Commit Graph

677 Commits

Author SHA1 Message Date
Simon J. Gerraty
5ab1c5846f Add Makefile.depend.options
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend

DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options

See share/mk/dirdeps-options.mk

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22469
2019-12-11 17:37:37 +00:00
Vincenzo Maffione
79c1428ed6 bhyve: uniform printf format string newlines
Some of the printf statements only use LF to get a newline. However, a CR character is also required for the serial console to print debug logs in a nice way.
Fix those code locations that only use LF, by adding a CR character.

Reviewed by:	markj, aleksandr.fedorov@itglobal.com
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D22552
2019-12-02 20:51:46 +00:00
Vincenzo Maffione
d70b206955 bhyve: virtio-net: disable receive until features are negotiated
This patch fixes a race condition where the receive callback is called
while the device is being reset. Since the rx_merge variable may change
during reset, the receive callback may operate inconsistently with what
the guest expects.
Also, get rid of the unused rx_vhdrlen variable.

PR:	242023
Reported by:	aleksandr.fedorov@itglobal.com
Reviewed by:	markj, jhb
MFC with:	r354552
Differential Revision:	https://reviews.freebsd.org/D22440
2019-11-19 21:10:44 +00:00
Vincenzo Maffione
07b35f77c0 bhyve: rework mevent processing to fix a race condition
At the end of both mevent_add() and mevent_update(), mevent_notify()
is called to wakeup the I/O thread, that will call kevent(changelist)
to update the kernel.
A race condition is possible where the client calls mevent_add() and
mevent_update(EV_ENABLE) before the I/O thread has the chance to wake
up and call mevent_build()+kevent(changelist) in response to mevent_add().
The mevent_add() is therefore ignored by the I/O thread, and
kevent(fd, EV_ENABLE) is called before kevent(fd, EV_ADD), resuliting
in a failure of the kevent(fd, EV_ENABLE) call.

PR:	241808
Reviewed by:	jhb, markj
MFC with:	r354288
Differential Revision:	https://reviews.freebsd.org/D22286
2019-11-12 21:07:51 +00:00
Vincenzo Maffione
d55e0373f1 bhyve: add support for virtio-net mergeable rx buffers
Mergeable rx buffers is a virtio-net feature that allows the hypervisor
to use multiple RX descriptor chains to receive a single receive packet.
Without this feature, a TSO-enabled guest is compelled to publish only
64K (or 32K) long chains, and each of these large buffers is consumed
to receive a single packet, even a very short one. This is a waste of
memory, as a RX queue has room for 256 chains, which means up to 16MB
of buffer memory for each (single-queue) vtnet device.
With the feature on, the guest can publish 2K long chains, and the
hypervisor will merge them as needed.

This change also enables the feature in the netmap backend, which
supports virtio-net offloads. We plan to add support for the
tap backend too.
Note that differently from QEMU/KVM, here we implement one-copy receive,
while QEMU uses two copies.

Reviewed by:    jhb
MFC after:      3 weeks
Differential Revision:	https://reviews.freebsd.org/D21007
2019-11-08 17:57:03 +00:00
Vincenzo Maffione
3e11768ee1 bhyve: add backend rx backpressure to virtio-net
If a VM is flooded with more ingress packets than the guest OS
can handle, the current virtio-net code will keep reading those
packets and drop most of them as no space is available in the
receive queue. This is an undesirable receive livelock, which
is a waste of CPU and memory resources and potentially opens to
DoS attacks.
With this change, virtio-net uses the new netbe_rx_disable()
function to disable ingress operation in the backend while the
guest is short on RX buffers. Once the guest makes more buffers
available to the RX virtqueue, ingress operation is enabled again
by calling netbe_rx_enable().

Reviewed by:	bryanv, jhb
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20987
2019-11-03 19:02:32 +00:00
Vincenzo Maffione
14d726374b bhyve: fix mistake introduced by r352841
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20973
2019-11-03 18:53:42 +00:00
Jung-uk Kim
412d13d559 Catch up with ACPICA 20191018.
PR:		241467
XMFC with:	r353764
2019-10-24 22:33:46 +00:00
Vincenzo Maffione
d12c5ef640 bhyve: support for enabling/disabling the net backend
Extend the net backend interface with two functions, namely netbe_rx_disable()
and netbe_rx_enable(), which can be used by the net device emulators to stop
the backend from invoking the receive callback. This is useful for device
emulators, i.e., on hardware resets or to implement receive backpressure.
The mevent module has been extendede to support the addition of a disabled
event. To prevent race conditions, the net backends will start with receive
operation disabled. A follow-up patch will use the new functionalities in
the virtio-net device.

Reviewed by:	jhb, markj
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D20973
2019-09-28 12:02:43 +00:00
John Baldwin
ed9ffd2f09 Validate guest-supplied length of headers for TSO transmit requests.
When transmitting a large TCP packet, the final transmit descriptor
includes the length of the protocol headers to be duplicated on each
segment.  The device model was trusting the guest-supplied value
without validating it.  A value of zero would result in the guest
being able to indirect a garbage pointer on the stack to overwrite
arbitrary memory in the bhyve process.  A value that was non-zero but
too small for the requested parameters resulted in the device model
reading and writing values beyond the end of the on-stack buffer used
to hold the template header.

To fix, validate the supplied length and drop requests to transmit
packets that would overflow the header buffer.  While here, initialize
the header pointer to NULL as a preventive measure so that any access
to an unallocated template header crashes they hypervisor
deterministically.

While here, only read the TCP sequence number if the packet being
split is a TCP packet.  The e1000 logic supports a segmentation of UDP
frames, and while UDP segmentation requires this part of the header to
be valid (so there is no buffer overflow), only reading the field when
needed is cleaner.

admbugs:	918
Reported by:	Reno Robert <renorobert@gmail.com>
Reviewed by:	markj
Approved by:	so
Security:	CVE-2019-5609
2019-08-05 21:39:55 +00:00
Scott Long
88880fd4cf Fix the register layout for the Buffer Descript List Entry. It
got jumbled around during some other cleanups and was causing
audio failures on some guests.

PR:		239341
Reported by:	shamaz.mazum@gmail.com
2019-07-23 18:40:07 +00:00
Ed Maste
61db163fd0 bhyve: correct out-of-bounds read in XHCI device emulation
Add appropriate bounds checks on the epid and streamid fields in the
device doorbell registers.

admbugs:	919
Submitted by:	jhb
Reported by:	Reno Robert <renorobert@gmail.com>
Reviewed by:	markj
Approved by:	so
Security:	out-of-bounds read
2019-07-23 16:27:36 +00:00
Chuck Tuffli
31b67520d4 bhyve: update the NVMe CQ based on the status
Instead of skipping the NVMe Completion Queue update based on the
opcode, define a synthetic status value which indicates the completion
queue entry is invalid. This will also allow deferred completion queue
updates for other commands.

Also returns the correct status for unrecognized opcodes ("invalid
opcode").

Reviewed by:	imp, jhb, araujo
Approved by:	imp (mentor), jhb (maintainer)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D20945
2019-07-17 03:19:30 +00:00
Chuck Tuffli
409a80e5a4 bhyve: Create EUI64 for NVMe namespaces
Accept an IEEE Extended Unique Identifier (EUI-64) from the command
line for each NVMe namespace. If one isn't provided, it will create one
based on the CRC16 of:
 - the FreeBSD IEEE OUI
 - PCI bus, device/slot, function values
 - Namespace ID

Reviewed by:	imp, araujo, jhb, rgrimes
Approved by:	imp (mentor), jhb (maintainer)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D19905
2019-07-13 12:48:28 +00:00
Sean Chittenden
2d5fe36980 usr.sbin/bhyve: close backend file descriptor during tap init error
Coverity CID:	1402953
Reviewed by:	scottl, markj, aleksandr.fedorov -at- itglobal.com
Approved by:	vmaffione, jhb
Differential Revision:	https://reviews.freebsd.org/D20913
2019-07-12 18:50:46 +00:00
Sean Chittenden
dbb1521165 usr.sbin/bhyve: only unassign a pt device after obtaining bus/slot/func
Coverity CID:	1194302, 1194303, 1194304
Approved by:	jhb, markj
Differential Revision:	https://reviews.freebsd.org/D20933
2019-07-12 18:33:58 +00:00
Sean Chittenden
ba1ca6d2e3 usr.sbin/bhyve: free resources when erroring out of pci_vtcon_sock_add()
Coverity CID:	1362880
Approved by:	markj, jhb
Differential Revision:	https://reviews.freebsd.org/D20916
2019-07-12 18:20:56 +00:00
Sean Chittenden
cb84aeda17 usr.sbin/bhyve: prevent use-after-free in virtio scsi request handling
Coverity CID:	1393377
Approved by:	araujo, jhb
Differential Revision:	https://reviews.freebsd.org/D20915
2019-07-12 18:17:35 +00:00
Sean Chittenden
ae2c5fe32f usr.sbin/bhyve: don't leak a FD if the device is not a tty
Coverity CID:	1194193
Approved by:	markj, jhb
Differential Revision:	https://reviews.freebsd.org/D20934
2019-07-12 18:13:58 +00:00
Sean Chittenden
e47c192236 usr.sbin/bhyve: unconditionally initialize the NVMe completion status
Follow-up work to improve the handling of unsupported/invalid opcodes
is being developed by chuck@.

Coverity CID:	1398928
Reviewed by:	chuck
Approved by:	araujo, imp
Differential Revision:	https://reviews.freebsd.org/D20914
2019-07-12 05:53:13 +00:00
Sean Chittenden
c7cb7db87d usr.sbin/bhyve: free resources when erroring out of pci_vtnet_init()
Coverity CID:	1402978
Approved by:	vmaffione
Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D20912
2019-07-12 05:19:37 +00:00
Sean Chittenden
fe1329e446 usr.sbin/bhyve: send an initialized value to wake up blocking kqueue
This is a no-op initialization because nothing reads this value.  "This
wasn't wrong previously, but this is more correct now." -imp

Coverity CID:	1194307
Approved by:	markj, imp, scottl
Differential Revision:	https://reviews.freebsd.org/D20921
2019-07-11 23:54:50 +00:00
Sean Chittenden
bf51e078b6 usr.sbin/bhyve: commit miss from r349918
Submitted by:	markj
Approved by:	markj
Differential Revision:	https://reviews.freebsd.org/D20918
2019-07-11 19:51:33 +00:00
Sean Chittenden
bab8915c94 usr.sbin/bhyve: free leaked memory during option parsing
Also update to use strsep(3) instead of strtok(3).

Most of this commit inadvertently ended up in r349914.

Coverity CID:	1357337
Approved by:	markj
PR:		233038
Differential Revision:	https://reviews.freebsd.org/D20918
2019-07-11 19:41:14 +00:00
Sean Chittenden
cdd80cac4a usr.sbin/bhyve: initialize return value in xhci device interrupt handler
Coverity CID:	1357340
Approved by:	scottl, markj
Differential Revision:	https://reviews.freebsd.org/D20917
2019-07-11 19:26:35 +00:00
Sean Chittenden
2a1950b9cc usr.sbin/bhyve: free resources if there is an initialization error in rfb
Coverity CID:	1357335
Approved by:	markj, jhb
Differential Revision:	https://reviews.freebsd.org/D20919
2019-07-11 19:07:45 +00:00
Vincenzo Maffione
8cd0c1ac32 bhyve: net_backends.c: add missing __FBSDID
Reviewed by:	jhb
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20883
2019-07-09 22:05:58 +00:00
Vincenzo Maffione
90db4ba908 bhyve: add missing license identifiers in net_utils and net_backend
Reviewed by:	jhb, markj, imp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20874
2019-07-09 22:04:33 +00:00
Vincenzo Maffione
0ff7076bdb bhyve: abstraction for network backends
Bhyve can currently emulate two virtual NICs, namely virtio-net and e1000,
and connect to the host network through two backends, namely tap and netmap.
However, there is no interface between virtual NIC functionalities and
backend functionalities. As a result, the backend code is duplicated between
the two virtual NIC implementations and also within the same virtual NIC.
Also, e1000 cannot currently use netmap as a backend.
This patch introduces a network backend API between virtio-net/e1000 and
tap/netmap, to improve code reuse and add missing functionalities.
Virtual NICs and backends can negotiate virtio-net features, such as checksum
offload and TSO. If the backend supports the features, it will propagate this
information to the guest, so that the latter can make use of them. Currently,
only netmap VALE ports support the features, but support should be added to
tap in the future.

Reviewed by:	jhb, bryanv
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20659
2019-07-07 12:15:24 +00:00
Sean Chittenden
55c94d640f bhyve/audio: don't leak resources on failed initialization.
Coverity CID:	1402793
Approved by:	markj, jhb, bhyve
Differential Revision:	https://reviews.freebsd.org/D20841
2019-07-03 17:24:24 +00:00
Warren Block
a9258f9b7f Correct name of vmm(4) pptdevs variable.
Reported by:	nwolff@ixsystems.com
2019-07-02 14:53:51 +00:00
John Baldwin
7aa24c6006 Use __FBSDID() and sort #includes.
No functional change.
2019-06-27 21:45:40 +00:00
Ed Maste
9349d37845 bhyve: avoid theoretical stack buffer overflow from integer overflow
Use the proper size_t type to match strlen's return type.  This is not
exploitable in practice as this parses command line arguments, which
are limited to well below 2^31 bytes.

This is a minimal change to address the reported issue; hda_parse_config
and the rest of this file will benefit from further review.

Reported by:	Fakhri Zulkifli
Reviewed by:	jhb, markj
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-06-25 19:06:43 +00:00
Marcelo Araujo
3e21da8ad1 Add SPDX tags to bhyve(8) HD Audio device.
Reviewed by:	bcran
Differential Revision:	https://reviews.freebsd.org/D20750
2019-06-25 06:24:56 +00:00
Warner Losh
36f9f044cd Replay r349336 by scottl accidentally reverted by r349352
Add a section about the HD Audio module support
2019-06-25 06:14:11 +00:00
Warner Losh
6b021cc2dd Replay r349335 by scottl accidentally reverted by r349352
Add the PCI HDAudio device model from the 2016 GSoC.  Detailed information
can be found at

https://wiki.freebsd.org/SummerOfCode2016/HDAudioEmulationForBhyve

This commit has evolved from the original work to include Capsicum
integration.  As part of that, it only opens the host audio devices once
and leaves them open, instead of opening and closing them on each guest
access.  Thanks to Peter Grehan and Marcelo Araujo for their help in
bringing the work forward and providing some of the final techncial push.

Submitted by:	Alex Teaca <iateaca@freebsd.org>
Differential Revision:	D7840, D12419
2019-06-25 06:14:05 +00:00
Warner Losh
f5a95d9a07 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00
Scott Long
0a944371e8 Add a section about the HD Audio module support 2019-06-24 19:42:32 +00:00
Scott Long
7e3c742061 Add the PCI HDAudio device model from the 2016 GSoC. Detailed information
can be found at

https://wiki.freebsd.org/SummerOfCode2016/HDAudioEmulationForBhyve

This commit has evolved from the original work to include Capsicum
integration.  As part of that, it only opens the host audio devices once
and leaves them open, instead of opening and closing them on each guest
access.  Thanks to Peter Grehan and Marcelo Araujo for their help in
bringing the work forward and providing some of the final techncial push.

Submitted by:	Alex Teaca <iateaca@freebsd.org>
Differential Revision:	D7840, D12419
2019-06-24 19:31:32 +00:00
Eric van Gyzen
db2114b4b8 bhyve: Fix vtscsi maximum segment config
The seg_max value reported to the guest should be two less than the
host's maximum, in order to leave room for the request and the
response.  This is analogous to r347033 for virtio_block.

We hit the "too many segments to enqueue" assertion on OneFS because
we increase MAXPHYS to 256 KB.

Reviewed by:	bryanv
Discussed with:	cem jhb rgrimes
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20529
2019-06-21 18:57:33 +00:00
Mark Johnston
ab877e64d0 Make zlib encoding messages idempotent.
Otherwise duplicate messages can trigger a reinitialization of the
compression stream while the update thread is running.  Also ensure
that the stream is initialized before the update thread may attempt
to use it.

PR:		238333
Reviewed by:	cem, rgrimes
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20673
2019-06-19 16:09:20 +00:00
Vincenzo Maffione
5c2b348a54 bhyve: vtnet: fix locking on receive
The vsc_rx_ready and the RX virtqueue is protected by the rx_mtx lock.
However, pci_vtnet_ping_rxq() (currently called only once after each
device reset) accesses those without acquiring the lock.

Reviewed by:	markj
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20609
2019-06-18 17:51:30 +00:00
Vincenzo Maffione
4f7c3b7be5 bhyve: move common code to net_utils.c
Both virtio_net and e82545 network frontends have code to validate and
generate MAC addresses. These functionalities are replicated in the two
files, so we move them in a separate compilation unit.

Reviewed by:	rgrimes, bryanv, imp, kevans
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20626
2019-06-13 17:39:32 +00:00
John Baldwin
0026d8ccb7 Remove a spurious break when setting up a 64-bit memory BAR.
This was causing 'enbit' to not be initialized in this case.

CID:		1401924
Reported by:	Coverity
MFC after:	1 week
2019-06-12 16:49:01 +00:00
Vincenzo Maffione
17e9052ca8 bhyve: virtio: introduce vq_kick_enable() and vq_kick_disable()
The VirtIO standard supports two schemes for notification suppression:
a notification enable bit and a more sophisticated one (event_idx) that
also supports delayed notifications. Currently bhyve fully supports
only the first scheme. This patch hides the notification suppression
internals by means of two inline routines, vq_kick_enable() and
vq_kick_disable(), and makes the code more readable.
Moreover, further improve readability by replacing the call to mb()
with a call to atomic_thread_fence_seq_cst(), which is already used
in virtio.c

Reviewed by:	pmooney_pfmooney.com, bryanv
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20581
2019-06-11 15:52:41 +00:00
Vincenzo Maffione
f3b1307e01 bhyve: vtnet: simplify thread synchronization
On vtnet device reset it is necessary to wait for threads to stop TX and
RX processing. However, the rx_in_progress variable (used for to wait for
RX processing to stop) is actually useless, and can be removed. Acquiring
and releasing the RX lock is enough to synchronize correctly. Moreover,
it is possible to reset the device while holding both TX and RX locks, so
that the "resetting" variable becomes unnecessary for the RX thread, and
can be protected by the TX lock (instead of being volatile).

Reviewed by:	jhb, markj
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20543
2019-06-09 12:41:21 +00:00
Chuck Tuffli
129f93c5a7 bhyve: Add PCIe Integrated Endpoint capability
The NVMe CAM driver reports the PCIe Link Capability and Status for
devices. For emulated bhyve NVMe devices, this looks like:

nda0: nvme version 1.3 x63 (max x63) lanes PCIe Gen15 (max Gen15) link

The driver outputs this because the emulated device doesn't include the
PCIe Capability structure. The NVMe specification requires these
registers, so the fix is to add this set of capability registers to the
emulated device.

Note that PCI Express devices that are integrated into the Root Complex
(i.e. Bus 0x0) do not have to support the Link Capability or Status
registers. Windows will fail to start (i.e. Code 10) devices that appear
to be part of the Root Complex but report being a PCI Express Endpoint.
So also add a check to pci_emul_add_pciecap() to check if the device is
integrated and change the device type.

Reviewed by:	imp, ken, araujo, jhb, rgrimes
Approved by:	imp (mentor), ken (mentor), jhb (maintainer)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D19904
2019-06-07 17:09:49 +00:00
John Baldwin
5628267505 Keep the shadow PCIR_COMMAND synced with the real one for pass through.
This ensures that bhyve properly recognizes when decoding is disabled
for BARs on passthru devices.  To properly handle writes to the
register, export a pci_emul_cmd_changed function from pci_emul.c that
the pass through device model invokes for config writes that change
PCIR_COMMAND.

Reviewed by:	rgrimes
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20531
2019-06-07 15:53:27 +00:00
John Baldwin
2729c9bbc7 Enable memory and I/O decoding in PCI devices on demand.
Rather than uncoditionally setting the MEMEN and PORTEN bits in
PCIR_COMMAND for PCI devices, set the respective bit when the first
BAR of a given type is added to the device.  This more closely matches
what firmware does on bare metal.

BUSMASTEREN is still set unconditionally.  Eventually this bit should
move into the device models as not all device models need this set.

Reviewed by:	rgrimes
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20530
2019-06-07 15:48:12 +00:00
John Baldwin
4db23c7455 Use parse_integer to avoid sign extension.
Coverity warned about gdb_write_mem sign extending the result of
parse_byte shifted left by 24 bits when generating a 32-bit memory
write value for MMIO.  Simplify the code by using parse_integer
instead of unrolled parse_byte calls.

CID:		1401600
Reviewed by:	cem
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D20508
2019-06-05 23:37:50 +00:00
John Baldwin
24be3f513f Don't simulate PBA access if the PBA is in a separate BAR.
bhyve has to virtualize the MSI-X table to trap reads and writes to
that table and map those to virtual interrupts that it maps real host
interrupts on to.  For the pending-bit-array (PBA), bhyve passes
accesses from the guest directly to the hardware.

bhyve's virtualization of the MSI-X table is done by intercepting all
reads and writes to the BAR holding the MSI-X table.  However, if the
PBA is stored in the same BAR as the MSI-X table, accesses to the PBA
portion of this BAR have to be forwarded to the real BAR.

However, in the case that the PBA was stored in a separate BAR and
it's offset in that separate BAR overlapped with the portion of the
MSI-X table BAR that the table used, the handlers for the table BAR
would incorrectly think that some accesses were PBA reads and writes.
This caused a crash in bhyve when it indirected a NULL pointer.  Fix
this case by never trying to handle PBA access if the PBA lives in a
separate BAR.

Reported by:	gallatin
Tested by:	gallatin
Reviewed by:	markj, Patrick Mooney
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D20523
2019-06-05 19:29:02 +00:00
John Baldwin
beb388db08 Emulate the AMD MSR_LS_CFG MSR used for various Ryzen errata.
Writes are ignored and reads always return zero.

Submitted by:	José Albornoz <jojo@eljojo.net> (write-only version)
Reviewed by:	Patrick Mooney, cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D19506
2019-06-03 23:17:35 +00:00
John Baldwin
df61066e8b Whitespace cleanups, no functional change. 2019-05-31 18:00:44 +00:00
John Baldwin
07e007e1ca Add initial support for 'qSupported' to the debug server.
This doesn't recognize any features yet, but does parse the features
string.  It advertises an arbitrary packet size of 4k.

Reviewed by:	markj, Scott Phillips <d.scott.phillips@intel.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20308
2019-05-24 22:11:37 +00:00
John Baldwin
1b52cd4553 Add support for writing to guest memory in the debug server.
- Add a write_mem counterpart to read_mem to handle writes to MMIO.
- Add support for the GDB 'M' packet to write bytes to the guest's
  memory.  For MMIO writes, attempt to batch writes up into words.
  This is imprecise, but if you write a single 2 or 4-byte aligned
  word, it should be treated as a single MMIO write operation.
- While here, tidy up the parsing of the 'm' command used for reading
  memory to match 'M'.

Reviewed by:	markj, Scott Phillips <d.scott.phillips@intel.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D20307
2019-05-24 00:34:13 +00:00
Rodney W. Grimes
efc25f65e2 bhyve virtio needs barriers
Under certain tight race conditions, we found that the lack of a memory
barrier in bhyve's virtio handling causes it to miss a NO_NOTIFY state
transition on block devices, resulting in guest stall. The investigation
is recorded in OS-7613. As part of the examination into bhyve's use of
barriers, one other section was found to be problematic, but only on
non-x86 ISAs with less strict memory ordering. That was addressed in
this patch as well, although it was not at all a problem on x86.

PR:		231117
Submitted by:	Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by:	jhb, kib, rgrimes
Approved by:	jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D19501
2019-05-18 19:32:38 +00:00
John Baldwin
8c74ade848 Increase the VirtIO segment count to support modern Windows guests.
The Windows virtio driver ignores the advertized seg_max field and
assumes the host can accept up to 67 segments in indirect descriptors,
triggering an assert in the bhyve process.

This brings back r282922 but with a couple of changes:
- It raises the block interface segment limit to 128 instead of 67.
- Linux's virtio driver assumes that the segment limit is no
  larger than the ring size.  To avoid breaking Linux guests,
  raise the VirtIO ring size to 128, and cap the VirtIO segment
  limit at ring size - 2 (effectively 126).

Reviewed by:	rgrimes, Patrick Mooney <pmooney@pfmooney.com>
Obtained from:	Joyent (Linux workaround)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D18831
2019-05-02 22:46:37 +00:00
Rodney W. Grimes
3facfc7560 Make bhyve SMBIOS table topology aware
When the CPU Topology was added to bhyve in r332298 the SMBIOS table was
missed, this table passes topology information to the system and was still
using the old concept of each vCPU is a socket with 1 core and 1 thread.
This code did not even try to use the old sysctl information to adjust
this data.

Correct that by building a proper SMBios table, mapping the > 254 cases to
0 per the SMBios 2.6 specification that is claimed by the structure.

Reviewed by:		Patrick Mooney <patrick.mooney@joyent.com>
Approved by:		bde and/or phk (mentor), jhb (maintainer)
MFC:			3 days
Differential Revision:	https://reviews.freebsd.org/D18998
2019-04-25 22:53:55 +00:00
Rodney W. Grimes
77be224862 Acpi MADT table correction for VM_MAXCPU > 21
The bhyve acpi MADT table was given a static space of 256 (0x100) bytes,
this is enough space to allow VM_MAXCPU to be 21, this patch changes that
so VM_MAXCPU can be of arbitrary value and not overflow the space by
actually calculating the space needed for the table.

PR:			212782
Reviewed by:		Patrick Mooney <patrick.mooney@joyent.com>
Approved by:		bde (mentor), jhb (maintainer)
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D18815
2019-04-25 22:52:44 +00:00
Mark Johnston
d6ef759e5d Use separate descriptors in bhyve's stdio uart backend.
bhyve was previously using stdin for both reading and writing to the
console, which made it difficult to redirect console output.  Use
stdin for reading and stdout for writing.  This makes it easier to use
bhyve as a backend for syzkaller.

As a side effect, the change fixes a minor bug which would cause bhyve
to fail with ENOTCAPABLE if configured to use nmdm for com1 and stdio
for com2.

bhyveload already uses separate descriptors, as does the bvmcons driver.

Reviewed by:	jhb
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19788
2019-04-22 13:57:52 +00:00
Chuck Tuffli
f0dfbcccf4 Revert r345171 pending review
Backing out commit pending further discussion on the PCIe version
supported by pseudo (i.e. emulated) devices. See Differential for
details.

Reviewed by:	imp
Approved by:	imp (mentor)
Differential Revision:	https://reviews.freebsd.org/D19580
2019-04-13 23:37:27 +00:00
Alexander Motin
cfe60d67ae Fix thread name buffer overflow.
MFC after:	1 week
2019-04-12 18:13:57 +00:00
Mark Johnston
1906d427c1 Stop compiling bhyve(8) with -O0.
DEBUG_FLAGS is always added to CFLAGS.  This setting appears to be
accidental and came in with r243327.

Reviewed by:	anish, emaste, jhb, rgrimes
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19787
2019-04-07 14:30:17 +00:00
Mark Johnston
76086f9c5a Fix indentation.
No functional change intended.

Reviewed by:	bcran, jhb, rgrimes
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19786
2019-04-07 14:28:02 +00:00
Chuck Tuffli
a1daa3ae5e bhyve: Fix NVMe data structure copy to guest
bhyve's NVMe emulation was transferring Identify data back to the guest
incorrectly causing memory corruptions. These corruptions resulted in
core dumps and other system level errors in the guest.

In their simplest form, NVMe Physical Region Page (PRP) values in
commands indicate which physical pages to use for data transfer. The
first PRP value is not required to be page aligned but does not cross a
page boundary. The second PRP value must be page aligned, does not cross
a page boundary, and need not be contiguous with PRP1.

The code was copying Identify data past the end of PRP1. This happens to
work if PRP1 and PRP2 are physically contiguous but will corrupt guest
memory in unpredictable ways if they are not.

Fix is to copy the Identify data back to the guest piecewise (i.e. for
each PRP entry). Also fix a similarly wrong problem when copying back
Log page data.

Reviewed by:	imp (mentor), araujo, jhb, rgrimes, bhyve
Approved by:	imp (mentor), bhyve (jhb)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D19695
2019-04-05 16:54:20 +00:00
Chuck Tuffli
fe1b713e2c bhyve: Fix NVMe BAR size calculation
The NVMe specification defines bits 13:4 of BAR0 as Reserved (i.e. 0x0).
Most drivers do not enforce this, but the Windows NVMe driver does and
will refuse to start the device (i.e. error 10) if any of these bits are
set.

The current BAR size calculation tries to minimize the amount of memory
the device reserves by scaling the BAR size by the maximum number of
queues supported by the device. But unless the device supports a large
number of queue pairs (over 1536), it will reserve too little memory.

The fix is to allocate a minimum of 16K bytes for BAR0.

Tested on Windows Server 2016 and 2019

Reviewed by:	imp (mentor), araujo, jhb, bhyve
Approved by:	imp (mentor), bhyve (jhb)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D19676
2019-04-05 16:54:16 +00:00
Chuck Tuffli
2ba640758d Fix bhyve PCIe capability emulation
PCIe devices starting with version 1.1 must set the Role-Based Error
Reporting bit.

And while we're in the neighborhood, generalize the code assigning the
device type.

Reviewed by:	imp, araujo, rgrimes
Approved by:	imp (mentor)
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D19580
2019-03-15 02:11:28 +00:00
Chuck Tuffli
7bb1073842 Fix bhyve's NVMe Identify Namespace data
The NVMe Identify Namespace data structure's Number of LBA Formats
(NLBAF) field is a 0's based value (i.e. 0x0 means 1). Since the
emulation only supports a single format, set NLBAF to 0x0, not 1.

Reviewed by:	imp, araujo, rgrimes
Approved by:	imp (mentor)
MFC after:      1 week
Differential Revision: https://reviews.freebsd.org/D19579
2019-03-15 02:11:27 +00:00
Conrad Meyer
55792380c3 bhyve(8): Fix uart emulation bug
THRE is always asserted in LSR reads, so REG_IER writes that raise
IER_ETXRDY must also set thre_int_pending.

Reported by:	Illumos, according to emaste@
		https://twitter.com/ed_maste/status/1106195949087584258
MFC after:	2 weeks
2019-03-14 21:08:48 +00:00
John Baldwin
2e43efd0bb Drop "All rights reserved" from my copyright statements.
Reviewed by:	rgrimes
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D19485
2019-03-06 22:11:45 +00:00
Jung-uk Kim
f8c531e603 Catch up with ACPICA 20190215.
PR:		235922
2019-02-21 21:15:49 +00:00
Rodney W. Grimes
11e67b92b5 In r340044 an attempt to quiet coverity warning cid 1357336
was incorrectly implemented leading to a possible double free.

It is possible for both the conditional free,
and the unconditional free added in r340044 to be done,
fix that by initializing uopt to NULL,
removing the conditional free,
and only using the unconditional free at the end.

Reported by:	Patrick Mooney (patrick.mooney@joyent.com)
Reviewed by:	jhb (maintainer), Patrick Mooney (joyent/illumos)
Approved by:	bde (mentor)
CID:		1357336
MFC after:	3 days
MFC with:	340044
Differential Revision:	https://reviews.freebsd.org/D19202
2019-02-15 16:48:15 +00:00
Rodney W. Grimes
85cf19adc5 In r340042 an attempt to quiet coverity warning cid 1305412 was overdone.
nopt is the only allocated space,
xopt and cp are aliases into that allocated space.
Remove the 2 unneeded free's

Reported by:	Patrick Mooney (@pmooney_pfmooney.com)
Reviewed by:	jhb (maintainer), Patrick Mooney (joyent/illumos)
Approved by:	bde (mentor)
CID:		1305412
MFC after:	3 days
MFC with:	340042
Differential Revision:	https://reviews.freebsd.org/D19200
2019-02-15 16:20:21 +00:00
Warner Losh
4def346d56 Revert r343077 until the license issues surrounding it can be resolved.
Approved by:	core@
2019-02-12 19:05:09 +00:00
Marcelo Araujo
4edc7f418a Revert r343634:
Mostly a cosmetic change to replace strlen with strnlen.

Requested by:	kib and imp
2019-02-01 03:09:11 +00:00
Marcelo Araujo
7722142ba8 Mostly a cosmetic change to replace strlen with strnlen.
Obtained from:	Project ACRN
MFC after:	2 weeks
2019-01-31 23:32:19 +00:00
Marcelo Araujo
73f6ccd9e7 Fix broken uart on Win2016 guest.
Obtained from:	Joyent (commit/2bf1a940afbd1382faff159e7c93c72779ca10f4)
MFC after:	3 weeks.
2019-01-16 03:46:27 +00:00
Marcelo Araujo
abfa3c39e7 Use capsicum_helpers(3) that allow us to simplify the code and its functions
will return success when the kernel is built without support of
the capability mode.

It is important to note, that I'm taking a more conservative approach
with these changes and it will be done in small steps.

Reviewed by:	jhb
MFC after:	6 weeks
Differential Revision:	https://reviews.freebsd.org/D18744
2019-01-16 00:39:23 +00:00
Rodney W. Grimes
7d9545fcc0 Fix spelling of identifier
Approved by:	phk (mentor)
MFC after:	3 days
2019-01-11 14:21:59 +00:00
Chuck Tuffli
fbac7e0ba2 Fix bhyve's NVMe Completion Queue entry values
The function which processes Admin commands was not returning the
Command Specific value in Completion Queue Entry, Dword 0 (CDW0). This
effects commands such as Set Features, Number of Queues which returns
the number of queues supported by the device in CDW0. In this case, the
host will only create 1 queue pair (Number of Queues is zero based).
This also masked a bug in the queue counting logic.

Reviewed by: imp, araujo
Approved by: imp (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D18703
2019-01-04 15:03:35 +00:00
Chuck Tuffli
76e47b9420 Fix bhyve's NVMe queue bookkeeping
Many size / length parameters in NVMe are "0's based", meaning, a value
of 0x0 represents 1, 0x1 represents 2, etc.. While this leads to an
efficient encoding, it can lead to subtle bugs. With respect to queues,
these parameters include:
 - Maximum number of queue entries
 - Maximum number of queues
 - Number of Completion Queues
 - Number of Submission Queues

To be consistent, convert all 0's based values from the host to 1's
based value internally. Likewise, covert internal 1's based values to
0's based values when returned to the host. This fixes an off-by-one bug
when creating IO queues and simplifies some of the code. Note that this
bug is masked by another bug.

While in the neighborhood,
 - fix an erroneous queue ID check (checking CQ count when deleting SQ)
 - check for queue ID of 0x0 in a few places where this is illegal
 - clean up the Set Features, Number of Queues command and check for
   illegal values

Reviewed by: imp, araujo
Approved by: imp (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D18702
2019-01-04 15:03:30 +00:00
Alexander Motin
49f8782283 Allow CTL device specification in bhyve virtio-scsi.
There was a large refactoring done in CTL to allow multiple ioctl frontend
ports (and respective devices) to be created, particularly for bhyve.
Unfortunately, respective part of bhyve functionality got lost somehow from
the original virtio-scsi commit.  This change allows wanted device path to
be specified in either of two ways:
 -s 6,virtio-scsi,/dev/cam/ctl1.1
 -s 6,virtio-scsi,dev=/dev/cam/ctl2.3
If neither is specified, the default /dev/cam/ctl device is used.

While there, remove per-queue CTL device opening, which makes no sense at
this point.

Reported by:	wg
Reviewed by:	araujo
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D18504
2018-12-11 20:47:00 +00:00
Alexander Motin
6810fd0acf Make virtio-scsi pass SCSI Task Attributes to CTL.
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
2018-12-07 20:55:29 +00:00
Alexander Motin
99fa47de81 Fix several iov handling bugs in bhyve virtio-scsi backend.
- buf_to_iov() does not use buflen parameter, allowing out of bound read.
 - buf_to_iov() leaks memory if seek argument > 0.
 - iov_to_buf() doesn't need to reallocate buffer for every segment.
 - there is no point to use size_t for iov counts, int is more then enough.
 - some iov function arguments can be constified.
 - pci_vtscsi_request_handle() used truncate_iov() incorrectly, allowing
   getting out of buffer and possibly corrupting data.
 - pci_vtscsi_controlq_notify() written returned status at wrong offset.
 - pci_vtscsi_controlq_notify() leaked one buffer per event.

Reported by:	wg
Reviewed by:	araujo
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D18465
2018-12-07 20:30:00 +00:00
Alexander Motin
9ce46e8107 Fill initid explicitly on requests.
Unfortunately ctl_scsi_zero_io() wipes that field, so it was always zero.
While there, targ_port is set by kernel, so user-space should not fill it.

MFC after:	1 week
2018-12-07 19:10:51 +00:00
Gordon Tetlow
39040a9ec4 Always treat firmware request and response sizes as unsigned.
This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by:	jhb
Reported by:	Reno Robert
Approved by:	so
Security:	FreeBSD-SA-18:14.bhyve
Security:	CVE-2018-17160
2018-12-04 18:28:25 +00:00
Marcelo Araujo
edce78c2c4 Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES
to avoid buffer accessed out of bounds, also switch to snprintf(3).

PR:		200859
Submitted by:	Caglar <caglar@10ur.org>
Obtained from:	https://github.com/mist64/xhyve/pull/24
MFC after:	4 weeks
Sponsored by:	iXsystems Inc.
2018-11-20 22:21:19 +00:00
Marcelo Araujo
0f6f91a8ce Comestic change to try to inline the memset with SSE/AVX instructions.
Also switch from int to size_t to keep portability.

Reviewed by:	brooks
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D17795
2018-11-07 06:29:01 +00:00
Marcelo Araujo
2c386b11f8 Revert my bogus attempt to silence coverity on r340045, it created
more bad side effects than good.

PR:		233038
Submitted by:	We Maag <jwmaag@gmail.com>
2018-11-07 04:20:29 +00:00
Marcelo Araujo
be81239ddc Remove printf for debug purpose forgotten on r340046.
Reported by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
2018-11-02 13:48:06 +00:00
Marcelo Araujo
6f2d76643e Add support ps/2 scancodes for NumLock, ScrollLock and numerical keypad
keys.

PR:		213835
Submitted by:	Vasily Postnicov <ivan.zhmudo@gmail.com>
MFC after:	4 weeks
Relnotes:	Yes
Sponsored by:	iXsystems Inc.
2018-11-02 08:28:14 +00:00
Marcelo Araujo
250c472a8c Fix resource leak when using strdup(3).
Reported by:	Coverity
CID:		1357337
Sponsored by:	iXsystems Inc.
2018-11-02 08:03:19 +00:00
Marcelo Araujo
93670f79d7 Fix resource leak when using strdup(3).
Reported by:	Coverity
CID:		1357336
Sponsored by:	iXsystems Inc.
2018-11-02 08:01:42 +00:00
Marcelo Araujo
6c8dae3cba Fix resource leak, variable fd going out of scope.
Reported by:	Coverity
CID:		1204383
Sponsored by:	iXsystems Inc.
2018-11-02 07:59:28 +00:00
Marcelo Araujo
ea2c655dd9 Fix resource leak, variables cp, xopts and nopt going out of scope.
Reported by:	Coverity
CID:		1305412
Sponsored by:	iXsystems Inc.
2018-11-02 07:57:28 +00:00
Yuri Pankov
8d56c80545 Provide basic descriptions for VMX exit reason (from "Intel 64 and IA-32
Architectures Software Developer’s Manual Volume 3").  Add the document
to SEE ALSO in bhyve.8 (and pet manlint here a bit).

Reviewed by:	jhb, rgrimes, 0mp
Approved by:	kib (mentor)
Differential Revision:	https://reviews.freebsd.org/D17531
2018-10-27 21:24:28 +00:00
Bjoern A. Zeeb
8883128b8e Allow the bhyve VNC server to listen on IPv6 for incoming connections.
Alternatively to IPv4 address:port this will allow to listen on IPv6
link-local (incl. scope), a specific address, or ::.  Addresses have
to be given in RFC2732 format so that [::]:port parsing will work.

This patch also starts to introduce WITH_INET/INET6_SUPPORT to bhyve.

PR:			232018
Submitted by:		Dave Rush (northwoodlogic.free gmail.com) (original)
Reviewed by:		Dave Rush (updated verison)
MFC after:		3 days
2018-10-24 08:45:33 +00:00
Bjoern A. Zeeb
fb72b618c5 In bhyve's fbuf emulation improve the overall "usage" message and
for the vga option, rather than printing the entire option string,
only print vga (as we do for everything else).

MFC after:	3 days
2018-10-22 11:43:43 +00:00
Marcelo Araujo
1aa56353ad Add manpage entry for the new bhyve options -s "help" and -l "help".
Reported by:	0mp
Sponsored by:	iXsystems Inc.
2018-08-23 07:34:51 +00:00
Marcelo Araujo
657d21589e Add -s "help" and -l "help" to print a list of supported PCI and LPC devices.
For tools that uses bhyve such like libvirt, it is important to be able to
probe what features are supported by the given bhyve binary.

To give more context, libvirt probes bhyve's capabilities in a not very
effective way:
- Running 'bhyve -h' and parsing output.
- To detect devices, it runs 'bhyve -s 0,dev' for every each device and
  parses error output to identify if the device is supported or not.

PR:		2101111
Submitted by:	novel
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	iXsystems Inc.
2018-08-22 20:23:08 +00:00
Chuck Tuffli
9544e6dcf1 Make NVMe compatible with the original API
The original NVMe API used bit-fields to represent fields in data
structures defined by the specification (e.g. the op-code in the command
data structure). The implementation targeted x86_64 processors and
defined the bit fields for little endian dwords (i.e. 32 bits).

This approach does not work as-is for big endian architectures and was
changed to use a combination of bit shifts and masks to support PowerPC.
Unfortunately, this changed the NVMe API and forces #ifdef's based on
the OS revision level in user space code.

This change reverts to something that looks like the original API, but
it uses bytes instead of bit-fields inside the packed command structure.
As a bonus, this works as-is for both big and little endian CPU
architectures.

Bump __FreeBSD_version to 1200081 due to API change

Reviewed by: imp, kbowling, smh, mav
Approved by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D16404
2018-08-22 04:29:24 +00:00
Marcelo Araujo
1465a1e1eb Fix resource leak when using strdup(3).
Reported by:	Coverity
CID:		1394929
Sponsored by:	iXsystems Inc.
2018-08-21 23:11:26 +00:00
Marcelo Araujo
6b2c20cd98 NVMe spec version 1.3c says that "serial number" field must be 7-bit ASCII,
with unused bytes padded by space characters. Same for firmware number and
namespace number.

Discussed with:	imp@
Sponsored by:	iXsystems Inc.
2018-08-20 04:56:37 +00:00
Marcelo Araujo
b018ea0174 Users must set the number of queues from 1 to maximum 16 queues.
Sponsored by:	iXsystems Inc.
2018-08-20 04:50:11 +00:00
Marcelo Araujo
df90fce298 Fix double mutex lock.
Reported by:	Coverity
CID:		1394833
Discussed with:	Leon Dang
Sponsored by:	iXsystems Inc.
2018-08-20 04:44:29 +00:00
Marcelo Araujo
ec89307fb1 Fix a resource leak when using strdup(3) and also fix few style(9).
Reported by:	Coverity
CID:		1394929
MFC after:	1 week
Sponsored by:	iXsystems Inc.
2018-08-16 06:38:01 +00:00
Marcelo Araujo
3955e1c03a Remove duplicated code.
Reported by:	Coverity
CID:		1394893
MFC after:	1 week
Sponsored by:	iXsystems Inc.
2018-08-16 06:35:44 +00:00
Marcelo Araujo
9e59a2e8ce Add a comment explaining how the PSN works and why there is no need for
a null terminator. Also mark CID 1394825 as intentional.

Reported by:	Coverity
CID:		1394825
MFC after:	1 week
Sponsored by:	iXsystems Inc.
2018-08-16 06:31:54 +00:00
Marcelo Araujo
e30993c2a6 Increase the mask from 15 to 255 or otherwise NVME_FEAT_SOFTWARE_PROGRESS
will never be reached.

Discussed with:	Leon Dang and Darius Mihai <dariusmihaim@gmail.com>
MFC after:	1 week.
Sponsored by:	iXsystems Inc.
2018-08-16 06:20:25 +00:00
Mariusz Zaborski
dcbebe85de bhyve: set title before entering capability mode
PR:		230082
Submitted by:	Yuichiro NAITO <naito.yuichiro@gmail.com>
2018-08-02 21:54:34 +00:00
Marcelo Araujo
989e062bea Improve bhyve exit(3) error code.
The bhyve(8) exit status indicates how the VM was terminated:

0	rebooted
1	powered off
2	halted
3	triple fault

The problem is when we have wrappers around bhyve that parses the exit
error code and gets an exit(1) for an error but interprets it as "powered off".
So to mitigate this issue and makes it less error prone for third part
applications, I have added a new exit code 4 that is "exited due to an error".

For now the bhyve(8) exit status are:
0	rebooted
1	powered off
2	halted
3	triple fault
4	exited due to an error

Reviewed by:	@jhb
MFC after:	2 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D16161
2018-07-11 03:23:09 +00:00
Marcelo Araujo
9add8139b7 Fix style(9) space and tab. 2018-07-10 05:36:32 +00:00
Marcelo Araujo
c066c68c57 - Add bhyve NVMe device emulation.
The initial work on bhyve NVMe device emulation was done by the GSoC student
Shunsuke Mie and was heavily modified in performan, functionality and
guest support by Leon Dang.

bhyve:
	-s <n>,nvme,devpath,maxq=#,qsz=#,ioslots=#,sectsz=#,ser=A-Z

	accepted devpath:
		/dev/blockdev
		/path/to/image
		ram=size_in_MiB

Tested with guest OS: FreeBSD Head, Linux Fedora fc27, Ubuntu 18.04,
                      OpenSuse 15.0, Windows Server 2016 Datacenter.
Tested with all accepted device paths: Real nvme, zdev and also with ram.
Tested on: AMD Ryzen Threadripper 1950X 16-Core Processor and
           Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz.

Tests at: https://people.freebsd.org/~araujo/bhyve_nvme/nvme.txt

Submitted by:	Shunsuke Mie <sux2mfgj_gmail.com>,
		Leon Dang <leon_digitalmsx.com>
Reviewed by:	chuck (early version), grehan
Relnotes:	Yes
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D14022
2018-07-05 03:33:58 +00:00
Mariusz Zaborski
7672a0148f Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0.
No functional change intended.
2018-06-19 23:43:14 +00:00
Marcelo Araujo
f7224b709f Fix style(9) space vs tab.
Reviewed by:	jhb
MFC after:	3 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D15768
2018-06-14 01:34:53 +00:00
Marcelo Araujo
f2b5dc3aec While I was investigating CID 1194192 related with a resource leak on mrp memory
allocation, I could identify that actually we use this pointer on pci_emul.c as
well as on vga.c source file.

I have reworked the logic here to make it more readable and also add a warn to
explicit show the function where the memory allocation error could happen,
also sort headers.

Also CID 1194192 was marked as "Intentional".

Obtained from:	TrueOS
MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
2018-06-13 11:49:34 +00:00
Marcelo Araujo
35f7c93cc8 When this code was introduced at r300829 the author forgot to add
the BSD license header that is the same as in its C header file.

MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
2018-06-13 04:00:21 +00:00
Marcelo Araujo
ce80faa498 Add SPDX tags to bhyve(8).
Discussed with:	rgrimes, pfg and mav.
Obtained from:	TrueOS
MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
2018-06-13 03:22:08 +00:00
Marcelo Araujo
c205be608c More style(9) fixes, space vs tab. 2018-06-11 15:18:31 +00:00
Pedro F. Giffuni
afd66b9d51 style(9): Fix tabs after #define.
No functional change intended.
2018-06-11 14:45:34 +00:00
Marcelo Araujo
f9c005a17f - Add bhyve virtio-scsi storage backend support.
Example of configuration:
ctl.conf:
portal-group pg0 {
        discovery-auth-group no-authentication
        listen 0.0.0.0
        listen [::]
}

target iqn.2012-06.com.example:target0 {
        auth-group no-authentication
        portal-group pg0
        port ioctl/5/3

        lun 0 {
                path /z/test.img
                size 8G
        }
        lun 1 {
                path /z/test1.img
                size 8G
        }
}

bhyve <...> -s 4,virtio-scsi,/dev/cam/ctl5.3,iid=3 <VM_NAME>

From inside guest:
root@:~ # zpool status test
  pool: test
 state: ONLINE
  scan: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        test        ONLINE       0     0     0
          da0       ONLINE       0     0     0
          da1       ONLINE       0     0     0

dmesg:
da0 at vtscsi0 bus 0 scbus0 target 0 lun 0
da0: <FREEBSD CTLDISK 0001> Fixed Direct Access SPC-5 SCSI device
da0: Serial Number MYSERIAL0000
da0: 300.000MB/s transfers
da0: Command Queueing enabled
da0: 8192MB (16777216 512 byte sectors)
da1 at vtscsi0 bus 0 scbus0 target 0 lun 1
da1: <FREEBSD CTLDISK 0001> Fixed Direct Access SPC-5 SCSI device
da1: Serial Number MYSERIAL0001
da1: 300.000MB/s transfers
da1: Command Queueing enabled
da1: 8192MB (16777216 512 byte sectors)

Discussed with:		grehan
Reviewed by:		mav
Obtained from:		TrueOS
Relnotes:		Yes
Sponsored by:		iXsystems Inc.
Tested with:		FreeBSD HEAD, Fedora 28 (Workstation) and
			Ubuntu 18.04.
Differential Revision:  https://reviews.freebsd.org/D15276
2018-06-11 02:09:20 +00:00
Marcelo Araujo
6dd8233d5d Simplify macros EFPRINTF and EFFLUSH. [0]
Also stdarg(3) says that each invocation of va_start() must be paired
with a corresponding invocation of va_end() in the same function. [1]

Reported by:	Coverity
CID:		1194318[0] and 1194332[1]
Discussed with:	jhb
MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D15548
2018-05-29 01:46:00 +00:00
Eric van Gyzen
8a114a66b5 bhyve: guarantee NUL termination
Use strlcpy to guarantee NUL termination of the path to a
virtio console socket.

Reported by:	Coverity
CID:		1362874
Sponsored by:	Dell EMC
2018-05-28 03:09:09 +00:00
Eric van Gyzen
054e6e1335 bhyve: fix small memory leak in virtio console
Reported by:	Coverity
CID:		1363284
Sponsored by:	Dell EMC
2018-05-28 03:05:01 +00:00
Marcelo Araujo
13ee81bed5 We don't need check if str is NULL as free(3) will handle NULL
argument.

Reported by:	kib@
2018-05-25 19:12:30 +00:00
Marcelo Araujo
635a2c892c After a long discussion about assert(3), we gonna use a HardenedBSD
approach to chek strdup(3) memory allocation.

Submitted by:	Shaw Webb <shawn.webb@hardenedbsd.org>
Reported by:	brooks
Obtained from:	HardenedBSD
2018-05-25 18:54:40 +00:00
Marcelo Araujo
ea089f8c71 Fix a memory leak on topology_parse().
strdup(3) allocates memory for a copy of the string, does the copy and
returns a pointer to it. If there is no sufficient memory NULL is returned
and the global errno is set to ENOMEM.
We do a sanity check to see if it was possible to allocate enough memory.

Also as we allocate memory, we need to free this memory used. Or it will
going out of scope leaks the storage it points to.

Reviewed by:	rgrimes
MFC after:	3 weeks.
X-MFC:		r332298
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D15550
2018-05-25 02:07:05 +00:00
Marcelo Araujo
5f4c83abf5 pthread_rwlock_unlock(3) returns 0 if successful, otherwise an error number
will be returned to indicate the error, so I'm applying an assert(3) to do
a sanity check of the return value.

Reported by:	Coverity CID: 1391235, 1193654 and 1193651
Reviewed by:	grehan
MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D15533
2018-05-23 09:34:51 +00:00
Marcelo Araujo
92046bf113 Revert: r334016
Revert for now this change, it in somehow breaks init_pci.
2018-05-22 06:02:11 +00:00
Marcelo Araujo
2d03aa5999 Include atkbdc header where there are declared the prototype functions
atkbdc_event and atkbdc_init.

MFC after:	4 weeks.
Sponsored by:	iXsystems Inc.
2018-05-22 05:21:53 +00:00
Marcelo Araujo
b5e3928d6d We must free the variable str.
Spotted by:	clang's static analyzer
Submitted by:	Tom Rix <trix_juniper.net>
Reviewed by:	grehan
MFC after:	4 weeks
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D10009
2018-05-22 04:08:08 +00:00
Rodney W. Grimes
d96ee3e017 Add missing newline to end of -c usage string .
Pointy hat:	me
Submitted by:	novel
Approved by:	bde(mentor), grehan (maintainer)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D15421
2018-05-17 12:18:41 +00:00
Marcelo Araujo
bc1019a238 vq_getchain() can return -1 if some descriptor(s) are invalid and prints
a diagnostic message. So we do a sanity checking on the return value
of vq_getchain().

Spotted by:	gcc49
Reviewed by:	avg
MFC after:	4 weeks
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D15388
2018-05-15 05:55:29 +00:00
Peter Grehan
51688c129f Allow arbitrary numbers of columns for VNC server screen resolution.
The prior code only allowed multiples of 32 for the
numbers of columns. Remove this restriction to allow
a forthcoming UEFI firmware update to allow arbitrary
x,y resolutions.

(the code for handling rows already supported non mult-32 values)

Reviewed by:	Leon Dang (original author)
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D15274
2018-05-04 01:36:49 +00:00
John Baldwin
cd377eb369 Initial debug server for bhyve.
This commit adds a new debug server to bhyve.  Unlike the existing -g
option which provides an efficient connection to a debug server
running in the guest OS, this debug server permits inspection and
control of the guest from within the hypervisor itself without
requiring any cooperation from the guest.  It is similar to the debug
server provided by qemu.

To avoid conflicting with the existing -g option, a new -G option has
been added that accepts a TCP port.  An IPv4 socket is bound to this
port and listens for connections from debuggers.  In addition, if the
port begins with the character 'w', the hypervisor will pause the
guest at the first instruction until a debugger attaches and
explicitly continues the guest.  Note that only a single debugger can
attach to a guest at a time.

Virtual CPUs are exposed to the remote debugger as threads.  General
purpose register values can be read for each virtual CPU.  Other
registers cannot currently be read, and no register values can be
changed by the debugger.

The remote debugger can read guest memory but not write to guest
memory.  To facilitate source-level debugging of the guest, memory
addresses from the debugger are treated as virtual addresses (rather
than physical addresses) and are resolved to a physical address using
the active virtual address translation of the current virtual CPU.
Memory reads should honor memory mapped I/O regions, though the debug
server does not attempt to honor any alignment or size constraints
when accessing MMIO.

The debug server provides limited support for controlling the guest.
The guest is suspended when a debugger is attached and resumes when a
debugger detaches.  A debugger can suspend a guest by sending a Ctrl-C
request (e.g. via Ctrl-C in GDB).  A debugger can also continue a
suspended guest while remaining attached.  Breakpoints are not yet
supported.  Single stepping is supported on Intel CPUs that support
MTRAP VM exits, but is not available on other systems.

While the current debug server has limited functionality, it should
at least be usable for basic debugging now.  It is also a useful
checkpoint to serve as a base for adding additional features.

Reviewed by:	grehan
Differential Revision:	https://reviews.freebsd.org/D15022
2018-05-01 15:17:46 +00:00
Rodney W. Grimes
01d822d33b Add the ability to control the CPU topology of created VMs
from userland without the need to use sysctls, it allows the old
sysctls to continue to function, but deprecates them at
FreeBSD_version 1200060 (Relnotes for deprecate).

The command line of bhyve is maintained in a backwards compatible way.
The API of libvmmapi is maintained in a backwards compatible way.
The sysctl's are maintained in a backwards compatible way.

Added command option looks like:
bhyve -c [[cpus=]n][,sockets=n][,cores=n][,threads=n][,maxcpus=n]
The optional parts can be specified in any order, but only a single
integer invokes the backwards compatible parse.  [,maxcpus=n] is
hidden by #ifdef until kernel support is added, though the api
is put in place.

bhyvectl --get-cpu-topology option added.

Reviewed by:	grehan (maintainer, earlier version),
Reviewed by:	bcr (manpages)
Approved by:	bde (mentor), phk (mentor)
Tested by:	Oleg Ginzburg <olevole@olevole.ru> (cbsd)
MFC after:	1 week
Relnotes:	Y
Differential Revision:	https://reviews.freebsd.org/D9930
2018-04-08 19:24:49 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Bartek Rutkowski
569aaa3b97 bhyve: avoid applying capsicum capabilities to file that was not opened
When using -l option targeting file that can't be opened (ie. nmdm module
is not loaded and /dev/nmdm* is specified) bhyve tries to apply capsicum
capabilities to a file that was not opened.

Enclose that code in an if statement and only run it on correctly opened
descriptor also providing meaningful message in case of an error.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Reviewed by:	grehan, emaste
Sponsoied by:	Mysterious Code Ltd.
Differential Revision:	D12985
2017-11-11 22:50:14 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Eitan Adler
a2aef24aa3 Update several more URLs
- Primarily http -> https
- Primarily FreeBSD project URLs
2017-10-29 08:17:03 +00:00
Ryan Libby
07451638fa bhyve/vga.c: fix atc_color_select_67 bit shift
Gcc noticed that the result of the bit shift is always zero.  Shift so
that the ATC_CS_C67 bits end up in bits 6 & 7.

Reviewed by:	grehan, tychon
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11775
2017-07-28 21:47:10 +00:00
Ryan Libby
558e4950b3 bhyve/pci_e82545.c: squelch gcc warning for noreturn procedure
Gcc complained that e82545_tx_thread has a return type declared but
doesn't return anything.  Annotate the procedure with _Noreturn.

Reviewed by:	grehan
Approved by:	markj (mentor)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11774
2017-07-28 21:42:59 +00:00
Bryan Drewery
7c2f06da87 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-07-10 23:52:04 +00:00
Marcelo Araujo
daaa9bf1df Check if pthread_create(3) successfully created the thread prior to call
pthread_join(3). The variable tid is not yet initialized in case
the authentication fails at early stage, that would lead pthread_join be
called with an uninitialized variable.

CID:		1375950
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11150
2017-06-16 01:26:01 +00:00
Marcelo Araujo
426729f77f Initialize variables and use byteorder(9) instead of aliasing char array
buf via uint32_t pointer.

CID:		1375949
Reported by:	Coverity, cem
Reviewed by:	cem
MFC after:	3 weeks
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11153
2017-06-15 06:21:01 +00:00
Marcelo Araujo
1d1a17a342 Make the VNC authentication build with LibreSSL on HardenedBSD and TrueOS.
PR:		219790
Submitted by:	Shirkdog <mshirk@daemon-security.com>
Reviewed by:	grehan and rgrimes
MFC after:	4 weeks.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D11071
2017-06-08 04:54:15 +00:00
Marcelo Araujo
13eb5b4943 Bump manpage date. 2017-06-02 02:37:17 +00:00
Marcelo Araujo
f4d34383f9 Add VNC Authentication support based on RFC6143 section 7.2.2.
Submitted by:	Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
Reworked by:	myself
Reviewed by:	grehan, rgrimes and jilles
MFC after:	1 week.
Relnotes:	Yes.
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D10818
2017-06-02 02:35:16 +00:00
Pedro F. Giffuni
880f26f3eb bhyvegc_resize: make use of reallocarray(3) for bounds-checking.
Also add __FBSDID.

Reviewed by:	grehan

This file lacks a license(!) so for this change the following declaration
applies:

To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably
and unconditionally waives, abandons, and surrenders all of Affirmer's
Copyright and Related Rights and associated claims and causes of action,
whether now known or unknown (including existing as well as future claims
and causes of action).
2017-05-24 14:24:47 +00:00
Bryan Drewery
07676084ec DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:23 +00:00