266250 Commits

Author SHA1 Message Date
kib
2454094f8f smrstress: Add 'publishing' fences to operations on smrs_current.
Reported and tested by:	andrew
Reviewed by:	jeff
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D23440
2020-01-31 20:30:50 +00:00
dim
fbaf16dba8 Merge r357348 from the clang 10.0.0 import branch:
Disable new clang 10.0.0 warnings about converting the result of shift
operations to a boolean in tpm(4):

sys/dev/tpm/tpm_crb.c:301:32: error: converting the result of '<<' to a boolean; did you mean '(1 << (0)) != 0'? [-Werror,-Wint-in-bool-context]
        WR4(sc, TPM_CRB_CTRL_CANCEL, !TPM_CRB_CTRL_CANCEL_CMD);
                                      ^
sys/dev/tpm/tpm_crb.c:73:34: note: expanded from macro 'TPM_CRB_CTRL_CANCEL_CMD'
#define TPM_CRB_CTRL_CANCEL_CMD         BIT(0)
                                        ^
sys/dev/tpm/tpm20.h:60:19: note: expanded from macro 'BIT'
#define BIT(x) (1 << (x))
                  ^

Such warnings can be useful in C++ contexts, but not so much in kernel
drivers, where this type of bit twiddling is commonplace.  So disable it
for this case.

MFC after:	3 days
2020-01-31 19:36:14 +00:00
dim
cb6c6545f6 Merge r357345 from the clang1000-import branch:
Disable new clang 10.0.0 warnings about misleading indentation in flex.

As this is contributed code with very messy indentation, which will
almost certainly never be upgraded, just disable the warning.

MFC after:	3 days
2020-01-31 19:06:49 +00:00
dim
4716074cdc Merge r357342 from the clang1000-import branch:
Work around two -Werror warning issues in googletest, which have been
solved upstream in the mean time.

The first issue is because one of googletest's generated headers contain
classes with a user-declared copy assignment operator, but rely on the
generation by the compiler of an implicit copy constructor, which is now
deprecated:

/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/internal/gtest-param-util-generated.h:5284:8: error: definition of implicit copy constructor for 'CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' is deprecated because it has a user-declared copy assignment operator [-Werror,-Wdeprecated-copy]
  void operator=(const CartesianProductHolder3& other);
       ^
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/private/gtest/gtest-param-test.h:1277:10: note: in implicit copy constructor for 'testing::internal::CartesianProductHolder3<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' first required here
  return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
         ^
/usr/src/tests/sys/fs/fusefs/io.cc:534:2: note: in instantiation of function template specialization 'testing::Combine<testing::internal::ParamGenerator<bool>, testing::internal::ValueArray3<int, int, int>, testing::internal::ValueArray4<cache_mode, cache_mode, cache_mode, cache_mode> >' requested here
        Combine(Bool(),                                 /* async read */
        ^

For now, silence the warning using -Wno-deprecated-copy.

The second issue is because one of the googlemock test programs attempts
to use "unsigned wchar_t" and "signed wchar_t", which are non-standard
and at best, hazily defined:

contrib/googletest/googlemock/test/gmock-actions_test.cc:111:37: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
  EXPECT_EQ(0U, BuiltInDefaultValue<unsigned wchar_t>::Get());
                                    ^
contrib/googletest/googlemock/test/gmock-actions_test.cc:112:36: error: 'wchar_t' cannot be signed or unsigned [-Wsigned-unsigned-wchar]
  EXPECT_EQ(0, BuiltInDefaultValue<signed wchar_t>::Get());
                                   ^

For now, silence the warning using -Wno-signed-unsigned-wchar.

MFC after:	3 days
2020-01-31 19:06:01 +00:00
jhb
d57fc34f88 Add stricter checks on user changes to SSTATUS.
Rather than trying to blacklist which bits userland can't write to via
sigreturn() or setcontext(), only permit changes to whitelisted bits.

- Permit arbitrary writes to bits in the user-writable USTATUS
  register that shadows SSTATUS.

- Ignore changes in write-only bits maintained by the CPU.

- Ignore the user-supplied value of the FS field used to track
  floating point state and instead set it to a value matching the
  actions taken by set_fpcontext().

Discussed with:	mhorne
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23338
2020-01-31 19:00:48 +00:00
pfg
98ee34298d services: Add PROFInet and EtherCAT.
Both are used in industrial networks.

MFC after:	1 week
2020-01-31 18:55:21 +00:00
emaste
29b013aafb regen src.conf.5 after r357338 BSD_CRTBEGIN retirement 2020-01-31 18:26:13 +00:00
dim
cd66b87c72 Merge r357339 from the clang1000-import branch:
Fix the following -Werror warning from clang 10.0.0 in bsnmpd:

usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
                        return (-1);
                        ^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
                } else
                  ^

The intent was to group the return statement with the previous syslog()
call.

MFC after:	3 days
2020-01-31 18:13:00 +00:00
emaste
88ac2322be retire BSD_CRTBEGIN option
BSD crt is currently used on all architectures (other than sparc64).
Remove the option and use BSD crt everywhere as part of the GCC 4.2.1
retirement plan.

https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019823.html

PR:		239851
Reviewed by:	andrew, brooks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23122
2020-01-31 18:04:04 +00:00
jhb
a3a06cbef2 Fix 64-bit value of SSTATUS_SD to use an unsigned long.
While here, fix MSTATUS_SD to match SSTATUS_SD.

Reviewed by:	mhorne
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23434
2020-01-31 17:49:15 +00:00
cem
67866e8ee7 hwpstate(4): Ignore CurPstateLimit by default
Add a sysctl knob to allow users to re-enable it, and document the knob and
default in cpufreq.4.  (While here, add a few unrelated updates to
cpufreq.4.)

It seems that the register value in some hardware simply reflects the
configured P-state.  This results in an inadvertent and unintended outcome
where the P-state can only walk down, and then the driver becomes "stuck" in
the slowest possible P-state.

The Linux driver never consults this register, so that's some evidence that
ignoring the contents are relatively harmless.

PR:		234733
Reported by:	sigsys AT gmail.com, Erich Dollanksy <freebsd.ed.lists AT
		sumeritec.com>
2020-01-31 17:40:41 +00:00
kevans
35eb808ab8 RPI3: Add RPi4 firmware files to the FAT partition
I've discovered I have this local diff that never got committed -- this
should have been a part of r355424.

Reproted by:	Klaus Küchemann <maciphone2@googlemail.com>
2020-01-31 15:56:08 +00:00
markj
97176dfe26 Reimplement stack capture of running threads on i386 and amd64.
After r355784 the td_oncpu field is no longer synchronized by the thread
lock, so the stack capture interrupt cannot be delievered precisely.
Fix this using a loop which drops the thread lock and restarts if the
wrong thread was sampled from the stack capture interrupt handler.

Change the implementation to use a regular interrupt instead of an NMI.
Now that we drop the thread lock, there is no advantage to the latter.

Simplify the KPIs.  Remove stack_save_td_running() and add a return
value to stack_save_td().  On platforms that do not support stack
capture of running threads, stack_save_td() returns EOPNOTSUPP.  If the
target thread is running in user mode, stack_save_td() returns EBUSY.

Reviewed by:	kib
Reported by:	mjg, pho
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23355
2020-01-31 15:43:33 +00:00
andrew
832e6ede23 Call the MAPTI command earlier in the ITS driver
The GICv3 Software Overview suggests when allocating a new MSI/MSI-X
interrupt we need to call MAPD followed by MAPTI. Unfortunately the code
would place a MOVI command between these. This is invalid as it needs
values set by the MAPTI to be present.

Re-order so we allocate a temporary CPU for the interrupt, then use the
MAPTI command to assign the MSI to it.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2020-01-31 11:33:11 +00:00
mjg
9250db86b8 vfs: revert the overzealous assert added in r357285 to vgone
The intent was to make it more likely to catch filesystems with custom
need_inactive routines which fail to call vn_need_pageq_flush (or do an
equivalent).

One immediate case which is missed is vgone from called by inactive itself.

A better assertion may land later. The routine is not added to vputx because
it is of no use to tmpfs et al.

Reported by:	syzbot+5f697ec11f89b60941db@syzkaller.appspotmail.com
2020-01-31 11:31:14 +00:00
hselasky
eae8ab1a3a Revert r357293.
The netisr uses rm_ locks not rms_ locks as noted by jeff@ .

Sponsored by:	Mellanox Technologies
2020-01-31 10:51:13 +00:00
hselasky
1d3f5325b6 Widen EPOCH(9) usage in mlx4en(4).
Make sure all receive completion callbacks are covered by the network
EPOCH(9), because this is required when calling if_input() and
ether_input() after r357012.

Convert some spaces to tabs while at it.

Sponsored by:	Mellanox Technologies
2020-01-31 10:41:47 +00:00
andrew
86e6ac26b3 Only create one ITS configuration table
When there are multiple ITS devices in the system we would allocate a
configuration table for each, however only one table is needed as all the
ITS devices share this.

Allocate a table only when the global table is unset.

While here fix the type of this to be a pointer to a uint8_t array as the
entries are all 8 bits wide.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2020-01-31 10:30:13 +00:00
andrew
00c33c4006 Ignore the SMMUv3 and PMCG interrupt controller in the IORT tables
When mapping MSI/MSI-X interrupts throught he Arm IORT ACPI tables we may
need to ignore an interrupt controller even if it is within the bounds the
entry describes. When the SMMUv3 is not using GSIV (non-MSI/MSI-X)
interrupts we need to read the defined field. The Performance Monitoring
Counter Group always ignores the first table entry.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2020-01-31 09:51:38 +00:00
mjg
076981e2f3 zfs: convert z_teardown_inactive_lock to sleepable read-mostly lock
This eliminates a global serialisation point. It only gets write locked
on unmount.

Sample result doing an incremental -j 40 build:
before: 173.30s user 458.97s system 2595% cpu 24.358 total
after:  168.58s user 254.92s system 2211% cpu 19.147 total
2020-01-31 08:38:38 +00:00
mjg
9e428f1289 zfs: provide macros to handle z_teardown_inactive_lock 2020-01-31 08:37:35 +00:00
mjg
86c92abdd3 Add rms_try_rlock and rms_wowned. 2020-01-31 08:36:49 +00:00
mjg
ed84722e02 Remove an overzealous assert from rms_runlock. 2020-01-31 08:36:23 +00:00
np
faef5808ac Fix NOINET builds. 2020-01-31 02:23:48 +00:00
jeff
cd1711ca26 Implement a simple UMA SMR stress testing tool. 2020-01-31 02:18:56 +00:00
jeff
0c882841a5 Don't use "All rights reserved" in new copyrights.
Requested by:	rgrimes
2020-01-31 02:08:09 +00:00
jeff
77f2cdd2e3 Fix LINT build with MEMGUARD. 2020-01-31 02:03:22 +00:00
jeff
d3a0e4361d Implement a safe memory reclamation feature that is tightly coupled with UMA.
This is in the same family of algorithms as Epoch/QSBR/RCU/PARSEC but is
a unique algorithm.  This has 3x the performance of epoch in a write heavy
workload with less than half of the read side cost.  The memory overhead
is significantly lessened by limiting the free-to-use latency.  A synthetic
test uses 1/20th of the memory vs Epoch.  There is significant further
discussion in the comments and code review.

This code should be considered experimental.  I will write a man page after
it has settled.  After further validation the VM will begin using this
feature to permit lockless page lookups.

Both markj and cperciva tested on arm64 at large core counts to verify
fences on weaker ordering architectures.  I will commit a stress testing
tool in a follow-up.

Reviewed by:	mmacy, markj, rlibby, hselasky
Discussed with:	sbahara
Differential Revision:	https://reviews.freebsd.org/D22586
2020-01-31 00:49:51 +00:00
jhb
8363d7537a Trim duplicate CSR swaps from user exceptions.
The stack pointer is swapped with the sscratch CSR just before the
jump to cpu_exception_handler_user where the first instruction swaps
it again.  The two swaps together are a no-op, but the csr swap
instructions can be expensive (e.g. on Bluespec RISC-V cores csr swap
instructions force a full pipeline stall).

Reported by:	jrtc27
Reviewed by:	br
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23394
2020-01-30 22:19:48 +00:00
mjg
3f1b6975a2 Remove duplicated empty lines from kern/*.c
No functional changes.
2020-01-30 20:05:05 +00:00
mjg
9c546aa574 Tidy up 2 comments in smp_rendezvous_cpus. 2020-01-30 20:02:14 +00:00
mjg
a4c9264e74 amd64: sync up libc memcmp with the kernel version (r357309) 2020-01-30 19:57:05 +00:00
mjg
edc0a691ec amd64: speed up failing case for memcmp
Instead of branching on up to 8 bytes, drop the size to 4.

Assorted clean ups while here.

Validated with glibc test suite.
2020-01-30 19:56:22 +00:00
mjg
a2af893072 Assert that smp_rendezvous_cpus is called with interrupts enabled. 2020-01-30 19:38:51 +00:00
mjg
23e6779681 vfs: keep the mount point referenced across sys_quotactl
Otherwise we risk running into use-after-free.

In particular this codepath ends up dropping all protection before
suspending writes:

ufs_quotactl -> quotaoff_inchange -> vfs_write_suspend_umnt

Reported by:	pho
2020-01-30 19:38:12 +00:00
kib
b642d4098b Fix a bug in r357199.
Around a generic call to null_nodeget(), there is nothing that would
prevent the unmount of the nullfs mp until we process to the
insmntque1() point.  Calculate the VV_ROOT flag after insmntque1() to
not access mp->mnt_data before we have an exclusively locked vnode
from this mount point on the mp vnode list.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-01-30 19:34:37 +00:00
jhb
a62df3ebfe Remove unused fields from struct pcb.
cpu_switch/throw() and savectx() do not save or restore any values in
these fields which mostly held non-callee-save registers.

makectx() copied these fields from kdb_frame, but they weren't used
except for PC_REGS using pcb_sepc.  Change PC_REGS to use
kdb_frame->tf_sepc directly instead.

Reviewed by:	br
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D23395
2020-01-30 19:15:27 +00:00
andrew
53f175976e Shift the ITS processor ID after reading it.
When using the processor ID value we mask off the low and high bits that
should be zero. Unfortunatly we don't shift the ID value so it won't be
affected. Add the shift when reading the ID as this will need to align
with the address based target value.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2020-01-30 18:49:19 +00:00
brooks
ae8290e7c8 Fix an indentation bug in r357169. 2020-01-30 18:34:08 +00:00
jhb
c086b36c6c Fix use of an uninitialized variable.
ctx (and thus ctx.flags) is stack garbage at the start of this
function, so initialize ctx.flags to an explicit value instead of
using binary operations on the garbage.

Reported by:	gcc9
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D23368
2020-01-30 18:28:02 +00:00
cem
81656a75b3 contrib/apr: Rip out bogus [CS]PRNG implementation
This construction used some relatively slow design involving SHA2; even if
it were fed real entropy (unclear; external to the design), it did not
handle fork in a safe way, and it was difficult to audit for correctness.
So just rip it out and use the very simple and known-correct arc4random(3)
interface in its place.
2020-01-30 18:12:41 +00:00
cem
5a64e43439 aic7xxx(4): Fix unintended sign extension in ahd_inq()
ahd_inb() returns type uint8_t.  The shift left by untyped 24 implicitly
promotes the result to type (signed) int.  Then the binary OR with uint64_t
values sign-extends the integer.  If bit 31 of the read value happened to be
set, the 64-bit result would have all upper 32 bits set to 1 due to OR.  This
is clearly not intended.

Reported by:	Coverity
CID:		980473 (old one!)
2020-01-30 18:12:24 +00:00
cem
12c568d459 contrib/apr: Remove scope leak UB
In apr_vformatter, the variable buf was declared inside a limited scope
region, but a pointer to it is leaked outside of that region and used
later.  This is undefined behavior.  Fix by moving the buf variable to
function scope.

Reported by:	Coverity
CID:		1192541
2020-01-30 17:50:51 +00:00
hselasky
552b47e9c3 Add missing mutex unlock in failure case.
Differential Revision:	https://reviews.freebsd.org/D23430
Submitted by:	cem
Reported by:	Coverity
Coverity CID:	1368773
MFC after:	3 days
Sponsored by:	Mellanox Technologies
2020-01-30 17:30:04 +00:00
hselasky
0a18c75e4b Widen EPOCH(9) usage in mlx5en(4).
Make completion event path mostly lockless using EPOCH(9).

Implement a mechanism using EPOCH(9) which allows us to make
the callback path for completion events mostly lockless.

Simplify draining callback events using epoch_wait().

While at it make sure all receive completion callbacks are
covered by the network EPOCH(9), because this is required
when calling if_input() and ether_input() after r357012.

Sponsored by:	Mellanox Technologies
2020-01-30 12:35:13 +00:00
hselasky
f038d3f031 Widen EPOCH(9) usage in netisr.
Software interrupt handlers are allowed to sleep. In swi_net() there
is a read lock behind NETISR_RLOCK() which in turn ends up calling
msleep() which means the whole of swi_net() cannot be protected by an
EPOCH(9) section. By default the NETISR_LOCKING feature is disabled.

This issue was introduced by r357004. This is a preparation step for
replacing the functionality provided by r357004.

Found by:	kib@
Sponsored by:	Mellanox Technologies
2020-01-30 12:04:02 +00:00
philip
68f244e2a8 acpi_ibm: add support for ThinkPad PrivacyGuard
ThinkPad PrivacyGuard is a built-in toggleable privacy filter that
restricts viewing angles when on. It is an available on some new
ThinkPad models such as the X1 Carbon 7th gen (as an optional HW
upgrade).

The privacy filter can be enabled/disabled via an ACPI call. This commit
adds a sysctl under dev.acpi_ibm that allows for getting and setting the
PrivacyGuard state.

Submitted by:   Kamila Součková <kamila@ksp.sk>
Reviewed By:    cem, philip
MFC after:      3  days
Differential Revision: https://reviews.freebsd.org/D23370
2020-01-30 10:40:38 +00:00
hselasky
5663f9d133 Widen EPOCH(9) usage in PCI WLAN drivers.
Make sure all occurrences of ieee80211_input_xxx() in sys/dev are
covered by a network epoch section. Do not depend on the interrupt
handler nor any taskqueues being in a network epoch section.

This patch should unbreak the PCI WLAN drivers after r357004.

Pointy hat:	glebius@
Sponsored by:	Mellanox Technologies
2020-01-30 10:28:01 +00:00
hselasky
0fc4033ca8 Widen EPOCH(9) usage in USB WLAN drivers.
This patch should unbreak the USB WLAN drivers after r357004.

Pointy hat:	glebius@
Sponsored by:	Mellanox Technologies
2020-01-30 09:41:48 +00:00
mjg
3eb7083a7b vfs: remove the never set VDESC_NOMAP_VPP flag 2020-01-30 08:56:22 +00:00