7d5ac603 xen/timer: mark the Xen PV timer as not safe for suspension
Note that the timer itself fully supports suspension, but due to the lack of
ordering during the resume process FreeBSD cannot guarantee that the timer is
resumed before any device attempts to use it.

Submitted by:		Liuyingdong <liuyingdong@huawei.com>
Reviewed by:		royger
Differential Revision:	https://reviews.freebsd.org/D9639
2017-02-22 09:22:17 +00:00
Olivier Houchard
36ea572167 In the netfront_rxq struct, we should use NET_RX_RING_SIZE, not
NET_TX_RING_SIZE.

Reviewed by:	royger
2017-01-03 17:24:56 +00:00
Roger Pau Monné
ca7af67ac9 xen: fix IPI setup with EARLY_AP_STARTUP
Current Xen IPI setup functions require that the caller provide a device in
order to obtain the name of the interrupt from it. With early AP startup this
device is no longer available at the point where IPIs are bound, and a KASSERT
would trigger:

panic: NULL pcpu device_t
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xffffffff82233a20
vpanic() at vpanic+0x186/frame 0xffffffff82233aa0
kassert_panic() at kassert_panic+0x126/frame 0xffffffff82233b10
xen_setup_cpus() at xen_setup_cpus+0x5b/frame 0xffffffff82233b50
mi_startup() at mi_startup+0x118/frame 0xffffffff82233b70
btext() at btext+0x2c

Fix this by no longer requiring the presence of a device in order to bind IPIs,
and simply use the "cpuX" format where X is the CPU identifier in order to
describe the interrupt.

Reported by:            sbruno, cperciva
Tested by:              sbruno
X-MFC-With:             r310177
Sponsored by:           Citrix Systems R&D
2016-12-22 16:09:44 +00:00
Dimitry Andric
085def3f0a In xbd_connect(), use correct scanf conversion specifiers for the
feature_barrier and feature_flush variables.  Otherwise, adjacent
variables on the stack, such as sector_size, may be overwritten, with
disastrous results.

Note that I did not see a good reason to revert the addition of zero
checks introduced in r310013.  Better safe than sorry.

PR:		215209
Tested by:	royger
MFC after:	3 days
2016-12-14 19:28:19 +00:00
Colin Percival
93954c2da3 Check that blkfront devices have a non-zero number of sectors and a
non-zero sector size.  Such a device would be a virtual disk of zero
bytes; clearly not useful, and not something we should try to attach.

As a fortuitous side effect, checking that these values are non-zero
here results in them not *becoming* zero later on the function.  This
odd behaviour began with r309124 (clang 3.9.0) but is challenging to
debug; making any changes to this function whatsoever seems to affect
the llvm optimizer behaviour enough to make the unexpected zeroing of
the sector_size variable cease.

PR:		215209
Security:	The potential for variables to unexpectedly become zero
		has worrying consequences for security in general, but
		not so much in this particular context.
2016-12-13 06:54:13 +00:00
Roger Pau Monné
78eb32933b xen: add a grant-table user-space device
A grant-table user-space device will allow user-space applications to map
and share grants (Xen way to share memory) among Xen domains. This grant
table user-space device has been tested with the QEMU Qdisk Xen backed.

Submitted by:		jaggi
Reviewed by:		royger
Differential review:	https://reviews.freebsd.org/D7293
2016-10-31 13:12:58 +00:00