Commit Graph

4754 Commits

Author SHA1 Message Date
markj
53d55c9af9 Plug memory disclosures via ptrace(2).
On some architectures, the structures returned by PT_GET*REGS were not
fully populated and could contain uninitialized stack memory.  The same
issue existed with the register files in procfs.

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Reviewed by:	kib
MFC after:	3 days
Security:	kernel stack memory disclosure
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18421
2018-12-03 20:54:17 +00:00
gonzo
6fb7a3e7ca Fix PCI driver unload for Marvell PCI controller
Add generic implementation for bus_deactivate_resource method. Without
it bus_release_resource fails with "Failed to release active resource"
message

MFC after:	1 week
2018-12-02 21:58:36 +00:00
kib
6dc902485b Fix off-by-one (page) errors in checks in d_mmap methods of several drivers.
Reported by:	C Turt <ecturt@gmail.com>
Reviewed by:	alc, markj
admbug:		781
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-12-02 18:30:58 +00:00
mmel
4dd1500004 Return computed real memory size, not a value from similarly named
global variable.

MFC after:	1 week
2018-12-02 07:39:16 +00:00
kib
df0eed217c Correct the tunable name in the message.
Submitted by:	 Andre Albsmeier <mail@fbsd.e4m.org>
PR:	231577
MFC after:	1 week
2018-12-01 16:43:18 +00:00
vangyzen
0e4f4afae7 Fix reporting of SS_ONSTACK
Fix reporting of SS_ONSTACK in nested signal delivery when sigaltstack()
is used on some architectures.

Add a unit test for this.  I tested the test by introducing the bug
on amd64.  I did not test it on other architectures.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D18347
2018-11-30 22:44:33 +00:00
vangyzen
3887aaa49b Prevent kernel stack disclosure in signal delivery
On arm64 and riscv platforms, sendsig() failed to zero the signal
frame before copying it out to userspace.  Zero it.

On arm, I believe all the contents of the frame were initialized,
so there was no disclosure.  However, explicitly zero the whole frame
because that fact could inadvertently change in the future,
it's more clear to the reader, and I could be wrong in the first place.

MFC after:	2 days
Security:	similar to FreeBSD-EN-18:12.mem and CVE-2018-17155
Sponsored by:	Dell EMC Isilon
2018-11-26 20:52:53 +00:00
manu
36193fb987 aw_usbphy: Do not error if it's not phy 0
Only phy0 can switch between host/otg, do not error if we request
host mode on phy != 0.

MFC after:	1 month
X-MFC with:	r340846
2018-11-26 14:27:13 +00:00
manu
8f14ae0e2c axp8xx: Rework the enable part and add the GPIOXLDO regulators
MFC after:	1 month
2018-11-23 19:45:57 +00:00
manu
89bd410ea5 a10_ehci: Always set the phy to host mode
MFC after:	1 month
2018-11-23 19:45:11 +00:00
manu
85e46d08b9 aw_usbphy: Convert to usbphy subclass
Instead of routing the phy when enabling it, do the configuration
and routing in the phynode_usb_set_mode function.
While here, if we don't have a vbus detection method, enable the phy
if requested.

MFC after:	1 month
2018-11-23 19:44:26 +00:00
jchandra
51870f602c acpica: rework INTRNG interrupts
On arm64 (where INTRNG is enabled), the interrupts have to be mapped
with ACPI_BUS_MAP_INTR() before adding them as resources to devices.

The earlier code did the mapping before calling acpi_set_resource(),
which bypassed code that checked for PCI link interrupts.

To fix this, move the call to map interrupts into acpi_set_resource()
and that requires additional work to lookup interrupt properties.
The changes here are to:
 * extend acpi_lookup_irq_handler() to lookup an irq in the ACPI
   resources
 * create a helper function acpi_map_intr() which uses the updated
   acpi_lookup_irq_handler() to look up an irq, and then map it
   with ACPI_BUS_MAP_INTR()
 * use acpi_map_intr() in acpi_pcib_route_interrupt() to map
   pci link interrupts.

With these changes, we can drop the ifdefs in acpi_resource.c, and
we can also drop the call for mapping interrupts in generic_timer.c

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17790
2018-11-19 03:02:47 +00:00
loos
14d479764c Set the SPI clock speed and polarity on each transfer to catch up with
recent changes in spibus and allow the use of different SPI modes on
the same bus.

Reported by:	ian
Sponsored by:	Rubicon Communications, LLC (Netgate)
2018-11-15 17:05:02 +00:00
loos
c668c242d9 Comment MD_ROOT and remove 'device re' which is not part of the system and
can be loaded as module.
2018-11-15 16:29:27 +00:00
loos
17aa0f3b22 Add the driver for the SPI controller on ARMADA38X.
Tested on Clearfog (Pro) and SG-3100.

Sponsored by:	Rubicon Communications, LLC (Netgate)
2018-11-14 14:26:32 +00:00
emaste
376dc4ec6e use -m ${LD_EMULATION} for binary->elf link invocation
r306041 changed ld invocations for converting binary files to kernel
ELF objects to pass -m, but missed bespoke ld invocations in a pair of
arm file configs (one of which has since been removed).

This is needed to support some external toolchains and lld.

Sponsored by:	The FreeBSD Foundation
2018-11-09 19:16:01 +00:00
jhb
81a93c8824 Add a KPI for the delay while spinning on a spin lock.
Replace a call to DELAY(1) with a new cpu_lock_delay() KPI.  Currently
cpu_lock_delay() is defined to DELAY(1) on all platforms.  However,
platforms with a DELAY() implementation that uses spin locks should
implement a custom cpu_lock_delay() doesn't use locks.

Reviewed by:	kib
MFC after:	3 days
2018-11-05 21:34:17 +00:00
kib
0c625bd638 Move the fixed base for PIE loading on arm.
Existing base causes conflicts for direct execution of ld-elf.so.1
because default linking base for non-PIE binaries is 0x10000.

Reported and tested by:	Mark Millard <marklmi26-fbsd@yahoo.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2018-11-04 19:11:32 +00:00
jhb
d180d56f38 Don't enter DDB for fatal traps before panic by default.
Add a new 'debugger_on_trap' knob separate from 'debugger_on_panic'
and make the calls to kdb_trap() in MD fatal trap handlers prior to
calling panic() conditional on this new knob instead of
'debugger_on_panic'.  Disable the new knob by default.  Developers who
wish to recover from a fatal fault by adjusting saved register state
and retrying the faulting instruction can still do so by enabling the
new knob.  However, for the more common case this makes the user
experience for panics due to a fatal fault match the user experience
for other panics, e.g. 'c' in DDB will generate a crash dump and
reboot the system rather than being stuck in an infinite loop of fatal
fault messages and DDB prompts.

Reviewed by:	kib, avg
MFC after:	2 months
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D17768
2018-11-01 21:34:17 +00:00
kevans
17b90b88be Compile in VERBOSE_SYSINIT support by default, remain silent by default
The loader tunable 'debug.verbose_sysinit' may be used to toggle verbosity.
This is added to the debugging section of these kernconfs to be turned off
in stable branches for clarity of intent.

MFC after:	never
2018-10-31 22:38:19 +00:00
brooks
fcc5d25798 Consolidate identical ELF auxargs type defintions.
All platforms except powerpc use the same values and powerpc shares a
majority of them.

Go ahead and declare AT_NOTELF, AT_UID, and AT_EUID in favor of the
unused AT_DCACHEBSIZE, AT_ICACHEBSIZE, and AT_UCACHEBSIZE for powerpc.

Reviewed by:	jhb, imp
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17397
2018-10-22 22:24:32 +00:00
jchandra
bc74db4aa3 arm generic_timer: fix armv8 timer desc
In the FDT based probe, check for "arm,armv8-timer" before "arm,armv7-timer".
This gets the description right when the timer node has both entries in
compatible list.
2018-10-21 02:12:26 +00:00
br
8f689f289e Revert r339421 due to unintended files included to commit.
Reported by:	ian
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
2018-10-18 15:17:58 +00:00
br
37b0ea8c02 Support RISC-V implementations that do not manage the A and D bits
(e.g. RocketChip, lowRISC and derivatives).

RISC-V page table entries support A (accessed) and D (dirty) bits. The
spec makes hardware support for these bits optional. Implementations that
do not manage these bits in hardware raise page faults for accesses to a
valid page without A set and writes to a writable page without D set.
Check for these types of faults when handling a page fault and fixup the
PTE without calling vm_fault if they occur.

Reviewed by:	jhb, markj
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17424
2018-10-18 15:08:14 +00:00
emaste
0e98cd4bfa Enable Capsicum on armv6/armv7
We ought to be consistent across our Tier-1 and nearly-Tier-1
architectures, so enable Capsicum for 32-bit armv6/armv7 by default.

PR:		204008
Reviewed by:	ian, oshogbo
Approved by:	re (gjb)
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17023
2018-09-13 21:00:17 +00:00
markj
46581896f3 Fix the 32-bit arm build.
X-MFC with:     r338537
Approved by:	re (rgrimes)
Sponsored by:	The FreeBSD Foundation
2018-09-08 23:39:26 +00:00
markj
8062037ce7 Bump MAX_HWCNT and MAX_EXCNT.
These limits are hit on the ThunderX.  Also make
arm_physmem_exclude_region() panic rather than fail silently if the
limit on excluded regions is reached.

PR:		231064
Reviewed by:	andrew
Approved by:	re (kib)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17073
2018-09-08 21:51:47 +00:00
andrew
f727f299ca Fix the GIC ACPI cross reference value.
To support INTRNG with ACPI we need to set a non-zero cross reference value
for the interrupt controller. The GICv3 driver already had this value set,
however it was missed in the GICv2 driver. Fix this by setting xref to the
correct value.

Approved by:	re (gjb)
2018-09-06 17:25:50 +00:00
andrew
9859163b84 Remove the check that the Arm generic interrupt controller variant is
non-zero. This is the case on qemu, so remove it to allow us to boot there.
This change is needed to boot on qemu with ACPI.

Approved by:	re (gjb)
2018-09-06 17:25:01 +00:00
manu
2502ba9b74 omap4_prcm: Delay the frequencies read check
Same as r333305, with Linux 4.17 dts the compatible for the prcm added
'simplebus', it mean that the simplebus driver will attach to it
at the BUS_PASS_BUS pass.
Change the pass for the prcm driver to be at BUS_PASS_BUS so we will win
the attach.
This introduce a problem as this driver needs the omap_scm one to be already
attached. omap_scm also attach at BUS_PASS_BUS but after the prcm one as it is
after in the dtb and the simplebus driver simpy walk the tree to attach it's
children.
Use the bus_new_pass method to defer the frequencies read at BUS_PASS_TIMER.
This fixes booting on pandaboard

Approved by:	re (rgrimes)
2018-08-30 14:32:47 +00:00
manu
2a0d911790 arm64: GENERIC-MMCCAM: Fix build and module depend
Fix the build of the GENERIC-MMCCAM kernel config after the sdhci_xenon
driver was commited.
While here correct sdhci_fdt and tegra_sdhci, even with MMCCAM they do
need to depend on sdhci(4)

Reported by:	Reshetnikov Dmitriy <genserg@hotmail.com>
Approved by:	re (kib)
Sponsored by:	Rubicon Communications, LLC ("NetGate")
2018-08-29 14:01:27 +00:00
kib
acc0761238 Remove {max/min}_offset() macros, use vm_map_{max/min}() inlines.
Exposing max_offset and min_offset defines in public headers is
causing clashes with variable names, for example when building QEMU.

Based on the submission by:	royger
Reviewed by:	alc, markj (previous version)
Sponsored by:	The FreeBSD Foundation (kib)
MFC after:	1 week
Approved by:	re (marius)
Differential revision:	https://reviews.freebsd.org/D16881
2018-08-29 12:24:19 +00:00
andrew
23eccc1282 Use the correct register when storing the arm VFP state.
Previously we have been lucky where the state was already in r0, however
this is not guaranteed. Use the passed in register as the location to
store the upper half of the arm VFP registers rather than relying on it
being r0.

Approved by:	re (kib)
2018-08-27 10:08:27 +00:00
markm
d8723e8b03 Remove the Yarrow PRNG algorithm option in accordance with due notice
given in random(4).

This includes updating of the relevant man pages, and no-longer-used
harvesting parameters.

Ensure that the pseudo-unit-test still does something useful, now also
with the "other" algorithm instead of Yarrow.

PR:		230870
Reviewed by:	cem
Approved by:	so(delphij,gtetlow)
Approved by:	re(marius)
Differential Revision:	https://reviews.freebsd.org/D16898
2018-08-26 12:51:46 +00:00
alc
3799d78beb Eliminate the arena parameter to kmem_free(). Implicitly this corrects an
error in the function hypercall_memfree(), where the wrong arena was being
passed to kmem_free().

Introduce a per-page flag, VPO_KMEM_EXEC, to mark physical pages that are
mapped in kmem with execute permissions.  Use this flag to determine which
arena the kmem virtual addresses are returned to.

Eliminate UMA_SLAB_KRWX.  The introduction of VPO_KMEM_EXEC makes it
redundant.

Update the nearby comment for UMA_SLAB_KERNEL.

Reviewed by:	kib, markj
Discussed with:	jeff
Approved by:	re (marius)
Differential Revision:	https://reviews.freebsd.org/D16845
2018-08-25 19:38:08 +00:00
imp
ae526637c4 Revert drm2 removal.
Revert r338177, r338176, r338175, r338174, r338172

After long consultations with re@, core members and mmacy, revert
these changes. Followup changes will be made to mark them as
deprecated and prent a message about where to find the up-to-date
driver.  Followup commits will be made to make this clear in the
installer. Followup commits to reduce POLA in ways we're still
exploring.

It's anticipated that after the freeze, this will be removed in
13-current (with the residual of the drm2 code copied to
sys/arm/dev/drm2 for the TEGRA port's use w/o the intel or
radeon drivers).

Due to the impending freeze, there was no formal core vote for
this. I've been talking to different core members all day, as well as
Matt Macey and Glen Barber. Nobody is completely happy, all are
grudgingly going along with this. Work is in progress to mitigate
the negative effects as much as possible.

Requested by: re@ (gjb, rgrimes)
2018-08-24 00:02:00 +00:00
manu
cf3e18f4f6 a10_timer: Update the driver so we can use it on other SoC
a10_timer is currently use in UP allwinner SoC (A10 and A13).
Those don't have the generic arm timer.
The arm generic timecounter is broken in the A64 SoC, some attempts have
been made to fix the glitch but users still reported some minor ones.
Since the A64 (and all Allwinner SoC) still have this timer controller, rework
the driver so we can use it in any SoC.
Since it doesn't have the 64 bits counter on all SoC, use one of the
generic 32 bits counter as the timecounter source.

PR:	229644
2018-08-23 18:46:05 +00:00
manu
9eed76bc86 aw_mmc: Handle MMCBR_IVAR_RETUNE_REQ
Without this the mmc stack sometimes think that we are in in a retune
operation and some command like switch the bus width to 4 bits failed.
We now switch correctly to 4 bits mode for sd card.

Reported by:	jmg, others in pine64 irc channel
2018-08-23 18:33:42 +00:00
markj
1d715a5168 Prepare the kernel linker to handle PC-relative ifunc relocations.
The boot-time ifunc resolver assumes that it only needs to apply
IRELATIVE relocations to PLT entries.  With an upcoming optimization,
this assumption no longer holds, so add the support required to handle
PC-relative relocations targeting GNU_IFUNC symbols.
- Provide a custom symbol lookup routine that can be used in early boot.
  The default lookup routine uses kobj, which is not functional at that
  point.
- Apply all existing relocations during boot rather than filtering
  IRELATIVE relocations.
- Ensure that we continue to apply ifunc relocations in a second pass
  when loading a kernel module.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16749
2018-08-22 20:44:30 +00:00
mmacy
af50db24ca disconnect drm2 from tegra build until made self-contained 2018-08-22 02:18:45 +00:00
alc
4ce21fcbea Eliminate kmem_malloc()'s unused arena parameter. (The arena parameter
became unused in FreeBSD 12.x as a side-effect of the NUMA-related
changes.)

Reviewed by:	kib, markj
Discussed with:	jeff, re@
Differential Revision:	https://reviews.freebsd.org/D16825
2018-08-21 16:43:46 +00:00
imp
55a022ee32 Move options INTRNG into std.armv6 and std.armv7
INTRNG is required on all armv6 and armv7 systems, so make it
standard.
2018-08-20 20:31:53 +00:00
alc
71b5b012c4 Eliminate kmem_alloc_contig()'s unused arena parameter.
Reviewed by:	hselasky, kib, markj
Discussed with:	jeff
Differential Revision:	https://reviews.freebsd.org/D16799
2018-08-20 15:57:27 +00:00
mmacy
5910d436b2 add snps IP uart support / genaralize UART
This is an amalgam of a patch by Doug Ambrisko to
generalize uart_acpi_find_device, imp moving the
ACPI table to uart_dev_ns8250.c and advice by jhb
to work around a bug in the EPYC 3151 BIOS
(the BIOS incorrectly marks the serial ports as
disabled)

Reviewed by: imp
MFC after: 8 weeks
Differential Revision: https://reviews.freebsd.org/D16432
2018-08-19 21:10:21 +00:00
manu
a6f0cd92bb arm64: allwinner: Add aw_syscon driver to GENERIC
Recent DTS use the syscon for the emac controller.
We support this but since U-Boot is still using old DTS it was never
needed for us to add this support, but this is a problem when using upstream
recent DTS and will be when U-Boot will catch up.

While here add a new compatible to the aw_syscon driver as Linux changed it ...
2018-08-19 18:55:33 +00:00
alc
576f60d450 Oops. r338030 didn't eliminate the unused arena argument from all of
kmem_alloc_attr()'s callers.  Correct that mistake.
2018-08-18 22:35:19 +00:00
jhb
5f8e558a6b Make 'device crypto' lines more consistent.
- In configurations with a pseudo devices section, move 'device crypto'
  into that section.
- Use a consistent comment.  Note that other things common in kernel
  configs such as GELI also require 'device crypto', not just IPSEC.

Reviewed by:	rgrimes, cem, imp
Differential Revision:	https://reviews.freebsd.org/D16775
2018-08-18 20:32:08 +00:00
cem
5dee150170 arm: Define crypto option on platforms that include IPsec
Missed in r337940.

(It's not like there are any crypto files IPsec doesn't pull in, so it is
unclear what not defining the crypto option was supposed to achieve.)

Reported by:	np@
2018-08-17 01:04:02 +00:00
andrew
28df9253f1 Remove the L1 and L2 xscale page defines and rename the generic macros to
the common name. While here move the macros to check these into pmap-v4.c
as they're only used there.

Sponsored by:	DARPA, AFRL
2018-08-16 10:00:51 +00:00
andrew
a8ffd76314 Remove pmap_kenter_section from the arm pmap. It's unused.
Sponsored by:	DARPA, AFRL
2018-08-15 14:57:34 +00:00