Commit Graph

207584 Commits

Author SHA1 Message Date
Steven Hartland
b2ec7c304e Modularise EFI boot loader
Make EFI boot loader modular in preparation for adding ZFS support.

This is a partial commit of the D4515.

Submitted by:	Eric McCorkle
Reviewed by:	emaste (in part)
MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
Differential Revision:	https://reviews.freebsd.org/D4515
2016-01-15 01:22:36 +00:00
Steven Hartland
108d68faae Ensure boot fsread correctly probes all partitions
The boot code fsread was caching the result of meta data request and
reusing it even for calls with inode = 0, which is used to partitions
trigger a probe.

The result was that success was incorrectly returned for all partition
probes after the first valid success, even for partitions which are not
UFS.

MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-15 01:06:37 +00:00
Steven Hartland
dc9ba0270b Make common boot file_loadraw name parameter const
Fix compiler warnings about dropping const qualifier by changing file_loadraw
name param to const, and updating method to make that the case (it was
abusing the variable).

MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-15 00:55:36 +00:00
Michael Tuexen
c7e732ae61 Fix a bug in INIT handling on accepted 1-to-1 style sockets when the
listener is closed.
This fix allows the following packetdrill test to pass:
// Setup a connected, blocking 1-to-1 style socket
+0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3
// Check the handshake with en empty(!) cookie
+0.0 bind(3, ..., ...) = 0
+0.0 listen(3, 1) = 0
+0.0 < sctp: INIT[flgs=0, tag=1, a_rwnd=1500, os=1, is=1, tsn=1]
+0.0 > sctp: INIT_ACK[flgs=0, tag=2, a_rwnd=..., os=..., is=..., tsn=1, ...]
+0.0 < sctp: COOKIE_ECHO[flgs=0, len=..., val=...]
+0.0 > sctp: COOKIE_ACK[flgs=0]
+0.0 accept(3, ..., ...) = 4
+0.0 close(3) = 0
// Inject an INIT chunk and expect an INIT-ACK
+0.0 < sctp: INIT[flgs=0, tag=3, a_rwnd=1500, os=1, is=1, tsn=1]
+0.0 > sctp: INIT_ACK[flgs=0, tag=..., a_rwnd=..., os=..., is=..., tsn=..., ...]

MFC after:	3 days
2016-01-15 00:26:15 +00:00
Justin Hibbits
b16ddb3989 Adjust VM_MAX_KERNEL_ADDRESS to the max address, not the minimum next.
VM_MAX_KERNEL_ADDERESS is the maximum KVA address.  0xf8000000 is the start of
device mapping space.  Since several conditional checks use '<=' against
VM_MAX_KERNEL_ADDRESS, bad things could feasibly happen.
2016-01-14 23:22:43 +00:00
Gleb Smirnoff
1026c03c28 Fix OpenSSH client information leak.
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
2016-01-14 22:40:46 +00:00
Juli Mallett
e83ddf77d4 Make it possible to specify the path to userboot.so with the -b flag.
Reviewed by:	neel
2016-01-14 22:07:35 +00:00
Ravi Pokala
cb03a5029b Add rotationrate to geom disk dumpconf
Parse and report the nominal rotation rate reported by the drive.

Reviewed by:	sbruno, jhb
Approved by:	jhb
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D4483
Requested by:	Kevin Bowling < kevin.bowling @ kev009.com >
2016-01-14 21:52:21 +00:00
Steven Hartland
bff57f7053 Remove unused reg param from fdt_fixup_memory
MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-14 21:39:10 +00:00
Steven Hartland
276a15676c Prevent bogus compiler in ZFS boot code
Silence a bogus compiler warning about indexing past the end of dn_bonus.

The ZFS code ensures this is not possible but the compiler can't determine
this so added an additional check to prevent this warning.

Sponsored by:	Multiplay
2016-01-14 21:31:26 +00:00
John Baldwin
6c8fd02283 Remove aiod_timeout.
It hasn't been used since the AIO code was made MPSAFE 10 years ago.

Reviewed by:	kib
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D4946
2016-01-14 21:28:56 +00:00
Jonathan T. Looney
492e9ee5a9 Improvements to the MDXFileChunk() template function:
- Remove unneeded fstat()/lseek() calls.
- Return NULL and set errno to EINVAL on negative length.
- Fix small style problems and expand variable names.

After this change, it is possible to use this code for some irregular
files. For example, 'md5 /dev/md0' should now succeed.

Differential Revision:	https://reviews.freebsd.org/D4748
Suggested by:	bde
Reviewed by:	bde, allanjude, delphij
2016-01-14 21:08:23 +00:00
John Baldwin
c85650cacc Rename aiod_bio taskqueue to aiod_kick.
This taskqueue is not used to handle bio requests.  It is only used to
run aio_kick_nowait() to spin up new aio daemon processes.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D4904
2016-01-14 20:51:48 +00:00
Oleksandr Tymoshenko
ee8ce60b6b Fix order of last two arguments of mtx_init
Spotted by: jmcneill@NetBSD.org
2016-01-14 20:25:22 +00:00
Ian Lepore
750e48d766 Fix the handling of the "PDC write transfer length" erratum for at91. The
problem affects revision 1xx hardware as well as later versions.  Also, the
recommended workaround is to set the PDC count register for a 12-byte
transfer when the actual size is less than that, but there is no need to
extend or zero-out the data buffer, because the blklen register contains
the real transfer size and only that many bytes will be transferred.

Also add a sysctl to turn debugging printfs on or off on the fly.
2016-01-14 19:33:13 +00:00
Andrew Turner
c455b92483 Set -mlong-calls where needed to get a static clang and lldb 3.8.0
linking. These are too large for a branch instruction to branch from an
earlier point in the code to somewhere later.

This will also allow these to be build with Thumb-2 when we get this
infrastructure.

Reviewed by:	dim
Differential Revision:	https://reviews.freebsd.org/D4855
2016-01-14 19:00:13 +00:00
Steven Hartland
445a2b570e Only build EFI components on supported compilers
As the in-tree GCC does not support __attribute__((ms_abi)) EFI can only
be built with Clang.

The EFI loader and boot1 validated this, but unused libefi was still built
causing issues under GCC after warnings where enabled by r293724.

Disable building all of EFI when the selected compiler is GCC.

MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-14 18:53:54 +00:00
Steven Hartland
8171acf3ad Revert r293903
Revert r293903 as EFI shouldn't be built on this platform that the this
was reported on.

Sponsored by:	Multiplay
2016-01-14 18:46:57 +00:00
Alan Somers
cbedc01c9a Fix race condition involving ZFS remove events
When a ZFS drive disappears, ZFS sends a resource.fs.zfs.removed event to
userland. A userland program like zfsd(8) can use that event, for example to
activate a hotspare. The current code contains a race condition: vdev_geom
will sent the sysevent _before_ spa.c would update the vdev's status,
causing userland processes to see pool state that does not reflect the
device removal. This change moves the sysevent to spa.c, closing the race.

Reviewed by:	delphij, Sean Eric Fagan
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D4902
2016-01-14 18:19:05 +00:00
Enji Cooper
69c0fce6ba Fix spelling of IPMI
Sponsored by: EMC / Isilon Storage Division
2016-01-14 18:04:49 +00:00
Benjamin Kaduk
e2b10854e4 Update .Dd, missed in r294011 2016-01-14 17:16:47 +00:00
Edward Tomasz Napierala
a9a9fa410d Wrap overlong comment lines.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-14 16:55:07 +00:00
Edward Tomasz Napierala
0851a9b1a1 Fix the code to retry mount attempt in mountcritlocal if there are
any root mount holds.  The previous one used a wrong conditional - the
"err=$?" assignment resets "$?" to 0.

Submitted by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-14 16:53:17 +00:00
Alexander V. Chernikov
fcbfdb37a1 Fix panic in IP redirect. Panic was introduced in r293466.
Found by:	Yamagi Burmeister <lists at yamagi.org>>
2016-01-14 16:31:00 +00:00
Warner Losh
5147131ae4 Document how to enter the debugger here. I'm sure there's some better
canonical place, and the nit-pickers are welcome to move this
information there with a cross reference.

Differential Review: https://reviews.freebsd.org/D4860
2016-01-14 16:23:07 +00:00
John Baldwin
2f9e579166 Fix building with GCC since PAGE_MASK is signed on i386.
Reviewed by:	ngie
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D4772
2016-01-14 15:51:13 +00:00
John Baldwin
a6c9d35c23 Adjust previous fix to conform to the existing style in this file. 2016-01-14 15:49:24 +00:00
Alexander V. Chernikov
6369f51bc8 Make ng_netflow(9) use new routing KPI.
Netflow module is supposed to store (along with fields like
  gateway address and interface index) matched netmask for each record.
  This (currently) requires returning individual route entries, instead
  of optimized next-hop structure. Given that, use control-plane
  rib_lookup_info() function to avoid accessing rtentries directly.
While rib_lookup_info() might be slower, than fibX_lookup() flavours,
  it is more scalable than rtalloc1_fib(), because rtentry mutex is
  not acquired.
2016-01-14 13:14:12 +00:00
Michael Tuexen
ebee3dc229 Fail the SCTP_GET_ASSOC_NUMBER and SCTP_GET_ASSOC_ID_LIST
socket options for 1-to-1 style sockets as specified in RFC 6458.

MFC after:	3 days
2016-01-14 11:25:28 +00:00
Gleb Smirnoff
dc5f4fa86e Install /etc/snmpd.config with 0600 permissions.
Noticed by:	Pierre Kim
Security:	SA-16:06.snmpd
Pointy hat to:	glebius in 2005
2016-01-14 10:25:18 +00:00
Gleb Smirnoff
f73d9fd2f1 There is a bug in tcp_output()'s implementation of the TCP_SIGNATURE
(RFC 2385/TCP-MD5) kernel option.

If a tcpcb has TF_NOOPT flag, then tcp_addoptions() is not called,
and to.to_signature is an uninitialized stack variable. The value
is later used as write offset, which leads to writing to random
address.

Submitted by:	rstone, jtl
Security:	SA-16:05.tcp
2016-01-14 10:22:45 +00:00
Gleb Smirnoff
c8358c6e0d Call crextend() before copying old credentials to the new credentials
and replace crcopysafe by crcopy as crcopysafe is is not intended to be
safe in a threaded environment, it drops PROC_LOCK() in while() that
can lead to unexpected results, such as overwrite kernel memory.

In my POV crcopysafe() needs special attention. For now I do not see
any problems with this function, but who knows.

Submitted by:	dchagin
Found by:	trinity
Security:	SA-16:04.linux
2016-01-14 10:16:25 +00:00
Gleb Smirnoff
de44d808ef Regen after r293907. 2016-01-14 10:15:21 +00:00
Gleb Smirnoff
037f750877 Change linux get_robust_list system call to match actual linux one.
The set_robust_list system call request the kernel to record the head
of the list of robust futexes owned by the calling thread. The head
argument is the list head to record.
The get_robust_list system call should return the head of the robust
list of the thread whose thread id is specified in pid argument.
The list head should be stored in the location pointed to by head
argument.

In contrast, our implemenattion of get_robust_list system call copies
the known portion of memory pointed by recorded in set_robust_list
system call pointer to the head of the robust list to the location
pointed by head argument.

So, it is possible for a local attacker to read portions of kernel
memory, which may result in a privilege escalation.

Submitted by:	mjg
Security:	SA-16:03.linux
2016-01-14 10:13:58 +00:00
Gleb Smirnoff
479795819a Verify the packet length in sctp6_input().
The sctp6_ctlinput() function does not properly check the length of the packet
it receives from the ICMP6 input routine. This means that an attacker can craft
a packet that will cause a kernel panic.

When the kernel receives an ICMP6 error message with one of the types/codes
it handles, it calls icmp6_notify_error() to deliver it to the upper-level
protocol. icmp6_notify_error() cycles through the extension headers (if any)
to find the protocol number of the first non-extension header. It does NOT
verify the length of the non-extension header.

It passes information about the packet (including the actual packet) to the
upper-level protocol's pr_ctlinput function. In the case of SCTP for IPv6,
icmp6_notify_error() calls sctp6_ctlinput().

sctp6_ctlinput() assumes that the incoming packet contains a sufficiently-long
SCTP header and calls m_copydata() to extract a copy of that header. In turn,
m_copydata() assumes that the caller has already verified that the offset and
length parameters are correct. If they are incorrect, it will dereference a
NULL pointer and cause a kernel panic.

In short, no one is sufficiently verifying the input, and the result is a
kernel panic.

Submitted by:	jtl
Security:	SA-16:01.sctp
2016-01-14 10:11:10 +00:00
Steven Hartland
ff7ea78834 Allow file specific user-specified flag overrides
Allow user-specified warning flag overrides for specific files under
bsd.sys.mk, in the same way kern.mk does.

This will to be used by future commits.

MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-14 10:09:05 +00:00
Steven Hartland
bb39a9ed8e Fix GCC warnings causing build failure after r293724
Disable some compiler warnings for GCC (non-standard compiler) fixing
build failures introduced by r293724, which enabled WARNS in the EFI boot
code, when compiling with none standard compiler (GCC).

Raised by:	ian
MFC after:	2 weeks
X-MFC-With:	r293268
Sponsored by:	Multiplay
2016-01-14 09:22:01 +00:00
Andrew Rybchenko
0ed660ee94 sfxge: cleanup: quieten efx_mcdi_read_resonse_header error reporting
The "mcdi_err_arg" probe still reports results of failed MCDI
commands, unless the caller invoked efx_mcdi_execute_quiet().

Submitted by:   Andy Moreton <amoreton at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4919
2016-01-14 09:20:25 +00:00
Andrew Rybchenko
0c848230f7 sfxge: add accessors for license-related MCDI calls to common code
Add support for Huntington MCDI licensing interface to common code.
Ported from Linux net driver IOCTL functions with restructuring for
initial support for V3 licensing API.

Submitted by:   Richard Houldsworth <rhouldsworth at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4918
2016-01-14 09:19:28 +00:00
Andrew Rybchenko
dc5427fc70 sfxge: add table entries for License NVRAM partition
Submitted by:   Richard Houldsworth <rhouldsworth at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4917
2016-01-14 09:14:40 +00:00
Andrew Rybchenko
410298b138 sfxge: cleanup: adjust efx_mcdi_get_port_modes() comment for clarity
Fix an explanatory comment which did not explain very well.

Submitted by:   Richard Houldsworth <rhouldsworth at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4916
2016-01-14 09:12:40 +00:00
Andrew Rybchenko
72cda83214 sfxge: fix common code VPD iterator and duplicate tag verification
Fix efx_vpd_hunk_next() which has -- since its inception -- failed to
correctly iterate over the tags and keywords contained in the VPD data.
Only the first tag or keyword would be returned and the next call with
*contp == 1 would walk to the end of the data and finish.

This was spotted when fixing up errors spotted by Prefast code analysis
(which neglected to set all of the out parameters in all successful cases)

Also fix efx_vpd_verify() on Siena and EF10 which (as a side effect of
correctly iterating over all the tags and keywords) was failing as it
detected that both the static VPD and dynamic VPD storage contained an
RV keyword in the VPD-R tag.  This is intentional as the static VPD and
dynamic VPD are stored separately (firmware merges their contents and
computes a new RV keyword checksum for the data readable from the VPD
capability in PCIe configuration space).

Submitted by:   Andrew Lee <alee at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4915
2016-01-14 09:11:20 +00:00
Andrew Rybchenko
ac23c34a9f sfxge: use correct register definitions for setting interrupt moderation on Medford
The only value which has changed is the number of rows
(ER_DZ_EVQ_TMR_REG_ROWS is 2048 vs 1024 for FR_BZ_TIMER_COMMAND_REGP0_ROWS)
but that isn't used, so this shouldn't change behaviour.

Submitted by:   Mark Spender <mspender at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4913
2016-01-14 09:07:40 +00:00
Andrew Rybchenko
4ab4936911 sfxge: support FATSOv2 in common code
Sponsored by:   Solarflare Communications, Inc.
Reviewed by:    gnn
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4912
2016-01-14 09:05:51 +00:00
Andrew Rybchenko
0a91bc3ff4 sfxge: rx_prefix_pktlen methods do not require EFSYS_OPT_RX_SCALE
Submitted by:   Mark Spender <mspender at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4911
2016-01-14 09:03:02 +00:00
Andrew Rybchenko
56bd83b0c5 sfxge: convert nvram size method to use partition id
Submitted by:   Andy Moreton <amoreton at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4910
2016-01-14 09:01:53 +00:00
Andrew Rybchenko
fd7501bf79 sfxge: rework MCDI start request
Submitted by:   Andy Moreton <amoreton at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4909
2016-01-14 09:00:35 +00:00
Andrew Rybchenko
cfa023eb90 sfxge: add Medford NIC methods
Submitted by:   Mark Spender <mspender at solarflare.com>
Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
Differential Revision: https://reviews.freebsd.org/D4908
2016-01-14 08:59:38 +00:00
Alexander V. Chernikov
10e0e23528 Remove now-unused wrappers for various routing functions. 2016-01-14 08:54:44 +00:00
Enji Cooper
0713024269 PID file support hasn't been committed for ggated(8) yet. Unbreak running
the testcase more than once by restoring the "killall ggated"

MFC after: 15 days
Sponsored by: EMC / Isilon Storage Division
2016-01-14 07:39:05 +00:00