Commit Graph

231847 Commits

Author SHA1 Message Date
Kyle Evans
db911ed570 Rename volume label for ESP
Harry Schmalzbauer reports that some firmware, in his experience, trips
over the ESP we install due to the volume label. It has been theorized that
this is due to some confusion with the label and the path on the ESP to
boot1.efi.

Regardless, Harry found that renaming the label seems to fix it.

PR:		214282
MFC after:	3 days
2018-04-16 13:18:18 +00:00
Toomas Soome
6d68f8acf4 loader: make sure we do not return garbage from help_getnext
Since we do free subtopic and desc in help_getnext(), we need to set them also
NULL, so we make sure we dont get double free().

Approved by:	bapt
Differential Revision:	https://reviews.freebsd.org/D15082
2018-04-16 12:46:14 +00:00
Andriy Gapon
020d6f96e3 mountd: fix a crash when getgrouplist reports too many groups
Previously the code only warned about the condition and then happily
proceeded to use the too large value resulting in the array
out-of-bounds access.

Obtained from:	Panzura (Chuanbo Zheng)
MFC after:	10 days
Sponsored by:	Panzura
2018-04-16 09:17:36 +00:00
Toomas Soome
746dddb134 loader: command_errmsg should be const
Use const char * for command_errmsg.
2018-04-16 08:41:44 +00:00
Toomas Soome
faa5306390 loader: make sure we use snprintf() in commands.c
Safeguard against memory corruptions.
2018-04-16 08:15:50 +00:00
Edward Tomasz Napierala
88876b6500 Fix ObsoleteFiles.inc entry for libstand.3.
MFC after:	2 weeks
2018-04-16 08:03:18 +00:00
Toomas Soome
5276f60430 loader: provide values in help_getnext()
With r328289 we attempt to make sure we free the resources allocated in
help_getnext(), however, it is possible that we get no resources allocated
and help_getnext() will return early.

Make sure we have pointers set to NULL early in help_getnext().

Reported by:	Andy Fiddaman
2018-04-16 07:26:23 +00:00
Justin Hibbits
3877c32ec9 Use a resource hint instead of environment variable for DIU mode
This makes it more consistent with FreeBSD norms, rather than using Linux's
norms.  Now, instead of needing an environment variable

  video-mode=fslfb:1280x1024@60

Now one would use a hint:

  hint.fb.0.mode=1280x1024@60
2018-04-16 04:02:53 +00:00
Ian Lepore
c1ee3587a1 Fix cut-and-pasted line to have the right option letter.
Reported by:	0mp@
Pointy hat:	ian@
2018-04-16 03:35:43 +00:00
Alexander Motin
bbbac409fe 9433 Fix ARC hit rate
When the compressed ARC feature was added in commit d3c2ae1
the method of reference counting in the ARC was modified.  As
part of this accounting change the arc_buf_add_ref() function
was removed entirely.

This would have be fine but the arc_buf_add_ref() function
served a second undocumented purpose of updating the ARC access
information when taking a hold on a dbuf.  Without this logic
in place a cached dbuf would not migrate its associated
arc_buf_hdr_t to the MFU list.  This would negatively impact
the ARC hit rate, particularly on systems with a small ARC.

This change reinstates the missing call to arc_access() from
dbuf_hold() by implementing a new arc_buf_access() function.

Reviewed-by: Giuseppe Di Natale <dinatale2@llnl.gov>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Tim Chase <tim@chase2k.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
2018-04-16 00:54:58 +00:00
Ian Lepore
37820b8746 Add an option to daemon(8) to specify a delay between restarts of a
supervised program.  The existing -r option has a hard-coded delay of one
second.  This change adds a -R option which takes a delay in seconds.  This
can be used to prevent log spam and rapid restarts, similar to init(8)'s
behavior of adding a delay between rapid restarts when it's supervising a
program.
2018-04-15 21:46:08 +00:00
Navdeep Parhar
0d7404ba76 Fix typo in cxgbetool.8. 2018-04-15 19:23:37 +00:00
Brooks Davis
e104b889db Manpages are .gz files.
Reported by:	trasz
2018-04-15 15:23:47 +00:00
Brooks Davis
5aafa305af Remove device cm which was removed in r332490. 2018-04-15 15:06:07 +00:00
Ed Schouten
5caf54c7a4 Use proper alphabetic sorting of options. 2018-04-15 08:44:26 +00:00
Ed Schouten
1a874a126a Add RFC 5424 syslog message output to syslogd.
- Move all of the code responsible for transmitting log messages into a
  separate function, fprintlog_write().
- Instead of manually modifying a list of iovecs, add a structure
  iovlist with some helper functions.
- Alter the F_FORW (UDP message forwarding) case to also use iovecs like
  the other cases. Use sendmsg() instead of sendto().
- In the case of F_FORW, truncate the message to a size dependent on the
  address family (AF_INET, AF_INET6), as proposed by RFC 5426.
- Move all traditional message formatting into fprintlog_bsd(). Get rid
  of some of the string copying and snprintf()'ing. Simply emit more
  iovecs to get the job done.
- Increase ttymsg()'s limit of 7 iovecs to 32. Add a definition for this
  limit, so it can be reused by iovlist.
- Add fprintlog_rfc5424() to emit RFC 5424 formatted log entries.
- Add a "-O" command line option to enable RFC 5424 formatting. It would
  have been nicer if we supported "-o rfc5424", just like on NetBSD.
  Unfortunately, the "-o" flag is already used for a different purpose
  on FreeBSD.
- Don't truncate hostnames in the RFC 5424 case, as suggested by that
  specific RFC.

For people interested in using this, this feature can be enabled by
adding the following line to /etc/rc.conf:

  syslogd_flags="-s -O rfc5424"

Differential Revision:	https://reviews.freebsd.org/D15011
2018-04-15 08:34:16 +00:00
Warner Losh
5bc896bcc2 Make first a 'bool' instead of a 'boolean_t'.
'bool' is preferred to 'boolean_t'. We only get the boolean_t
definition by header pollution (though the same is true for
bool). Since we use both, switch entirely to bool.

Note: We still have TRUE/FALSE instead of true/false in heavy use in
the rest of the file. These are with ints of various flavors, so
that's appropriate, even though we should eventually migrate to bool
and true/false (though the tables they are in are nicely packed with
short and wouldn't be so nicely packed with bool, another reason
to leave it alone for now).
2018-04-14 22:14:18 +00:00
Eitan Adler
881597c36c amd: correct formatting of 'SEE ALSO' 2018-04-14 21:54:22 +00:00
Navdeep Parhar
1131c927c4 cxgbe(4): Add support for Connection Offload Policy (aka COP).
COP allows fine-grained control on whether to offload a TCP connection
using t4_tom, and what settings to apply to a connection selected for
offload.  t4_tom must still be loaded and IFCAP_TOE must still be
enabled for full TCP offload to take place on an interface.  The
difference is that IFCAP_TOE used to be the only knob and would enable
TOE for all new connections on the inteface, but now the driver will
also consult the COP, if any, before offloading to the hardware TOE.

A policy is a plain text file with any number of rules, one per line.
Each rule has a "match" part consisting of a socket-type (L = listen,
A = active open, P = passive open, D = don't care) and a pcap-filter(7)
expression, and a "settings" part that specifies whether to offload the
connection or not and the parameters to use if so.  The general format
of a rule is: [socket-type] expr => settings

Example.  See cxgbetool(8) for more information.
[L] ip && port http => offload
[L] port 443 => !offload
[L] port ssh => offload
[P] src net 192.168/16 && dst port ssh => offload !nagle !timestamp cong newreno
[P] dst port ssh => offload !nagle ecn cong tahoe
[P] dst port http => offload
[A] dst port 443 => offload tls
[A] dst net 192.168/16 => offload !timestamp cong highspeed

The driver processes the rules for each new listen, active open, or
passive open and stops at the first match.  There is an implicit rule at
the end of every policy that prohibits offload when no rule in the
policy matches:
[D] all => !offload

This is a reworked and expanded version of a patch submitted by
Krishnamraju Eraparaju @ Chelsio.

Sponsored by:	Chelsio Communications
2018-04-14 19:07:56 +00:00
Konstantin Belousov
23084818ff Set PG_G global mapping bit on the trampoline ptes.
Trampoline mappings are better treated as global since they are valid
in all address spaces, even for PTI.  pmap_invalidate_range() must work
on global mappings for pti since kernel_pmap invalidations are really
same as for non-PTI.

Reviewed by:	alc, markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D15052
2018-04-14 17:33:16 +00:00
Dimitry Andric
6ec30ab86a Revert r332501 for now, as it can cause build failures on i386.
Reported upstream as <https://bugs.llvm.org/show_bug.cgi?id=37133>.

Reported by:	emaste, ci.freebsd.org
PR:		225330
2018-04-14 14:57:32 +00:00
Dimitry Andric
0ae629bdd6 Pull in r325446 from upstream clang trunk (by me):
[X86] Add 'sahf' CPU feature to frontend

  Summary:
  Make clang accept `-msahf` (and `-mno-sahf`) flags to activate the
  `+sahf` feature for the backend, for bug 36028 (Incorrect use of
  pushf/popf enables/disables interrupts on amd64 kernels).  This was
  originally submitted in bug 36037 by Jonathan Looney
  <jonlooney@gmail.com>.

  As described there, GCC also uses `-msahf` for this feature, and the
  backend already recognizes the `+sahf` feature. All that is needed is
  to teach clang to pass this on to the backend.

  The mapping of feature support onto CPUs may not be complete; rather,
  it was chosen to match LLVM's idea of which CPUs support this feature
  (see lib/Target/X86/X86.td).

  I also updated the affected test case (CodeGen/attr-target-x86.c) to
  match the emitted output.

  Reviewers: craig.topper, coby, efriedma, rsmith

  Reviewed By: craig.topper

  Subscribers: emaste, cfe-commits

  Differential Revision: https://reviews.llvm.org/D43394

Pull in r328944 from upstream llvm trunk (by Chandler Carruth):

  [x86] Expose more of the condition conversion routines in the public
  API for X86's instruction information. I've now got a second patch
  under review that needs these same APIs. This bit is nicely
  orthogonal and obvious, so landing it. NFC.

Pull in r329414 from upstream llvm trunk (by Craig Topper):

  [X86] Merge itineraries for CLC, CMC, and STC.

  These are very simple flag setting instructions that appear to only
  be a single uop. They're unlikely to need this separation.

Pull in r329657 from upstream llvm trunk (by Chandler Carruth):

  [x86] Introduce a pass to begin more systematically fixing PR36028
  and similar issues.

  The key idea is to lower COPY nodes populating EFLAGS by scanning the
  uses of EFLAGS and introducing dedicated code to preserve the
  necessary state in a GPR. In the vast majority of cases, these uses
  are cmovCC and jCC instructions. For such cases, we can very easily
  save and restore the necessary information by simply inserting a
  setCC into a GPR where the original flags are live, and then testing
  that GPR directly to feed the cmov or conditional branch.

  However, things are a bit more tricky if arithmetic is using the
  flags.  This patch handles the vast majority of cases that seem to
  come up in practice: adc, adcx, adox, rcl, and rcr; all without
  taking advantage of partially preserved EFLAGS as LLVM doesn't
  currently model that at all.

  There are a large number of operations that techinaclly observe
  EFLAGS currently but shouldn't in this case -- they typically are
  using DF.  Currently, they will not be handled by this approach.
  However, I have never seen this issue come up in practice. It is
  already pretty rare to have these patterns come up in practical code
  with LLVM. I had to resort to writing MIR tests to cover most of the
  logic in this pass already.  I suspect even with its current amount
  of coverage of arithmetic users of EFLAGS it will be a significant
  improvement over the current use of pushf/popf. It will also produce
  substantially faster code in most of the common patterns.

  This patch also removes all of the old lowering for EFLAGS copies,
  and the hack that forced us to use a frame pointer when EFLAGS copies
  were found anywhere in a function so that the dynamic stack
  adjustment wasn't a problem. None of this is needed as we now lower
  all of these copies directly in MI and without require stack
  adjustments.

  Lots of thanks to Reid who came up with several aspects of this
  approach, and Craig who helped me work out a couple of things
  tripping me up while working on this.

  Differential Revision: https://reviews.llvm.org/D45146

Pull in r329673 from upstream llvm trunk (by Chandler Carruth):

  [x86] Model the direction flag (DF) separately from the rest of
  EFLAGS.

  This cleans up a number of operations that only claimed te use EFLAGS
  due to using DF. But no instructions which we think of us setting
  EFLAGS actually modify DF (other than things like popf) and so this
  needlessly creates uses of EFLAGS that aren't really there.

  In fact, DF is so restrictive it is pretty easy to model. Only STD,
  CLD, and the whole-flags writes (WRFLAGS and POPF) need to model
  this.

  I've also somewhat cleaned up some of the flag management instruction
  definitions to be in the correct .td file.

  Adding this extra register also uncovered a failure to use the
  correct datatype to hold X86 registers, and I've corrected that as
  necessary here.

  Differential Revision: https://reviews.llvm.org/D45154

Together, these should ensure clang does not use pushf/popf sequences to
save and restore flags, avoiding problems with unrelated flags (such as
the interrupt flag) being restored unexpectedly.

Requested by:	jtl
PR:		225330
MFC after:	1 week
2018-04-14 12:07:05 +00:00
Eitan Adler
a3d2e7b1ca sys: remove 'cm' from notes
Followup to r332490

MFC After:	never
PR:		182297
2018-04-14 08:05:42 +00:00
Conrad Meyer
41bd31e656 expr(1): Fix overflow detection when operand is INTMAX_MIN
PR:		227329
Submitted by:	Tobias Stoeckmann <tobias AT stoeckmann.org>
2018-04-14 04:35:10 +00:00
Conrad Meyer
f6e61711ed cpufreq: Remove error-prone table terminators in favor of automatic sizing
PR:		227388
Reported by:	Vladimir Machulsky <xdelta AT meta.ua>
Sponsored by:	Dell EMC Isilon
2018-04-14 03:15:05 +00:00
Brooks Davis
3a4fc8a8a1 Remove support for the Arcnet protocol.
While Arcnet has some continued deployment in industrial controls, the
lack of drivers for any of the PCI, USB, or PCIe NICs on the market
suggests such users aren't running FreeBSD.

Evidence in the PR database suggests that the cm(4) driver (our sole
Arcnet NIC) was broken in 5.0 and has not worked since.

PR:		182297
Reviewed by:	jhibbits, vangyzen
Relnotes:	yes
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15057
2018-04-13 21:18:04 +00:00
Konstantin Belousov
d86c1f0dc1 i386 4/4G split.
The change makes the user and kernel address spaces on i386
independent, giving each almost the full 4G of usable virtual addresses
except for one PDE at top used for trampoline and per-CPU trampoline
stacks, and system structures that must be always mapped, namely IDT,
GDT, common TSS and LDT, and process-private TSS and LDT if allocated.

By using 1:1 mapping for the kernel text and data, it appeared
possible to eliminate assembler part of the locore.S which bootstraps
initial page table and KPTmap.  The code is rewritten in C and moved
into the pmap_cold(). The comment in vmparam.h explains the KVA
layout.

There is no PCID mechanism available in protected mode, so each
kernel/user switch forth and back completely flushes the TLB, except
for the trampoline PTD region. The TLB invalidations for userspace
becomes trivial, because IPI handlers switch page tables. On the other
hand, context switches no longer need to reload %cr3.

copyout(9) was rewritten to use vm_fault_quick_hold().  An issue for
new copyout(9) is compatibility with wiring user buffers around sysctl
handlers. This explains two kind of locks for copyout ptes and
accounting of the vslock() calls.  The vm_fault_quick_hold() AKA slow
path, is only tried after the 'fast path' failed, which temporary
changes mapping to the userspace and copies the data to/from small
per-cpu buffer in the trampoline.  If a page fault occurs during the
copy, it is short-circuit by exception.s to not even reach C code.

The change was motivated by the need to implement the Meltdown
mitigation, but instead of KPTI the full split is done.  The i386
architecture already shows the sizing problems, in particular, it is
impossible to link clang and lld with debugging.  I expect that the
issues due to the virtual address space limits would only exaggerate
and the split gives more liveness to the platform.

Tested by: pho
Discussed with:	bde
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D14633
2018-04-13 20:30:49 +00:00
Brooks Davis
1315f9b59f Fix build on 32-bit systems. 2018-04-13 19:43:23 +00:00
Baptiste Daroussin
8e877d85dc pkg: accept -y and --yes from arguments
By popular demand, pkg now walks thought the arguments passed and
if it finds -y or --yes it does accept those as equivalent of
ASSUME_ALWAYS_YES env var.

Requested by:	many
MFC after:	1 week
2018-04-13 18:25:00 +00:00
Kyle Evans
e69f393430 dtc(1): Update to upstream 006664a
Highlights:

- Passing "-" to -o will now cause output to go to stdout
- Path-based syntactic sugar for overlays is now accepted. This looks like:

/dts-v1/;
/plugin/;

&{/soc} {
    sid: eeprom@1c14000 {
        compatible = "allwinner,sun8i-h3-sid";
        reg = <0x1c14000 0x400>;
        status = "okay";
    };
};

MFC after:	3 days
2018-04-13 18:04:51 +00:00
Ed Maste
55efba01c6 Correct tom-thumb vt font glyphs
A few glyphs were converted incorrectly:
U+00A6 broken bar - center
U+2022 bullet - center
U+2026 horizontal ellipsis - move to bottom of character cell
2018-04-13 17:37:39 +00:00
Tycho Nightingale
6ac73777ea Add SDT probes to vmexit on Intel.
Submitted by:	domagoj.stolfa_gmail.com
Reviewed by:	grehan, tychon
Sponsored by:	DARPA/AFRL
Differential Revision:	https://reviews.freebsd.org/D14656
2018-04-13 17:23:05 +00:00
Ed Maste
7075c67633 Add tom-thumb, a tiny (4x6) vt font
Obtained from:	https://robey.lag.net/2010/01/23/tiny-monospace-font.html
MFC after:	2 weeks
2018-04-13 16:54:49 +00:00
Warner Losh
c67f3c609b Just assert that the lock is held here, rather than taking it out and
dropping it.

Sponsored by: Netflix
2018-04-13 16:45:35 +00:00
Andrey V. Elsukov
56c989dff2 Add check that mbuf had not multicast layer2 address.
Such packets should be handled by ip6_mforward().

Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2018-04-13 16:13:59 +00:00
Ruslan Bukin
b8f915ab24 Convert atse(4) driver for Altera Triple-Speed Ethernet MegaCore to use
xdma(4) interface.

This allows us to switch between Altera mSGDMA or SoftDMA engines used by
atse(4) device.

This also makes atse(4) driver become 25% smaller.

Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9618
2018-04-13 15:59:24 +00:00
Ruslan Bukin
36f5f2fb30 Add beripic1, msgdma and softdma instances.
Sponsored by:	DARPA, AFRL
2018-04-13 15:18:06 +00:00
Ruslan Bukin
8f89e7db08 Add driver for Altera SoftDMA® device.
SoftDMA is a software implementation of DMA engine built using Altera
FIFO component.

Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9620
2018-04-13 14:18:04 +00:00
Ram Kishore Vegesna
80b5058dcc Check if STACK is defined before using the stack(9).
PR: 227446
Reported by: emaste
Approved by: ken
2018-04-13 13:31:20 +00:00
Ruslan Bukin
4be5a951f6 Add driver for Altera modular Scatter-Gather DMA engine (mSGDMA).
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D9619
2018-04-13 13:23:31 +00:00
Ruslan Bukin
c42f10a257 Add driver for ARM PrimeCell PL330 DMA engine.
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D10201
2018-04-13 12:43:54 +00:00
Ruslan Bukin
b06154ea03 Don't include sys/bus_dma.h directly, use machine/bus.h instead.
Sponsored by:	DARPA, AFRL
2018-04-13 12:41:51 +00:00
Andrey V. Elsukov
5f69d0a4ff To avoid possible deadlock do not acquire JQUEUE_LOCK before callout_drain.
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2018-04-13 10:03:30 +00:00
Baptiste Daroussin
64966663a8 reinstall the roff(7) manpage
When we had both groff and mandoc in base, we decided to keep the roff(7)
manpage from groff. when remoing groff, we forgot to install the mandoc version
instead.

This fixes it.

Reported by:	trasz
MFC after:	1 week
2018-04-13 09:04:31 +00:00
Andrey V. Elsukov
2d8fcffb99 Fix integer types mismatch for flags field in nat64stl_cfg structure.
Also preserve internal flags on NAT64STL reconfiguration.

Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2018-04-12 21:29:40 +00:00
Kenneth D. Merry
fc774835cb Handle Programmable Early Warning for control commands in sa(4).
When the tape position is inside the Early Warning area, the tape
drive will return a sense key of NO SENSE, and an ASC/ASCQ of
0x00,0x02, which means: End-of-partition/medium detected".  If
this was in response to a control command like WRITE FILEMARKS,
we correctly translate this as informational status and return
0 from saerror().

Programmable Early Warning should be handled the same way, but
we weren't handling it that way.  As a result, if a PEW status
(sense key of NO SENSE, ASC/ASCQ of 0x00,0x07, "Programmable early
warning detected") came back in response to a WRITE FILEMARKS,
we returned an error.

The impact of this was that if an application was writing to a
sa(4) device, and a PEW area was set (in the Device Configuration
Extension subpage -- mode page 0x10, subpage 1), and a filemark
needed to be written on close, we could wind up returning an error
to the user on close because of a "failure" to write the filemarks.

It actually isn't a failure, but rather just a status report from
the drive, and shouldn't be treated as a failure.

sys/cam/scsi/scsi_sa.c:
	For control commands in saerror(), treat asc/ascq 0x00,0x07
	the same as 0x00,{0-5} -- not an error.  Return 0, since
	the command actually did succeed.

Reported by:	Dr. Andreas Haakh <andreas@haakh.de>
Tested by:	Dr. Andreas Haakh <andreas@haakh.de>
Sponsored by:	Spectra Logic
MFC after:	3 days
2018-04-12 21:21:18 +00:00
Andrey V. Elsukov
eed302572a Use cfg->nomatch_verdict as return value from NAT64LSN handler when
given mbuf is considered as not matched.

If mbuf was consumed or freed during handling, we must return
IP_FW_DENY, since ipfw's pfil handler ipfw_check_packet() expects
IP_FW_DENY when mbuf pointer is NULL. This fixes KASSERT panics
when NAT64 is used with INVARIANTS. Also remove unused nomatch_final
field from struct nat64lsn_cfg.

Reported by:	Justin Holcomb <justin at justinholcomb dot me>
Obtained from:	Yandex LLC
MFC after:	1 week
Sponsored by:	Yandex LLC
2018-04-12 21:13:30 +00:00
Andrey V. Elsukov
c570565f12 Migrate NAT64 to FIB KPI.
Obtained from:	Yandex LLC
MFC after:	1 week
2018-04-12 21:05:20 +00:00
Bryan Drewery
4f6de62991 Use known SRCTOP if possible to determine SYSDIR.
Suggested by:	sjg
Sponsored by:	Dell EMC
2018-04-12 20:48:17 +00:00
Konstantin Belousov
7c5d1690e9 Fix PSL_T inheritance on exec for x86.
The miscellaneous x86 sysent->sv_setregs() implementations tried to
migrate PSL_T from the previous program to the new executed one, but
they evaluated regs->tf_eflags after the whole regs structure was
bzeroed.  Make this functional by saving PSL_T value before zeroing.

Note that if the debugger is not attached, executing the first
instruction in the new program with PSL_T set results in SIGTRAP, and
since all intercepted signals are reset to default dispostion on
exec(2), this means that non-debugged process gets killed immediately
if PSL_T is inherited.  In particular, since suid images drop
P_TRACED, attempt to set PSL_T for execution of such program would
kill the process.

Another issue with userspace PSL_T handling is that it is reset by
trap().  It is reasonable to clear PSL_T when entering SIGTRAP
handler, to allow the signal to be handled without recursion or
delivery of blocked fault.  But it is not reasonable to return back to
the normal flow with PSL_T cleared.  This is too late to change, I
think.

Discussed with:	bde, Ali Mashtizadeh
Sponsored by:	The FreeBSD Foundation
MFC after:	3 weeks
Differential revision:	https://reviews.freebsd.org/D14995
2018-04-12 20:43:39 +00:00