Commit Graph

2314 Commits

Author SHA1 Message Date
hselasky
655b8a18db Implement support for PCI suspend, resume and shutdown events in the
LinuxKPI. Fix a few spaces to tabs. Bump the FreeBSD version to force
recompilation of existing KMODs.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2016-01-15 11:18:58 +00:00
glebius
796cbcc738 Call crextend() before copying old credentials to the new credentials
and replace crcopysafe by crcopy as crcopysafe is is not intended to be
safe in a threaded environment, it drops PROC_LOCK() in while() that
can lead to unexpected results, such as overwrite kernel memory.

In my POV crcopysafe() needs special attention. For now I do not see
any problems with this function, but who knows.

Submitted by:	dchagin
Found by:	trinity
Security:	SA-16:04.linux
2016-01-14 10:16:25 +00:00
glebius
d87c627c80 Change linux get_robust_list system call to match actual linux one.
The set_robust_list system call request the kernel to record the head
of the list of robust futexes owned by the calling thread. The head
argument is the list head to record.
The get_robust_list system call should return the head of the robust
list of the thread whose thread id is specified in pid argument.
The list head should be stored in the location pointed to by head
argument.

In contrast, our implemenattion of get_robust_list system call copies
the known portion of memory pointed by recorded in set_robust_list
system call pointer to the head of the robust list to the location
pointed by head argument.

So, it is possible for a local attacker to read portions of kernel
memory, which may result in a privilege escalation.

Submitted by:	mjg
Security:	SA-16:03.linux
2016-01-14 10:13:58 +00:00
dchagin
04d7fe6b9b Unlock process lock when return error from getrobustlist call and add
an forgotten dtrace probe when return the same error.

MFC after:	3 days
XMFC with:	r292743
2016-01-10 07:36:43 +00:00
dchagin
e706df7b9a Implement vsyscall hack. Prior to 2.13 glibc uses vsyscall
instead of vdso. An upcoming linux_base-c6 needs it.

Differential Revision:  https://reviews.freebsd.org/D1090

Reviewed by:	kib, trasz
MFC after:	1 week
2016-01-09 20:18:53 +00:00
hselasky
d1f61053c3 LinuxKPI style changes:
- Properly prefix internal functions with "linux_" instead of only a
  single underscore to avoid future namespace collisions.
- Make some functions global instead of inline to ease debugging and
  to avoid unnecessary code duplication.
- Remove no longer existing kthread_create() function's prototype.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2016-01-08 10:04:19 +00:00
hselasky
07c911dcef Implement RCU mechanism using shared exclusive locks.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2016-01-05 12:22:45 +00:00
hselasky
c4acbb92b9 Handle when filedescriptors are closed before initialized. An early
fdclose() call can cause fget_unlocked() to fail.

Found by:	mjg @
MFC after:	1 week
Reviewed by:	Mark Block <markb@mellanox.com>
Sponsored by:	Mellanox Technologies
Differential Revision:	https://reviews.freebsd.org/D4351
2015-12-31 14:47:45 +00:00
hselasky
a7a7584c85 Minor LinuxKPI code cleanup:
- Declare some static functions in linux_compat.c instead if inside
  various header files.
- Prefix FreeBSD local functions in the LinuxKPI with "linux_" to
  avoid symbol name conflicts in the future and to make debugging
  easier.
- Make the "struct kobj_ktype" declaractions constant to shave off a
  few bytes from the data segment.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-31 12:30:19 +00:00
hselasky
c5e1fb2b0f Make the kobject refcounting compliant with Linux. Refcounting on the
parent kobject cannot be factored out and must be done by the kobject
consumers.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-31 11:27:36 +00:00
hselasky
0fc96d39d3 Reduce memory consumption when allocating kobject strings in the
LinuxKPI. Compute string length before allocating memory instead of
using fixed size allocations. Make kobject_set_name_vargs() global
instead of inline to save some bytes when compiling.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-28 18:20:05 +00:00
dchagin
4d7095f5fe Return EINVAL in case of incorrect sigev_signo value specified instead of panicing. 2015-12-26 09:09:49 +00:00
dchagin
4beab3b762 Do not allow access to emuldata for non Linux processes.
Pointed out by:	mjg@
Security:	https://admbugs.freebsd.org/show_bug.cgi?id=679
2015-12-26 09:04:47 +00:00
hselasky
67489f9300 Implement drain_workqueue() function.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-21 12:20:02 +00:00
hselasky
5a4cafab40 In the zero delay case in queue_delayed_work() use the return value
from taskqueue_enqueue() instead of reading "ta_pending" unlocked and
also ensure the callout is stopped before proceeding.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-21 12:13:03 +00:00
hselasky
c83441948a Minor workqueue cleanup:
- Make some functions global instead of inline to ease debugging.
- Fix some minor style issues.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-21 11:58:59 +00:00
hselasky
377b186b53 Implement sleepable RCU mechanism using shared exclusive locks.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-21 11:03:12 +00:00
hselasky
7368070b1a Implement ACCESS_ONCE(), WRITE_ONCE() and READ_ONCE().
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-21 10:56:38 +00:00
markj
fa1b8e9a4f Fix style issues around existing SDT probes.
- Use SDT_PROBE<N>() instead of SDT_PROBE(). This has no functional effect
  at the moment, but will be needed for some future changes.
- Don't hardcode the module component of the probe identifier. This is
  set automatically by the SDT framework.

MFC after:	1 week
2015-12-16 23:39:27 +00:00
hselasky
26e5f8b618 Add some structures and defines which will be used when decoding small
form factor, SFF, standards compliant ethernet EEPROMs.

MFC after:	1 week
Obtained from:	Linux
Sponsored by:	Mellanox Technologies
2015-12-03 12:51:54 +00:00
hselasky
0d02209e54 Remove incorrect defines. The proper version of these macros is
defined in linux/etherdevice.h.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-12-03 11:45:12 +00:00
hselasky
2d0e1ae417 Add more functions and types to the LinuxKPI.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2015-11-30 09:24:12 +00:00
kib
ee461b4bba Remove sv_prepsyscall, sv_sigsize and sv_sigtbl members of the struct
sysent.

sv_prepsyscall is unused.

sv_sigsize and sv_sigtbl translate signal number from the FreeBSD
namespace into the ABI domain.  It is only utilized on i386 for iBCS2
binaries.  The issue with this approach is that signals for iBCS2 were
delivered with the FreeBSD signal frame layout, which does not follow
iBCS2.  The same note is true for any other potential user if
sv_sigtbl.  In other words, if ABI needs signal number translation, it
really needs custom sv_sendsig method instead.

Sponsored by:	The FreeBSD Foundation
2015-11-28 08:49:07 +00:00
kib
e0c4faece4 Split kerne timekeep ABI structure vdso_sv_tk out of the struct
sysentvec.  This allows the timekeep data to be shared between similar
ABIs which cannot share sysentvec.

Make the timekeep_push_vdso() tick callback to the timekeep structures
instead of sysentvecs.  If several sysentvec share the vdso_sv_tk
structure, we would update the userspace data several times on each
tick, without the change.

Only allocate vdso_sv_tk in the exec_sysvec_init() sysinit when
sysentvec is marked with the new SV_TIMEKEEP flag.  This saves
allocation and update of unneeded vdso_sv_tk for ABIs which do not
provide userspace gettimeofday yet, which are PowerPCs arches right
now.

Make vdso_sv_tk allocator public, namely split out and export
alloc_sv_tk() and alloc_sv_tk_compat32().  ABIs which share timekeep
data now can allocate it manually and share as appropriate.

Requested by:	nwhitehorn
Tested by:	nwhitehorn, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2015-11-23 07:09:35 +00:00
hselasky
71f160e019 Add assert and note about the size of "unsigned long" inside the
LinuxKPI for the future.

Sponsored by:	Mellanox Technologies
2015-11-13 09:00:39 +00:00
hselasky
5d21e74650 Build fixes:
- Add some missing I/O functions for non-i386 and amd64 platforms.
- Stub ioremap() to NULL using a macro to ensure non-existing memory
  attributes are not referred when they do not exist.
- Add more header files to linux/list.h to resolve driver compilation
  issues on Sparc64 and PowerPC platforms.

Sponsored by:	Mellanox Technologies
2015-11-12 09:18:22 +00:00
cem
81ddf1e4ee linuxkpi/sysfs.h: Cast arg2 through intptr_t to avoid GCC warning
The code compiles fine under Clang, but GCC on PPC is less permissive about
integer and pointer sizes.  (An intmax_t is clearly *large enough* to hold a
pointer value.)

Another follow-up to r290475.

Reported by:	jhibbits
Sponsored by:	EMC / Isilon Storage Division
2015-11-09 16:50:42 +00:00
hselasky
1973c3319b Make all the LinuxKPI include files compile standalone.
Sponsored by:	Mellanox Technologies
2015-11-03 12:37:55 +00:00
hselasky
97b71ce545 Finish process of moving the LinuxKPI module into the default kernel build.
- Move all files related to the LinuxKPI into sys/compat/linuxkpi and
  its subfolders.
- Update sys/conf/files and some Makefiles to use new file locations.
- Added description of COMPAT_LINUXKPI to sys/conf/NOTES which in turn
  adds the LinuxKPI to all LINT builds.
- The LinuxKPI can be added to the kernel by setting the
  COMPAT_LINUXKPI option. The OFED kernel option no longer builds the
  LinuxKPI into the kernel. This was done to keep the build rules for
  the LinuxKPI in sys/conf/files simple.
- Extend the LinuxKPI module to include support for USB by moving the
  Linux USB compat from usb.ko to linuxkpi.ko.
- Bump the FreeBSD_version.
- A universe kernel build has been done.

Reviewed by:	np @ (cxgb and cxgbe related changes only)
Sponsored by:	Mellanox Technologies
2015-10-29 08:28:39 +00:00
kib
05c74cb918 Fix build for the KTR-enabled kernels.
Sponsored by:	The FreeBSD Foundation
2015-10-23 11:41:55 +00:00
ed
7fb0afec66 Refactoring: move out generic bits from cloudabi64_sysvec.c.
In order to make it easier to support CloudABI on ARM64, move out all of
the bits from the AMD64 cloudabi_sysvec.c into a new file
cloudabi_module.c that would otherwise remain identical. This reduces
the AMD64 specific code to just ~160 lines.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D3974
2015-10-22 09:07:53 +00:00
ed
d29789315a Properly format pointer size independent CloudABI system calls.
CloudABI has approximately 50 system calls that do not depend on the
pointer size of the system. As the ABI is pretty compact, it takes
little effort to each truss(8) the formatting rules for these system
calls. Start off by formatting pointer size independent system calls.

Changes:

- Make it possible to include the CloudABI system call definitions in
  FreeBSD userspace builds. Add ${root}/sys to the truss(8) Makefile so
  we can pull in <compat/cloudabi/cloudabi_syscalldefs.h>.
- Refactoring: patch up amd64-cloudabi64.c to use the CLOUDABI_*
  constants instead of rolling our own table.
- Add table entries for all of the system calls.
- Add new generic formatting types (UInt, IntArray) that we'll be using
  to format unsigned integers and arrays of integers.
- Add CloudABI specific formatting types.

Approved by:	jhb
Differential Revision:	https://reviews.freebsd.org/D3836
2015-10-08 05:27:45 +00:00
bdrewery
923a85693e Remove redundant RFFPWAIT/vfork(2) handling in Linux fork(2) and clone(2) wrappers.
r161611 added some of the code from sys_vfork() directly into the Linux
module wrappers since they use RFSTOPPED.  In r232240, the RFFPWAIT handling
was moved to syscallret(), thus this code in the Linux module is no longer
needed as it will be called later.

This also allows the Linux wrappers to benefit from the fix in r275616 for
threads not getting suspended if their vforked child is stopped while they
wait on them.

Reviewed by:	jhb, kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D3828
2015-10-07 19:10:38 +00:00
avg
425c0bb088 save some bytes by using more concise SDT_PROBE<n> instead of SDT_PROBE
SDT_PROBE requires 5 parameters whereas SDT_PROBE<n> requires n parameters
where n is typically smaller than 5.

Perhaps SDT_PROBE should be made a private implementation detail.

MFC after:	20 days
2015-09-28 12:14:16 +00:00
trasz
e6a94eac4e Fixes a panic triggered by threaded Linux applications when running
with RACCT/RCTL enabled.

Reviewed by:	ngie@, ed@
Tested by:	Larry Rosenman <ler@lerctr.org>
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3470
2015-09-02 14:04:13 +00:00
ed
066f63003b Decompose linkat()/renameat() rights to source and target.
To make it easier to understand how Capsicum interacts with linkat() and
renameat(), rename the rights to CAP_{LINK,RENAME}AT_{SOURCE,TARGET}.

This also addresses a shortcoming in Capsicum, where it isn't possible
to disable linking to files stored in a directory. Creating hardlinks
essentially makes it possible to access files with additional rights.

Reviewed by:	rwatson, wblock
Differential Revision:	https://reviews.freebsd.org/D3411
2015-08-27 15:16:41 +00:00
ed
cd546a84a9 Don't forget to invoke pre_execve() and post_execve().
CloudABI's proc_exec() was implemented before r282708 introduced
pre_execve() and post_execve(). Sync up by adding these missing calls.
2015-08-17 13:07:12 +00:00
ed
06774a9be2 Add the last remaining system calls: send() and recv().
There is still one TODO item for these calls: add file descriptor
passing. The data structures are already prepared for this. It's just
the translation that's missing.

Obtained from:	http://github.com/NuxiNL/freebsd
2015-08-12 17:42:20 +00:00
ed
00042245eb Use CAP_EVENT instead of CAP_PDWAIT.
The cloudlibc pdwait() function ends up using FreeBSD's kqueue() in
combination with EVFILT_PROCDESC. This depends on CAP_EVENT -- not
CAP_PDWAIT.

Obtained from:	https://github.com/NuxiNL/freebsd
2015-08-12 11:07:03 +00:00
ed
aa4ad58f86 Make blocking CloudABI futex operations work.
Blocking on locks and condition variables can be accomplished by polling
and using the special filters CONDVAR, LOCK_RDLOCK and LOCK_WRLOCK.

For now it wouldn't make sense to implement this functionality into
kqueue() itself, for the reason that they are CloudABI specific and
would require us to resize 'struct kevent' to hold all of the parameters
of interest.

Add a bandaid to the CloudABI poll system call to call into the futex
code directly if it detects specific combinations of events that are
used by the C library.

Obtained from:	https://github.com/NuxiNL/freebsd
2015-08-12 08:41:48 +00:00
ed
2c00348ef6 Make poll() and kqueue() on CloudABI work.
This change implements two functions, cloudabi64_kevent_copyin() and
cloudabi64_kevent_copyout(), that convert CloudABI structures to
FreeBSD's struct kevent. CloudABI uses two structures: subscription_t
and event_t. The former is used for input, whereas the latter is used
for output. Unlike struct kevent, fields aren't overloaded for multiple
purposes or for separate event types.

For poll() we call into the newly introduced kern_kevent_anonymous()
function that allows us to poll without a file descriptor. This function
is not only used by poll(), but also by functions such as
sleep() and clock_nanosleep().

Reviewed by:	jmg
Obtained from:	https://github.com/NuxiNL/freebsd
Differential Revision:	https://reviews.freebsd.org/D3308
2015-08-12 07:59:00 +00:00
ed
c58ce69d7e Fall back to O_RDONLY -- not O_WRONLY.
If CloudABI processes open files with a set of requested rights that do
not match any of the privileges granted by O_RDONLY, O_WRONLY or O_RDWR,
we'd better fall back to O_RDONLY -- not O_WRONLY.
2015-08-11 14:08:46 +00:00
ed
ce5c81239d Properly convert the error number to CloudABI's indexing.
We currently return FreeBSD's errno value directly, which is of course
not correct.
2015-08-11 14:07:04 +00:00
ed
7e9beb0309 Make cap_rights_limit() work for CloudABI processes.
Call into the recently introduced kern_cap_rights_limit() function to
restrict rights.
2015-08-11 08:44:19 +00:00
ed
ad0a6d924b Add file_open(): the underlying system call of openat().
CloudABI purely operates on file descriptor rights (CAP_*). File
descriptor access modes (O_ACCMODE) are emulated on top of rights.

Instead of accepting the traditional flags argument, file_open() copies
in an fdstat_t object that contains the initial rights the descriptor
should have, but also file descriptor flags that should persist after
opening (APPEND, NONBLOCK, *SYNC). Only flags that don't persist (EXCL,
TRUNC, CREAT, DIRECTORY) are passed in as an argument.

file_open() first converts the rights, the persistent flags and the
non-persistent flags to fflags. It then calls into vn_open(). If
successful, it installs the file descriptor with the requested
rights, trimming off rights that don't apply to the type of
the file that has been opened.

Unlike kern_openat(), this function does not support /dev/fd/*. I can't
think of a reason why we need to support this for CloudABI.

Obtained from:	https://github.com/NuxiNL/freebsd
Differential Revision:	https://reviews.freebsd.org/D3235
2015-08-06 06:47:28 +00:00
ed
76b3868331 Correct the previous commit: remove the DECLARE_MODULE().
It looks like a MODULE_VERSION() can also appear on its own -- there is
no need to use explicitly use DECLARE_MODULE(). Looking at other
modules, this seems common practice.
2015-08-05 16:53:49 +00:00
ed
e525384638 Add DECLARE_MODULE() to the "cloudabi" kernel module.
This kernel module does not require any explicit initialization, but a
module declaration is needed to let the "cloudabi64" kernel module
automatically pull this in.

Obtained from:	https://github.com/NuxiNL/freebsd
2015-08-05 16:45:47 +00:00
ed
7bdbb524eb Make fcntl(F_SETFL) work.
The stat_put() system call can be used to modify file descriptor
attributes, such as flags, but also Capsicum permission bits. Support
for changing Capsicum bits will be added as soon as its dependent
changes have been pushed through code review.

Obtained from:	https://github.com/NuxiNL/freebsd
2015-08-05 16:15:43 +00:00
ed
ead010a7f9 Regenerate the system call table. 2015-08-05 13:10:13 +00:00
ed
85a31ef593 Import the latest CloudABI system call definitions and table.
We're going to need these for next code I'm going to send out for
review: support for poll() and kqueue() on CloudABI.
2015-08-05 13:09:46 +00:00