Commit Graph

261951 Commits

Author SHA1 Message Date
jhibbits
d1115235da Change autounmountd(8) to use time_t for duration instead of double
Summary:
autounmountd(8) uses doubles to handle mount time durations.  However,
it must convert to integer types, time_t in particular, to do anything
meaningful.  Additionally, even though it's a floating-point value in
seconds, the sub-seconds component is never used, so it's unnecessary.

Switching type to time_t fixes an assertion on powerpc64, which checks
that a sleep value that's not -1.0 is greater than 0.  On powerpc64, it
happens that the value of -1.0 gets loaded as a float (perhaps a bug in
gcc), but gets compared to a double.  This compares as false, so follows
through the 'sleep != -1.0' path, and fails the assert.  Since the
sub-second component isn't used in the double, just drop it and deal
with whole-integer seconds.

Reviewed by:	trasz
Differential Revision: https://reviews.freebsd.org/D21109
2019-08-08 03:16:32 +00:00
cem
69fcf747ef Fix !DDB kernel configurations after r350713
KDB is standard and the kdb_active variable is always available.  So,
de-conditionalize inclusion of sys/kdb.h in kern_sysctl.c.

Reported by:	Michael Butler <imb AT protected-networks.net>
X-MFC-With:	r350713
Sponsored by:	Dell EMC Isilon
2019-08-08 01:37:41 +00:00
lwhsu
0990bc3053 Follow r350693 to add a link for sbuf_nl_terminate(9)
Sponsored by:	The FreeBSD Foundation
2019-08-08 00:51:17 +00:00
cem
63c98f9ad4 ddb(4): Add 'sysctl' command
Implement `sysctl` in `ddb` by overriding `SYSCTL_OUT`.  When handling the
req, we install custom ddb in/out handlers.  The out handler prints straight
to the debugger, while the in handler ignores all input.  This is intended
to allow us to print just about any sysctl.

There is a known issue when used from ddb(4) entered via 'sysctl
debug.kdb.enter=1'.  The DDB mode does not quite prevent all lock
interactions, and it is possible for the recursive Giant lock to be unlocked
when the ddb(4) 'sysctl' command is used.  This may result in a panic on
return from ddb(4) via 'c' (continue).  Obviously, this is not a problem
when debugging already-paniced systems.

Submitted by:	Travis Lane (formerly: <travis.lane AT isilon.com>)
Reviewed by:	vangyzen (earlier version), Don Morris <dgmorris AT earthlink.net>
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20219
2019-08-08 00:42:29 +00:00
avg
a32748fbf7 rc.8: fix a typo in r350701
I wronlgy expected that igor(1) checks spelling of all words.

MFC after:	1 week
2019-08-07 21:20:25 +00:00
avg
76fce89021 rc.8: add a reference to service(8)
While here:
- use Xr macro for a reference to sysrc(8)
- clarify that rc.shutdown invokes rc.d scripts with "faststop" argument

MFC after:	1 week
2019-08-07 21:07:59 +00:00
lwhsu
0177685a5b Get configuration variable with default value for not breaking default setting
Reported by:	markj
Sponsored by:	The FreeBSD Foundation
2019-08-07 21:02:23 +00:00
asomers
28509c7c20 Remove the fuse.ko -> fusefs.ko symlink
On FreeBSD 13.0, the fuse driver will always be known as fusefs. The
backwards compatibility symlink will still be used for stable/12 and
stable/11, though.

Reported by:	jhibbits
Reviewed by:	rgrimes, imp, cem
MFC after:	Never
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21181
2019-08-07 20:28:27 +00:00
dim
33cb5a5706 Fix a possible segfault in wcsxfrm(3) and wcsxfrm_l(3).
If the length of the source wide character string, passed in via the
"size_t n" parameter, is set to zero, the function should only return
the required length for the destination wide character string.  In this
case, it should *not* attempt to write to the destination, so the "dst"
parameter is permitted to be NULL.

However, when the internally called _collate_wxfrm() function returns an
error, such as when using the "C" locale, as a fallback wcscpy(3) or
wcsncpy(3) are used.  But if the input length is zero, wcsncpy(3) will
be called with a length of -1!  If the "dst" parameter is NULL, this
will immediately result in a segfault, or if "dst" is a valid pointer,
it will most likely result in unexpectedly overwritten memory.

Fix this by explicitly checking for an input length greater than zero,
before calling wcsncpy(3).

Note that a similar situation does not occur in strxfrm(3), the plain
character version of this function, as it uses strlcpy(3) for the error
case.  The strlcpy(3) function does not write to the destination if the
input length is zero.

MFC after:	1 week
2019-08-07 20:13:43 +00:00
markj
6fc62ff420 Use designated initializers for vmm_ops.
MFC after:	3 days
2019-08-07 19:45:44 +00:00
oshogbo
232c4ff18a cap_filergs: limit size of the file name
The limit of the name in fileargs is twice the size of the MAXPATH.
The nvlist will not add an element with the longer name.
We can detect at this point that the path is too big, and simple return
the same error as open(2) would.

PR:		239700
Reported by:	markj
Tested by:	markj
MFC after:	2 weeks
2019-08-07 19:30:33 +00:00
cem
10d53fcce8 GEOM: Reduce unnecessary log interleaving with sbufs
Similar to what was done for device_printfs in r347229.

Convert g_print_bio() to a thin shim around g_format_bio(), which acts on an
sbuf; documented in g_bio.9.

Reviewed by:	markj
Discussed with:	rlibby
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21165
2019-08-07 19:28:35 +00:00
cem
efd8ed9206 sbuf(9): Add sbuf_nl_terminate() API
The API is used to gracefully terminate text line(s) with a single \n.  If
the formatted buffer was empty or already ended in \n, it is unmodified.
Otherwise, a newline character is appended to it.  The API, like other
sbuf-modifying routines, is only valid while the sbuf is not FINISHED.

Reviewed by:	rlibby
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21030
2019-08-07 19:27:14 +00:00
cem
07683c3cc6 sbuf(9): Refactor sbuf_newbuf into sbuf_new
Code flow was somewhat difficult to read due to the combination of
multiple return sites and the 4x possible dynamic constructions of an
sbuf.  (Future consideration: do we need all 4?)  Refactored slightly to
improve legibility.

No functional change.

Sponsored by:	Dell EMC Isilon
2019-08-07 19:25:56 +00:00
cem
ada2b1cd07 sbuf(9): Add NOWAIT dynamic buffer extension mode
The goal is to avoid some kinds of low-memory deadlock when formatting
heap-allocated buffers.

Reviewed by:	vangyzen
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21015
2019-08-07 19:23:07 +00:00
glebius
799a92a03f resource.h is sufficient here, no need for resoursevar.h. 2019-08-07 18:32:01 +00:00
trasz
22ccdbf37c Add cdceem(4) driver, for virtual ethernet devices compliant
with Communication Device Class Ethernet Emulation Model (CDC EEM).
The driver supports both the device, and host side operation; there
is a new USB template (#11) for the former.

This enables communication with virtual USB NIC provided by iLO 5,
as found in new HPE Proliant servers.

Reviewed by:	hselasky
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Hewlett Packard Enterprise
2019-08-07 18:14:45 +00:00
kib
63d3915398 More places to clarify the robustness guarantees.
Wording submitted by:	Martin Simmons <martin@lispworks.com>
MFC after:	3 days
2019-08-07 17:51:40 +00:00
kib
451e030c22 Clarify the robustness guarantees.
Wording submitted by:	Martin Simmons <martin@lispworks.com>
MFC after:	3 days
2019-08-07 17:46:07 +00:00
mckusick
4edee7b37b Correct the location of the first backup superblock in fsck_ffs.8.
Make a note in the newfs.8 manual page to update the first backup
superblock location when changing the default fragment size for
the filesystem.

Reported by:  O. Hartmann
2019-08-07 16:56:00 +00:00
asomers
af592a6da1 Update RELNOTES for the fusefs rewrite
MFC after:	Never
Sponsored by:	The FreeBSD Foundation
2019-08-07 16:42:34 +00:00
asomers
46f1b83a81 RELNOTES: fix formatting from r350482
MFC after:	Never
Sponsored by:	The FreeBSD Foundation
2019-08-07 16:24:08 +00:00
markj
6843768a03 Merge r3780 from elftoolchain.
Adjust argc and argv by optind before using them.  This slightly
simplifies the code.  No functional change intended.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21079
2019-08-07 16:22:25 +00:00
imp
3a0ba06de1 Enable nvme on aarch64
Don't mark nvme as broken on aarch64. It compiles, at least, and people are
testing it out. This only enables the userland parts of the nvme stack.

Submitted by: greg at unrelenting technologies
Differential Revision: https://reviews.freebsd.org/D21168
2019-08-07 16:19:06 +00:00
mav
a0767588ae Make GCC happy about math in r350676.
MFC after:	1 week
2019-08-07 15:05:08 +00:00
mav
8da32f95df Make camcontrol modepage support block descriptors.
It allows to read and write block descriptors alike to mode page parameters.
It allows to change block size or short-stroke HDDs or overprovision SSDs.
Depenting on -P parameter the change can be either persistent or till reset.
In case of block size change device may need reformat after the setting.
In case of SSD overprovisioning format or sanitize may be needed to really
free the flash.

During implementation appeared that csio_encode_visit() can not handle
integers of more then 4 bytes, that makes 8-byte LBA handling awkward.
I had to split it into two 4-byte halves now.

MFC after:	1 week
Relnotes:	yes
Sponsored by:	iXsystems, Inc.
2019-08-07 14:45:10 +00:00
hselasky
74036e59e1 Correct PCI device ID for XHCI USB controller.
Submitted by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2019-08-07 13:35:13 +00:00
manu
ce829d4df1 ofw: ofw_reg_to_paddr: Use a 256 static array for the cell
Some hardware needs more than 32, bump this value.

We cannot use the _alloc for of getencprop as this function is called
too early in the boot before pmap is initialized and we only have
2k of stack when cninit is called.

Discussed with:     ian
2019-08-07 13:13:16 +00:00
manu
c9b353ac63 arm: dts: am33xx: Fix the region for uart0
The region for uart0 is declared to be 0x2000 in size but the parent
node only declare 0x1000.
As the parent only declare a size of 0x1000 in the ranges for it's children
this cause the device to not be mappable.

https://patchwork.kernel.org/patch/11056769/
2019-08-07 13:11:53 +00:00
markj
37b420014f readelf: Close input files when done with them.
The low fd limit used by poudriere exposed an odd failure mode in
cap_fileargs (used by readelf as of r350516).  In particular, when
the limit was hit, both the main process and casper service would
block on their shared socket, waiting forever for the other to send a
message.

Reported by:	zeising
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2019-08-07 03:14:45 +00:00
delphij
03ea53cab0 Expose zlib's utility functions in Z_SOLO library when building kernel.
This allows kernel code to reuse zlib's implementation.

PR:		229763
Reviewed by:	Yoshihiro Ota <ota j email ne jp>
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D21156
2019-08-07 01:41:17 +00:00
jhb
6ba91e269d Tidy up the list of auth and encryption algorithms for IPsec stats.
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
  the names accepted by setkey and to also avoid confusion since
  these are not "plain" MD5 or SHA1.
- Remove always-true #ifdef's to make the source a bit easier to
  read.
- Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac.

MFC after:	2 weeks
Sponsored by:	Chelsio Communications
2019-08-07 00:53:27 +00:00
asomers
059ede2b0f fusefs: merge from projects/fuse2
This commit imports the new fusefs driver. It raises the protocol level
from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and
adds many new features. New features include:

* Optional kernel-side permissions checks (-o default_permissions)
* Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK
* Allow interrupting FUSE operations
* Support named pipes and unix-domain sockets in fusefs file systems
* Forward UTIME_NOW during utimensat(2) to the daemon
* kqueue support for /dev/fuse
* Allow updating mounts with "mount -u"
* Allow exporting fusefs file systems over NFS
* Server-initiated invalidation of the name cache or data cache
* Respect RLIMIT_FSIZE
* Try to support servers as old as protocol 7.4

Performance enhancements include:

* Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags
* Cache file attributes
* Cache lookup entries, both positive and negative
* Server-selectable cache modes: writethrough, writeback, or uncached
* Write clustering
* Readahead
* Use counter(9) for statistical reporting

PR:		199934 216391 233783 234581 235773 235774 235775
PR:		236226 236231 236236 236291 236329 236381 236405
PR:		236327 236466 236472 236473 236474 236530 236557
PR:		236560 236844 237052 237181 237588 238565
Reviewed by:	bcr (man pages)
Reviewed by:	cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit
		review on project branch)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://reviews.freebsd.org/D21110
2019-08-07 00:38:26 +00:00
jhb
706b335033 Fix LOCAL_MODULES and improve the make output.
The exists() check guarding the invocation of ls was not working
correctly as it was expanding '$L' to determine the path of the local
modules directory.  Fix by using {} around the variable name.

Inline some of the logic from bsd.subdir.mk when invoking local module
builds.  This gives output in 'make buildkernel' the same as if there
was a Makefile in /usr/local/sys/modules with SUBDIR =
${LOCAL_MODULES}.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D20991
2019-08-06 23:22:25 +00:00
jeff
936304b05c Cache kernel stacks in UMA. This gives us NUMA support, better concurrency,
and more statistics.

Reviewed by:	kib, markj
Tested by:	pho
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20931
2019-08-06 23:15:34 +00:00
jhb
32cfb3eef3 Detect invalid PCI devices more correctly in PCI interrupt router drivers.
- Check for an invalid device (vendor is invalid) before reading the
  header type register when examining function 0 of a possible device.
- When iterating over functions of a device, reject any device whose
  16-bit vendor is invalid rather than requiring the full 32-bit
  vendor+device to be all 1's.  In practice the latter check is
  probably fine, but checking the vendor is what the PCI spec
  recommends.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D21147
2019-08-06 23:15:04 +00:00
jeff
f080ec4e3a Implement a MINBUCKET zone flag so we can use minimal caching on zones that
may be expensive to cache.

Reviewed by:	markj, kib
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D20930
2019-08-06 23:04:59 +00:00
jeff
807c696ddc Add two new kernel options to control memory locality on NUMA hardware.
- UMA_XDOMAIN enables an additional per-cpu bucket for freed memory that
   was freed on a different domain from where it was allocated.  This is
   only used for UMA_ZONE_NUMA (first-touch) zones.
 - UMA_FIRSTTOUCH sets the default UMA policy to be first-touch for all
   zones.  This tries to maintain locality for kernel memory.

Reviewed by:	gallatin, alc, kib
Tested by:	pho, gallatin
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20929
2019-08-06 21:50:34 +00:00
jilles
798cd23a8e Add a test for kill() on a zombie 2019-08-06 21:17:22 +00:00
kevans
c0c074da93 ral: rt2860: fix wcid2ni access/size issue
RT2860_WCID_MAX is supposed to describe the max STA index for wcid2ni, and
was instead being used as the size -- off-by-one.

rt2860_drain_stats_fifo was range-checking wcid only after accessing
out-of-bounds potentially.

Submitted by:	Augustin Cavalier <waddlesplash@gmail.com> (basically)
Obtained from:	Haiku (58d16d9fe2d5a209cf22823359a8407d138e1a87)
Differential Revision:	3 days
2019-08-06 20:21:57 +00:00
tsoome
26f3f2dab8 loader.efi: efilib.h and libefi.c were left out of 350654
And this is second followup for 350654
2019-08-06 20:13:28 +00:00
tsoome
135e17991c loader.efi: boot1.c was left out of 350654
Followup for 350654.
2019-08-06 20:08:01 +00:00
tsoome
4c5e8846c4 loader.efi: replace HandleProtocol() with OpenProtocol()
The HandleProtocol() is deprecated interface and we should use OpenProtocol()
instead. Moreover, in some firmware implementation(s), the HandleProtocol()
does return device path using static storage, so we can not keep the value
returned there. With same firmware, the OpenProtocol() does return data we
do not need to clone.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D21162
2019-08-06 19:27:27 +00:00
mckusick
53df6f39ef Ignore UFS/FFS superblock check hash failures so as to allow a higher
level in the filesystem stack to decide what to do about them.

Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-08-06 18:28:44 +00:00
imp
9aadd339e3 Fix mismerge.
I merged passthru.c from the wrong branch (it was a branch that went further in
a direction I wound up not taking). Fix the mismerge and turn passthru on.
2019-08-06 18:15:26 +00:00
mckusick
de7c6145de A race condition existed between the time a UFS/FFS superblock check
hash was computed and the time that the superblock was copied to a
buffer to be written to disk. The result was a failed superblock
check hash the next time that the superblock was read.

The fix is to compute the check hash after the superblock has been
copied to a buffer to be written.

PR:           236504
Reported by:  Peter Holm
Tested by:    Peter Holm
Sponsored by: Netflix
2019-08-06 18:10:34 +00:00
emaste
4575ce8729 Correct ICMPv6/MLDv2 out-of-bounds memory access
Previously the ICMPv6 input path incorrectly handled cases where an
MLDv2 listener query packet was internally fragmented across multiple
mbufs.

admbugs:	921
Submitted by:	jtl
Reported by:	CJD of Apple
Approved by:	so
MFC after:	0 minutes
Security:	CVE-2019-5608
2019-08-06 17:11:30 +00:00
kib
61319149dc Provide the list of knobs related to mitigations.
Discussed with:	bjk, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21087
2019-08-06 17:05:58 +00:00
kib
f403869606 amd64: prevents speculations over swapgs reload of %gs base.
Such speculations could use user-controlled %gs base, esp. since
FreeBSD supports WRGSBASE instructions.

Place LFENCEs on entry for each basic block after the test for
previous kernel/user mode on the kernel entry, which prevents the
speculation.  Code accesses %gs-based PCPU before any serialization
instructions are executed, like %cr3 reload for KPTI.

With pti disabled, on haswell i7-4770S machine, "syscall_timings getppid"
shows when no lfence is added to syscall path:
test	loop	time	iterations	periteration
getppid	0	1.040918865	4643611	0.000000224
getppid	1	1.004985962	4481816	0.000000224
getppid	2	1.005196483	4482363	0.000000224
with lfence:
getppid	0	1.043701091	4554779	0.000000229
getppid	1	1.016930328	4438094	0.000000229
getppid	2	1.023223117	4466640	0.000000229
and ministat reports 'No difference proven at 95.0% confidence.'

Security:	CVE-2019-1125
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-06 16:53:25 +00:00
glebius
cf89d38fdf Since r350426 this KASSERT doesn't serve any useful purpose. 2019-08-06 16:11:00 +00:00