Commit Graph

231721 Commits

Author SHA1 Message Date
Ian Lepore
948a7ee9d8 Generate a spibus_set_[ivarname]() convenience function for each ivar,
now that they can be set.
2018-04-07 20:34:57 +00:00
Ian Lepore
3b46d8687a Remove the existing identify() hack to force-add a spigen device on
FDT-based systems, and instead add proper FDT probe code.  Because this
driver is freebsd-specific and just provides generic userland access to run
spibus transactions, there is no bindings document to mandate a compatible
string, so just arbitrarily use "freebsd,spigen".
2018-04-07 20:04:03 +00:00
Warner Losh
14ce4632d4 Add nvme_util.c to cam.ko.
cam.ko can't load onto the kernel w/o nvme in the kernel. Add
nvme_util.c to cam.ko.

Noticed by: kib@
2018-04-07 19:29:19 +00:00
Ian Lepore
c951fe9258 Arrange the list of generated sources as 1-per-line alphbetical, and add
the files required when building for FDT-based systems.
2018-04-07 19:09:57 +00:00
Ian Lepore
ade70a1ad1 Return BUS_PROBE_DEFAULT, not zero, because this is not the one driver
implementation that must be used, it's just the base system default driver.

Also add a comment noting that we're being more liberal about the bus
frequency property than the dts binding documents require.
2018-04-07 18:58:58 +00:00
Ian Lepore
c1ec6ac510 A couple minor improvements to spibus.c...
- Change the description string to "SPI bus" (was "spibus bus").

 - This is the default driver for a SPI bus, not a generic implementation,
   so return the probe value that indicates such.

 - Use device_delete_children() at detach time, instead of a local loop
   to enumerate the children and detach each one individually.
2018-04-07 18:25:07 +00:00
Ian Lepore
392bffb9b1 Add support for writing/changing spi device ivars. The SPI mode (polarity
and phase) and the maximum bus speed can be changed.  The chip select
number cannot be changed, because the device instances which are children
of spibus are inherently associated with the chip select number they were
instantiated for.
2018-04-07 18:09:31 +00:00
Konstantin Belousov
e55d32b7b3 Handle Skylake-X errata SKZ63.
SKZ63 Processor May Hang When Executing Code In an HLE Transaction
Region

Problem: Under certain conditions, if the processor acquires an HLE
(Hardware Lock Elision) lock via the XACQUIRE instruction in the Host
Physical Address range between 40000000H and 403FFFFFH, it may hang
with an internal timeout error (MCACOD 0400H) logged into
IA32_MCi_STATUS.

Move the pages from the range into the blacklist.  Add a tunable to
not waste 4M if local DoS is not the issue.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D15001
2018-04-07 17:06:13 +00:00
Emmanuel Vadot
b26e3474cf allwinner: a83t_r_ccu: Add proper IR clock support
Now that NM clocks support prediv, add proper support for the IR clock found
on the A83T SoC.

Tested On:  BananaPi M3
Reported by:	kevans
2018-04-07 15:40:00 +00:00
Emmanuel Vadot
ffa4898125 allwinner: aw_clk_nm: Add prediv value
Some NM clocks needs a fixed prediv value applied to the parent frequency
on some conditions. Add support for it.
2018-04-07 15:38:42 +00:00
Toomas Soome
b1e0bc1210 libsa: name is not used in dirmatch()
Seems like variable 'name' is leftover.
2018-04-07 14:42:47 +00:00
Toomas Soome
213f235f49 libsa: cd9660: warning: 'lenskip' may be used uninitialized in this function
We better provide value for lenskip in both instances.
2018-04-07 14:40:09 +00:00
Emmanuel Vadot
0745a23ddc axp81x: Do not fail if regulators aren't properly defined
If a regulator is missing a mandatory property (like 'regulator-name'), do
not fail, regulator_parse_ofw_stdparam is returning a non-zero value so just
skip this regulator.
Also if any regulator fails to attach continue with the rest of the regulators
instead of returning ENXIO in axp8xx_attach

Tested On: BananaPi M3
2018-04-07 14:17:17 +00:00
Ed Schouten
671d700167 Fix enough warnings that we can build syslogd on all targets at WARNS=6.
This also fixes the build on MIPS.

Reported by:	cy (MIPS build failure)
2018-04-07 09:03:51 +00:00
Brooks Davis
8a4a4a43f8 Remove the thread argument from ifr_buffer_*() accessors.
They are always used in a context where curthread is the correct thread.
This makes them more similar to the ifr_data_get_ptr() accessor.
2018-04-06 23:25:54 +00:00
John Baldwin
fc276d92ae Add a way to temporarily suspend and resume virtual CPUs.
This is used as part of implementing run control in bhyve's debug
server.  The hypervisor now maintains a set of "debugged" CPUs.
Attempting to run a debugged CPU will fail to execute any guest
instructions and will instead report a VM_EXITCODE_DEBUG exit to
the userland hypervisor.  Virtual CPUs are placed into the debugged
state via vm_suspend_cpu() (implemented via a new VM_SUSPEND_CPU ioctl).
Virtual CPUs can be resumed via vm_resume_cpu() (VM_RESUME_CPU ioctl).

The debug server suspends virtual CPUs when it wishes them to stop
executing in the guest (for example, when a debugger attaches to the
server).  The debug server can choose to resume only a subset of CPUs
(for example, when single stepping) or it can choose to resume all
CPUs.  The debug server must explicitly mark a CPU as resumed via
vm_resume_cpu() before the virtual CPU will successfully execute any
guest instructions.

Reviewed by:	avg, grehan
Tested on:	Intel (jhb), AMD (avg)
Differential Revision:	https://reviews.freebsd.org/D14466
2018-04-06 22:03:43 +00:00
Brooks Davis
e7fdc72e95 ifconf(): correct handling of sockaddrs smaller than struct sockaddr.
Portable programs that use SIOCGIFCONF (e.g. traceroute) assume
that each pseudo ifreq is of length MAX(sizeof(struct ifreq),
sizeof(ifr_name) + ifr_addr.sa_len).  For short sockaddrs we copied
too much from the source sockaddr resulting in a heap leak.

I believe only one such sockaddr exists (struct sockaddr_sco which
is 8 bytes) and it is unclear if such sockaddrs end up on interfaces
in practice.  If it did, the result would be an 8 byte heap leak on
current architectures.

admbugs:	869
Reviewed by:	kib
Obtained from:	CheriBSD
MFC after:	3 days
Security:	kernel heap leak
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14981
2018-04-06 20:26:56 +00:00
Kyle Evans
54095bf428 Re-sort LOADER options
These have become unsorted from everything else. This is desync'd from
stable/11 due to some hand-merging that was done there, so the MFC of this
will look slightly different.

MFC after:	3 days
2018-04-06 19:49:57 +00:00
Alexander Motin
d8d4983e5e Do not fail devices just for errors in descriptor format.
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
2018-04-06 19:47:44 +00:00
Kristof Provost
62d28676c3 pf tests: Basic ioctl validation
Basic validation tests for DIOCRADDADDRS, DIOCRDELADDRS, DIOCRSETADDRS,
DIOCRGETADDRS, DIOCRGETASTATS, DIOCRCLRASTATS, DIOCRTSTADDRS,
DIOCRINADEFINE, DIOCXBEGIN and DIOCXROLLBACK.

MFC after:	1 week
2018-04-06 19:37:15 +00:00
Kristof Provost
1a125a2f7f pf: Improve ioctl validation
Ensure that multiplications for memory allocations cannot overflow, and
that we'll not try to allocate M_WAITOK for potentially overly large
allocations.

MFC after:	1 week
2018-04-06 19:36:35 +00:00
Kristof Provost
1bb72c2943 pf tests: Try to provoke a memory leak
There was a memory leak in the DIOCRADDTABLES ioctl() code which could
be triggered by trying to add tables with the same name.
Try to provoke this memory leak. It was fixed in r331225.

MFC after:	1 week
2018-04-06 19:22:22 +00:00
Kristof Provost
8e748b94e7 pf tests: Basic ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT
Validate the DIOCIGETIFACES and DIOCXCOMMIT ioctls with invalid values.

MFC after:	1 week
2018-04-06 19:21:29 +00:00
Kristof Provost
02214ac854 pf: Improve ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT
These ioctls can process a number of items at a time, which puts us at
risk of overflow in mallocarray() and of impossibly large allocations
even if we don't overflow.

There's no obvious limit to the request size for these, so we limit the
requests to something which won't overflow. Change the memory allocation
to M_NOWAIT so excessive requests will fail rather than stall forever.

MFC after:	1 week
2018-04-06 19:20:45 +00:00
Brooks Davis
7083612f28 Add an unused _COMPAT_LINUX32 option to ensure opt_compat.h exists on
platforms without COMPAT_LINUX32.

Reported by:	kib
2018-04-06 19:11:22 +00:00
Brooks Davis
6469bdcdb6 Move most of the contents of opt_compat.h to opt_global.h.
opt_compat.h is mentioned in nearly 180 files. In-progress network
driver compabibility improvements may add over 100 more so this is
closer to "just about everywhere" than "only some files" per the
guidance in sys/conf/options.

Keep COMPAT_LINUX32 in opt_compat.h as it is confined to a subset of
sys/compat/linux/*.c.  A fake _COMPAT_LINUX option ensure opt_compat.h
is created on all architectures.

Move COMPAT_LINUXKPI to opt_dontuse.h as it is only used to control the
set of compiled files.

Reviewed by:	kib, cem, jhb, jtl
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14941
2018-04-06 17:35:35 +00:00
Brooks Davis
d9b41671bf Support -DNO_CLEAN builds across r332119. 2018-04-06 17:23:47 +00:00
Jonathan T. Looney
8fa799bd74 If a user closes the socket before we call tcp_usr_abort(), then
tcp_drop() may unlock the INP.  Currently, tcp_usr_abort() does not
check for this case, which results in a panic while trying to unlock
the already-unlocked INP (not to mention, a use-after-free violation).

Make tcp_usr_abort() check the return value of tcp_drop(). In the case
where tcp_drop() returns NULL, tcp_usr_abort() can skip further steps
to abort the connection and simply unlock the INP_INFO lock prior to
returning.

Reviewed by:	glebius
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
2018-04-06 17:20:37 +00:00
Brooks Davis
047a2ef697 Remove caching from getlogin(2).
This caching has existed since the CSRG import, but serves no obvious
purpose. Sure, setlogin() is called rarely, but calls to getlogin()
should also be infrequent. The required invalidation was not
implemented on aarch64, arm, mips, amd riscv so updates would never
occur if getlogin() was called before setlogin().

Reported by:	Ali Mashtizadeh <ali@mashtizadeh.com>
Reviewed by:	kib
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14965
2018-04-06 17:17:34 +00:00
Ed Schouten
b484e3fee4 Push RFC 5424 message format from logmsg() into fprintlog().
Now that all of parsemsg() parses both RFC 3164 and 5424 messages and
hands them to logmsg(), alter the latter to properly forward all RFC
5424 message attributes to fprintlog(). While there, make some minor
cleanups to this code:

- Instead of extending the existing code that compares hostnames and
  message bodies for deduplication, print all of the relevant message
  fields into a single string that we can compare ('saved').

- No longer let the behaviour of fprintflog() depend on whether
  'msg == NULL' to print repetition messages, Simply decompose this
  function into fprintlog_first() and fprintlog_successive(). This
  makes the interpretation of function arguments less magical and also
  allows us to get consistent behaviour across RFC 3164 and 5424 when
  adding support for the RFC 5424 output format.

- As RFC 5424 syslog messages have a dedicated application name field,
  alter the repetition messages to be printed on behalf of syslogd on
  the current system. Change these messages to use the local hostname,
  so that it's obvious which syslogd instance detected the repetition.
  Remove f_prevhost, as it has now become unnecessary.

- Remove a useless strdup(). Deconsting the message string is safe in
  this specific case.
2018-04-06 17:16:50 +00:00
Jonathan T. Looney
6a740d0bcf Pat the watchdog less while producing a coredump. Prior to this change,
we patted the watchdog approximately once per 4KB page of memory.  After
this change, we pat the watchdog approximately once per 128MB of memory.
On a sample machine, this translated to patting the watchdog approximately
every 5.4 seconds, which "seems reasonable". We can choose a different
value in the future, if warranted.

This has extensive field experience. It is a performance improvement, and
has not caused any known problems.

Reviewed by:	imp, kib
Sponsored by:	Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D14988
2018-04-06 17:06:22 +00:00
Jonathan T. Looney
45a48d07c3 Check that in_pcbfree() is only called once for each PCB. If that
assumption is violated, "bad things" could follow.

I believe such an assert would have detected some of the problems jch@
was chasing in PR 203175 (see r307551).  We also use it in our internal
TCP development efforts.  And, in case a bug does slip through to
released code, this change silently ignores subsequent calls to
in_pcbfree().

Reviewed by:	rrs
Sponsored by:	Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D14990
2018-04-06 16:48:11 +00:00
Ed Schouten
228e9d5bd8 Remove some places where error messages are prefixed with "syslogd".
Due to using RFC 5424, the application name is stored in a dedicated
field. It can simply be passed as an argument to logmsg() now.
2018-04-06 16:26:46 +00:00
Ed Schouten
10b154332d Properly respect the passed in hostname for RFC 5424 messages.
Only override the hostname in case none is provided or when remote
hostnames should be ignored.
2018-04-06 16:24:03 +00:00
Roger Pau Monné
e0f92f5c77 x86: fix trampoline memory allocation after r332073
Add the missing breaks in the for loops, in order to exit the loop
when a suitable entry is found.

Also switch amd64 native_start_all_aps to use PHYS_TO_DMAP in order to
find the virtual address of the boot_trampoline and the initial page
tables.

Reported and tested by:	pho
Sponsored by:		Citrix Systems R&D
2018-04-06 16:22:14 +00:00
Kristof Provost
1ff545d642 pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS
Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and
DIOCRSETTFLAGS ioctls with invalid values. These may succeed (because
the kernel uses the minimally required size, not the specified size),
but should not trigger kernel panics.

MFC after:	1 week
2018-04-06 15:57:20 +00:00
Kristof Provost
adfe2f6aff pf: Improve ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS
These ioctls can process a number of items at a time, which puts us at
risk of overflow in mallocarray() and of impossibly large allocations
even if we don't overflow.

Limit the allocation to required size (or the user allocation, if that's
smaller). That does mean we need to do the allocation with the rules
lock held (so the number doesn't change while we're doing this), so it
can't M_WAITOK.

MFC after:	1 week
2018-04-06 15:54:30 +00:00
Kyle Evans
814a016d28 lualoader: Fix menu skipping with loader.conf(5) vars
Earlier efforts to stop loading the menu broke the ability to skip the menu
with, e.g., beastie_disable in loader.conf(5) as it was decided before
configuration was read.

Defer bringing in the menu module until we've loaded configuration so that
we can make a more informed decision on whether the menu should be skipped
or not.
2018-04-06 15:19:48 +00:00
Kyle Evans
4a432d6fa5 aw_sid(4): Use prctl read for all reads when it's required
It was later found that some operation on the OrangePi one will cause
direct accesses to the eeprom to return wrong data again, so reading it all
once via prctl at attach time is no longer sufficient.
2018-04-06 15:17:09 +00:00
Jonathan T. Looney
74800c5a08 In cases where an application issues certain IPMI commands at a high
enough rate, the IPMI code can print large numbers of messages to the
console, such as:
  ipmi0: KCS: Failed to read completion code
  ipmi0: KCS error: ff
  ipmi0: KCS: Failed to read completion code
  ipmi0: KCS error: ff

These seem to be innocuous from a system standpoint, and the user-
space code can deal with the failures. Therefore, suppress printing
these messages to the console unless bootverbose is enabled.

Obtained from:	Netflix, Inc.
2018-04-06 15:15:21 +00:00
Kristof Provost
98c5f9884e pf tests: Basic ioctl validation tests
Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after:	1 week
2018-04-06 15:03:48 +00:00
Kristof Provost
8748b499c1 pf: Improve ioctl validation for DIOCRADDTABLES and DIOCRDELTABLES
The DIOCRADDTABLES and DIOCRDELTABLES ioctls can process a number of
tables at a time, and as such try to allocate <number of tables> *
sizeof(struct pfr_table). This multiplication can overflow. Thanks to
mallocarray() this is not exploitable, but an overflow does panic the
system.

Arbitrarily limit this to 65535 tables. pfctl only ever processes one
table at a time, so it presents no issues there.

MFC after:	1 week
2018-04-06 15:01:45 +00:00
Ed Schouten
8129693e78 Let syslog(3) use RFC 5424.
With r332099 changing syslogd(8) to parse RFC 5424 formatted syslog
messages, go ahead and also change the syslog(3) libc function to
generate them. Compared to RFC 3164, RFC 5424 has various advantages,
such as sub-second precision for log entry timestamps.

As this change could have adverse effects when not updating syslogd(8)
or using a different system logging daemon, add a notice to UPDATING and
increase __FreeBSD_version.

Differential Revision:	https://reviews.freebsd.org/D14926
2018-04-06 13:00:45 +00:00
Ed Schouten
77f0ef9a96 Add RFC 5424 syslog message parsing to syslogd.
Syslogd currently uses the RFC 3164 format for its log messages.One
limitation of RFC 3164 is that it cannot be used to log entries with
sub-second precision timestamps. One of our users has expressed a desire
for doing this for doing some basic performance measurements.

This change attempts to make a first cut at switching to RFC 5424 based
logging. The first step is to alter syslogd's input path to properly
parse such messages. It alters the logmsg() prototype to match the
fields of RFC 5424. The parsemsg() function is extended to parse both
RFC 3164 and 5424 messages and call into logmsg() accordingly.

Additional changes include:

- Introducing proper parsing of timestamps, so that they can be printed
  in any desired output format. This means we need to infer the year and
  timezone for RFC 3164 timestamps.
- Removing ISKERNEL. This can now be realised by simply providing an
  APP-NAME (== "kernel").
- Extending RFC 3164 parsing to trim off the TAG prefix and using that
  to derive APP-NAME and PROCID.
- Increase MAXLINE. RFC 5424 mentions we should support 2k messages.

Differential Revision:	https://reviews.freebsd.org/D14926
2018-04-06 12:57:01 +00:00
Roger Pau Monné
444c6d6f03 remove GiB/MiB macros from param.h
And instead define them in the files where they are used.

Requested by: bde
2018-04-06 11:20:06 +00:00
Ed Maste
93b980a802 stand: pass --no-rosegment for i386 bits when linking with lld
btxld does not correctly handle input with other than 2 PT_LOAD
segments.  Passing --no-rosegment lets lld produce output eqivalent to
ld.bfd: 2 PT_LOAD segments and no PT_GNU_RELRO.

PR:		225775
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14956
2018-04-06 02:57:58 +00:00
Brooks Davis
756181b8f5 Add 32-bit compat for ioctls that take struct ifgroupreq.
Use an accessor to access ifgr_group and ifgr_groups.

Use an macro CASE_IOC_IFGROUPREQ(cmd) in place of case statements such
as "case SIOCAIFGROUP:". This avoids poluting the switch statements
with large numbers of #ifdefs.

Reviewed by:	kib
Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14960
2018-04-05 22:14:55 +00:00
Brooks Davis
2443045f30 ifconf(): Always zero the whole struct ifreq.
The previous split of zeroing ifr_name and ifr_addr seperately is safe
on current architectures, but would be unsafe if pointers were larger
than 8 bytes. Combining the zeroing adds no real cost (a few
instructions) and makes the security property easier to verify.

Reviewed by:	kib, emaste
Obtained from:	CheriBSD
MFC after:	3 days
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14912
2018-04-05 21:58:28 +00:00
Brooks Davis
89ea4a30d6 Added SAL annotatations to system calls.
Modify makesyscalls.sh to strip out SAL annotations.

No functional change.

This is based on work I started in CheriBSD and use to validate fat
pointers at the syscall boundary.  Tal Garfinkel reviewed the changes,
added annotations to COMPAT* syscalls and is using them in a record and
playback framework.  One can envision other uses such as a WITNESS-like
validator for copyin/out as speculated on in the review.

As this time we are only annotating sys/kern/syscalls.master as that is
sufficient for userspace work.  If kernel use cases materialize, we can
annotate other syscalls.master as needed.

Submitted by:	Tal Garfinkel <talg@cs.stanford.edu>
Sponsored by:	DARPA, AFRL (in part)
Differential Revision:	https://reviews.freebsd.org/D14285
2018-04-05 20:31:45 +00:00
Benno Rice
48990fce8e Add an ISO9660 "partition table" type to loader.
When booted via isoboot(8) loader will be handed a disk that simply contains
an ISO9660 image. Currently this confuses it greatly. Teach it how to spot
that it's in this situation and that ISO9660 has one "partition" covering
the whole disk.

Reviewed by:	imp
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D14915
2018-04-05 19:45:30 +00:00