Sascha Wildner [Fri, 19 Jan 2018 10:16:52 +0000 (11:16 +0100)]
Add __attribute__((__noreturn__)) to a number of usage() like functions.
These were not caught in the -Wsuggest-attribute=noreturn cleanup
because they were already static at that point. There are likely
more such cases but I don't know how to find them systematically.
Sascha Wildner [Fri, 19 Jan 2018 09:19:26 +0000 (10:19 +0100)]
ed(1): Add three __attribute__((__noreturn__)).
I had missed them in
a31274954f5c10e5a80969dcfc719d665f36a26c.
Sascha Wildner [Fri, 19 Jan 2018 09:09:09 +0000 (10:09 +0100)]
pfctl(8): Fix two wrong conditions.
Caught by gcc80's -Wtautological-compare option.
Sascha Wildner [Fri, 19 Jan 2018 08:55:59 +0000 (09:55 +0100)]
libthread_xu: Fix issues detected by gcc80.
The changes to <pthread.h> all deal with -Wnonnull-compare warnings,
which are issued when a function has a NULL check for a parameter that
at the same time is marked with __attribute__((nonnull(...))), aka
__nonnull(...).
Such __nonnull() decoration only ever catches those cases where NULL is
passed directly to the function, but not any more indirect ways. What
makes matters worse is that in higher optimization levels (-O >= 2),
GCC will happily optimize out any NULL checks within the function for
these parameters.
This means that __nonnull() is generally inferior to a direct NULL check
in the function itself and if we have both, which newer GCCs warn about
with -Wnonnull-compare (that is part of -Wall), we should remove the
__nonnull().
This commit does that for all parameters which our libthread_xu checks
directly in the function. What remains are __nonnull() for parameters
which are _not_ checked in the functions, to at least catch cases where
NULL is passed directly. We should think about adding real checks for
those parameters too.
While here, add a "/* FALLTHROUGH */" comment in thr_printf.c which
fixes a -Wimplicit-fallthrough warning.
Sascha Wildner [Thu, 18 Jan 2018 17:34:30 +0000 (18:34 +0100)]
mfiutil(8): Use MAN instead of MAN8.
Sascha Wildner [Thu, 18 Jan 2018 13:35:43 +0000 (14:35 +0100)]
Revert "bsd.sys.mk: support -Wunused-local-typedef"
This reverts commit
14683bdb9c1d41c0d62dc7d11f3fd535973ad258.
It is no longer needed after
6954d52dca31dc7773729c0bf92e14fb1dab5aae.
zrj [Thu, 18 Jan 2018 05:27:51 +0000 (07:27 +0200)]
gcc50: Move out manpage version handling.
The Makefile.cco should only affect global ones.
zrj [Thu, 18 Jan 2018 05:26:06 +0000 (07:26 +0200)]
gcc47: Move out manpage version handling.
The Makefile.cco should only affect global ones.
Matthew Dillon [Wed, 17 Jan 2018 21:30:57 +0000 (13:30 -0800)]
corepower - Add kabylake support
* Add kabylake support (just the id needed)
Sascha Wildner [Wed, 17 Jan 2018 12:30:12 +0000 (13:30 +0100)]
etc/remote: Fix ucom[234].
Peeter Must [Wed, 17 Jan 2018 09:32:13 +0000 (11:32 +0200)]
kernel/evdev: Whitespace correction in input-event-codes.h
Peeter Must [Wed, 17 Jan 2018 08:48:52 +0000 (10:48 +0200)]
kernel/evdev: Update input-event-codes.h
Taken-from: Linux
Sepherosa Ziehau [Tue, 16 Jan 2018 05:07:14 +0000 (13:07 +0800)]
ipfw: Add icmpcodes support.
Matthew Dillon [Tue, 16 Jan 2018 00:42:00 +0000 (16:42 -0800)]
kernel - Fix busdma allocation bug
* Fix a bug where kmalloc() could be used to allocate DMA memory
that the caller intends to be non-cacheable.
If a non-cacheable tag is specified, bus_dma now uses contigmalloc.
* Use the bus_dmamap_t pointer to differentiate between kmalloc
and contigmalloc allocated memory, instead of running tag tests.
This is a bit of a hack, but its the easiest solution.
Matthew Dillon [Tue, 16 Jan 2018 00:40:31 +0000 (16:40 -0800)]
kernel - xhci cleanup, lock attach
* Lock xhci during attach to avoid spurious interrupts from
hitting the interrupt routine too early.
* Install interrupt after controller startup, but before
the main usb code begins querying it.
* Cleanup syntax
Matthew Dillon [Tue, 16 Jan 2018 00:37:35 +0000 (16:37 -0800)]
kernel - Add a global priority hack for ACPI
* Allows ACPI to fully probe and attach all acpi devices before
attaching any non-ACPI devices.
* May improve device attach stability.
* Currently only implemented at the top-level of the acpi
device tree.
Matthew Dillon [Tue, 16 Jan 2018 00:34:06 +0000 (16:34 -0800)]
kernel - Handle ig4 controller startup errors
* Fail the attach on controller startup errors. For some reason the
dell xps 13 says there's I2C controller, but the controller appears
to be permanente disabled and will refuse to enable.
Matthew Dillon [Tue, 16 Jan 2018 00:28:21 +0000 (16:28 -0800)]
cpucontrol - Add amd10h support
* Add support for ryzen and later microcodes.
* Adds general support for AMD microcodes in their
packed format. No need to unpack AMD microcode any
more, cpucontrol will parse the distribution file
from AMD.
Taken-from: FreeBSD
Sascha Wildner [Mon, 15 Jan 2018 18:43:39 +0000 (19:43 +0100)]
kernel: Add acpi and a number of related drivers to our default config.
These are: gpio_acpi, gpio_intel, smbus and smbacpi. Leave
ichiic (aka ig4) commented out for now because it seems to have
issues with latest generation Intel CPUs.
Adjust the manual page a bit and remove an obsolete comment in LINT64.
In-discussion-with: dillon, ivadasz
Tomohiro Kusumi [Mon, 15 Jan 2018 17:23:55 +0000 (19:23 +0200)]
sbin/mount_autofs: Change include path from fs/ to vfs/
/usr/include/fs seems to exist as a symlink to vfs/,
but change include path to vfs.
Tomohiro Kusumi [Mon, 15 Jan 2018 15:37:53 +0000 (17:37 +0200)]
sbin/mount_autofs: Port mount_autofs(8) from NetBSD
Christos added this to NetBSD, so why not for DragonFly.
One will write something simlar to this when porting autofs,
until autofs(5)/automount(8)/automountd(8) become usable enough.
While I try to minimize diff from FreeBSD for autofs userspace
by not making trivial style fixes, new things from NetBSD are
appreciated.
-o getargs support is dropped since unsupported on DragonFly.
Sascha Wildner [Mon, 15 Jan 2018 10:04:15 +0000 (11:04 +0100)]
kernel/ath_hal: Add missing header to fix build with -Wundef.
Sascha Wildner [Mon, 15 Jan 2018 09:58:10 +0000 (10:58 +0100)]
kernel/my: Fix -Wundef.
Sascha Wildner [Mon, 15 Jan 2018 08:42:53 +0000 (09:42 +0100)]
s/NO_MAN/NOMAN/ in various Makefiles.
Sascha Wildner [Mon, 15 Jan 2018 08:31:30 +0000 (09:31 +0100)]
Simplify some Makefiles.
If there is just one source file that is named ${PROG}.c, SRCS does
not need to be set.
Sascha Wildner [Mon, 15 Jan 2018 07:55:34 +0000 (08:55 +0100)]
Remove test/dsched*. This doesn't build anymore after
3573cf7bf66147.
Sascha Wildner [Mon, 15 Jan 2018 06:56:04 +0000 (07:56 +0100)]
Update the pciconf(8) database.
January 14, 2018 snapshot from http://pciids.sourceforge.net/
Tomohiro Kusumi [Sun, 14 Jan 2018 14:14:46 +0000 (16:14 +0200)]
sys/vfs/autofs: prevent assert on unmount.
Bring in below commit from NetBSD/autofs. This hasn't existed in
FreeBSD and DragonFly. This at least avoids potential panic via
assertion failure on unmount like PR 3062. Note that the assertion
in autofs_node_delete() is good. There might be mkdir related bug.
The GitHub link below may not be a valid URL in the future.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/fs/autofs/autofs_vfsops.c.diff?r1=1.2&r2=1.3
(https://github.com/NetBSD/src/commit/
59fdd9b6d94c045e89f22f06c9a6f6d6c0fd60f2)
Sascha Wildner [Sat, 13 Jan 2018 22:37:38 +0000 (23:37 +0100)]
kernel: Fix some -Wundef warnings in oce(4) and mps(4).
__FreeBSD_version is not defined in DragonFly, so make it clearer
which path we take.
Imre Vadász [Sat, 13 Jan 2018 20:37:40 +0000 (21:37 +0100)]
syscons - Skip drawing of the border, when switching to a graphics vty.
* When the target vty in a vty switch is in graphics mode, and we have
a dumb framebuffer (sc->fbi != NULL), we definitely don't need to
call sc_set_border().
Imre Vadász [Sat, 13 Jan 2018 20:11:40 +0000 (21:11 +0100)]
syscons - Use COL and ROW #define constants.
Sascha Wildner [Sat, 13 Jan 2018 20:37:56 +0000 (21:37 +0100)]
Add __attribute__((__noreturn__)) to various function prototypes in usr.sbin/.
This general cleanup is useful in various ways. It helps the compiler
optimize better and it also helps later GCCs detect better when to give
-Wimplicit-fallthrough warnings and when not.
Found-with: -Wsuggest-attribute=noreturn
Sascha Wildner [Fri, 12 Jan 2018 14:02:59 +0000 (15:02 +0100)]
ftp-proxy(8): exit_daemon() never returns, do do not pretend it does.
Sascha Wildner [Thu, 11 Jan 2018 10:19:17 +0000 (11:19 +0100)]
dntpd(8): client_main() never returns, so do not pretend it does.
Sascha Wildner [Wed, 10 Jan 2018 08:09:12 +0000 (09:09 +0100)]
autofs: main_auto{,un}mountd() never return, so do not pretend they do.
Sascha Wildner [Sat, 13 Jan 2018 12:28:22 +0000 (13:28 +0100)]
watchdogd(8): Staticize.
Sascha Wildner [Sat, 13 Jan 2018 12:25:43 +0000 (13:25 +0100)]
traceroute6(8): Staticize and remove unused variables/functions.
Sascha Wildner [Sat, 13 Jan 2018 12:20:06 +0000 (13:20 +0100)]
traceroute(8): Staticize.
Sascha Wildner [Sat, 13 Jan 2018 12:10:47 +0000 (13:10 +0100)]
timed(8): slave() never returns, so don't pretend it does.
Sascha Wildner [Sat, 13 Jan 2018 12:08:16 +0000 (13:08 +0100)]
timed(8): master() never returns, so don't pretend it does.
Sascha Wildner [Sat, 13 Jan 2018 11:37:07 +0000 (12:37 +0100)]
sensorsd(8): Staticize.
Sascha Wildner [Sat, 13 Jan 2018 11:33:10 +0000 (12:33 +0100)]
rwhod(8): Staticize.
Sascha Wildner [Sat, 13 Jan 2018 10:35:54 +0000 (11:35 +0100)]
route6d(8): Staticize and remove unused variables/functions.
While here, use __printflike(), fix a va_end() after exit() case and
print strerror() in fatal() only if errno is actually set (this last
one was taken from FreeBSD).
Sascha Wildner [Sat, 13 Jan 2018 09:57:06 +0000 (10:57 +0100)]
mld6query(8): Staticize and raise WARNS to 6.
Sascha Wildner [Sat, 13 Jan 2018 09:53:53 +0000 (10:53 +0100)]
mld6query(8): Rename mld6.c -> mld6query.c
Sascha Wildner [Sat, 13 Jan 2018 09:26:23 +0000 (10:26 +0100)]
gifconfig(8): Staticize and remove some unused variables.
Tomohiro Kusumi [Fri, 12 Jan 2018 19:46:53 +0000 (21:46 +0200)]
usr.sbin/autofs: Make automount(8) call chdir("/") before create_directory()
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224601
Unlike automountd where the daemon is daemonized or lesser-daemonized,
an automount process isn't necessarily at /, and this results in
creating unneeded directories at the current directory.
In the example below, mounting autofs on /mnt/media fails because the
command mkdirs mnt/media instead of /mnt/media. If /mnt/media already
exists the command can mount autofs on /mnt/media, but it still mkdirs
unneeded directories mnt/media.
Calling chdir("/") before creation and restoring the directory after
creation avoids this.
--
[root@]~# automount -L
/mnt/media -nosuid -media # indirect map referenced at /etc/auto_master:8
[root@]~# ls mnt
ls: mnt: No such file or directory
[root@]~# automount
automount: cannot mount map -media on /mnt/media: No such file or directory
[root@]~# mount | grep autofs
[root@]~# ls mnt
media
[root@]~# tree mnt
mnt
`-- media
Sascha Wildner [Fri, 12 Jan 2018 12:59:06 +0000 (13:59 +0100)]
bsd-family-tree: Sync yet again with FreeBSD.
Tomohiro Kusumi [Thu, 11 Jan 2018 21:19:20 +0000 (23:19 +0200)]
sys/vfs/autofs: Cleanup autofs_mount()
Drop unneeded local char[MAXPATHLEN] variable.
Bring in comments I've added to NetBSD/autofs for better readability.
Matthew Dillon [Thu, 11 Jan 2018 20:50:31 +0000 (12:50 -0800)]
kernel - Implement spectre mitigations part 4 (cleanup)
* Cleanup the detection code a bit. Do not turn on global
spectre_*_supported flags unless all cpus agree.
Matthew Dillon [Thu, 11 Jan 2018 20:48:18 +0000 (12:48 -0800)]
kernel - Implement spectre mitigations part 3 (stabilization)
* Fix a bug in the system call entry code. The wrong stack pointer
was being loaded for KMMUENTRY_SYSCALL and KMMUENTRY_SYSCALL was
using an offset that did not exist in certain situations.
* Load the correct stack pointer, but also change KMMUENTRY_CORE
to not use stack-relative loads and stores. Instead it uses
the trampframe directly via %gs:BLAH
Reported-by: zrj
Sascha Wildner [Thu, 11 Jan 2018 10:22:52 +0000 (11:22 +0100)]
fdcontrol(8): Staticize and bump WARNS to 6.
Sascha Wildner [Thu, 11 Jan 2018 09:57:39 +0000 (10:57 +0100)]
clog(8): Staticize.
Sascha Wildner [Thu, 11 Jan 2018 09:54:07 +0000 (10:54 +0100)]
clog: Use standard MAN variable.
Sascha Wildner [Thu, 11 Jan 2018 09:44:58 +0000 (10:44 +0100)]
cdcontrol(8): Staticize and remove a wrong prototype.
Sascha Wildner [Thu, 11 Jan 2018 09:37:06 +0000 (10:37 +0100)]
burncd(8): Staticize.
Sascha Wildner [Wed, 10 Jan 2018 08:47:21 +0000 (09:47 +0100)]
btconfig(8): Staticize.
zrj [Wed, 10 Jan 2018 07:07:54 +0000 (09:07 +0200)]
kernel/sysv: Fix wrong assignment.
Pointed-by: dillon
Matthew Dillon [Wed, 10 Jan 2018 22:59:47 +0000 (14:59 -0800)]
kernel - Implement spectre mitigations part 2
* NOTE: The last few commits may have said 'IBPB' but they really
meant 'IBRS. The last few commits addde IBRS support, this one
cleans that up and adds IBPB support.
* Intel says for IBRS always-on mode (mode 2), SPEC_CTRL still has
to be poked on every user->kernel entry as a barrier, even though
the value is not being changed. So make this change. This actually
somewhat improves performance a little on Skylake and later verses
when I just set it globally and left it that way.
* Implement IBPB detection and support on Intel. At the moment
we default to turning it off because the performance hit is pretty
massive. Currently the work on linux is only using IBPB for
VMM related operations and not for user->kernel entry.
* Enhance the machdep.spectre_mitigation sysctl to print out
what the mode matrix is whenever you change it, in human
readable terms.
0 IBRS disabled IBPB disabled
1 IBRS mode 1 (kernel-only) IBPB disabled
2 IBRS mode 2 (at all times) IBPB disabled
4 IBRS disabled IBPB enabled
5 IBRS mode 1 (kernel-only) IBPB enabled
6 IBRS mode 2 (at all times) IBPB enabled
Currently we default to (1) instead of (5) when we detect that
the microcode detects both features. IBPB is not turned on by default
(you can see why below).
* Haswell and Skylake performance loss matrix using the following
test. This tests a high-concurrency compile, which is approximately
a 5:1 user:kernel test with high concurrency.
The haswell box is: i3-4130 CPU @ 3.40GHz (2-core/4-thread)
The skylake box is: i5-6500 CPU @ 3.20GHz (4-core/4-thread)
This does not include MMU isolation losses, which will add another
3-4% or so in losses.
(/usr/obj on tmpfs)
time make -j 8 nativekernel NO_MODULES=TRUE
PERFORMANCE LOSS MATRIX
HASWELL SKYLAKE
IBPB=0 IBPB=1 IBPB=0 IBPB=1
IBRS=0 0% 12% 0% 17%
IBRS=1 >12%< 21% >2.4%< 15%
IBRS=2 58% 60% 23% 32%
Note that the automatic default when microcode support is detected
is IBRS=1, IBPB=0 (12% loss on Haswell and 2.4% loss on Skylake
for this test). If we add 3-4% or so for MMU isolation, a Haswell
cpu loses around 16% and a Skylake cpu loses around 6% or so in
performance.
PERFORMANCE LOSS MATRIX
(including 3% MMU isolation losses)
HASWELL SKYLAKE
IBPB=0 IBPB=1 IBPB=0 IBPB=1
IBRS=0 3% 15% 3% 20%
IBRS=1 >15%< 24% >5.4%< 18%
IBRS=2 61% 63% 26% 35%
Tomohiro Kusumi [Wed, 10 Jan 2018 21:21:46 +0000 (23:21 +0200)]
sys/vfs/autofs: Drop AUTOFSDONE101
This ioctl was never needed by DragonFly which was ported in 2016.
The ioctl implementation was kept in kernel side for no reason,
while automountd never used this in DragonFly.
NetBSD also dropped this ioctl when they recently merged autofs
to -current.
https://github.com/NetBSD/src/blob/trunk/sys/fs/autofs/autofs_ioctl.h
Matthew Dillon [Wed, 10 Jan 2018 05:36:18 +0000 (21:36 -0800)]
kernel - Implement spectre mitigations part 1
* Implement machdep.spectre_mitigation. This can be set as a tunable
or sysctl'd later. The tunable is only applicable if the BIOS has
the appropriate microcode, otherwise you have to update the microcode
first and then use sysctl to set the mode.
This works similarly to Linux's IBRS support.
mode 0 - Spectre IBPB MSRs disabled
mode 1 - Sets IBPB MSR on USER->KERN transition and clear it
on KERN->USER.
mode 2 - Leave IBPB set globally. Do not toggle on USER->KERN or
KERN->USER transitions.
* Retest spectre microcode MSRs on microcode update.
* Spectre mode 1 is enabled by default if the microcode supports it.
(we might change this to disabled by default, I'm still mulling it
over).
* General performance effects (not counting the MMU separation mode,
which is machdep.meltdown_mitigation and adds another 3% in overhead):
Skylake loses around 5% for mode 1 and 12% for mode 2, verses mode 0.
Haswell loses around 12% for mode 1 and 53% for mode 2, verses mode 0.
Add another 3% if MMU separation is also turned on (aka
machdep.meltdown_mitigation).
* General system call overhead effects on Skylake:
machdep.meltdown_mitigation=0, machdep.spectre_mitigation=0 103ns
machdep.meltdown_mitigation=1, machdep.spectre_mitigation=0 360ns
machdep.meltdown_mitigation=1, machdep.spectre_mitigation=1 848ns
machdep.meltdown_mitigation=1, machdep.spectre_mitigation=2 404ns
Note that mode 1 has better overall performance for mixed user+kernel
workloads despite having a much higher system call overhead, whereas
mode 2 has lower system call overhead but generally lower overall
performance because IBPB is enabled in usermode.
Matthew Dillon [Wed, 10 Jan 2018 01:17:04 +0000 (17:17 -0800)]
kernel - Rename machdep.isolated_user_pmap to meltdown_mitigation
* Rename machdep.isolated_user_pmap to
machdep.meltdown_mitigation.
Matthew Dillon [Tue, 9 Jan 2018 19:56:08 +0000 (11:56 -0800)]
kernel - Increase microcode size limit from 32KB to 4MB
* Increase the microcode size limit to 4MB. Newer microcodes exceed
the previous 32KB limit. e.g. the latest Skylake microcode is 97KB.
* Fixes cpucontrol -u operations on newer cpus.
Taken-from: FreeBSD
Sascha Wildner [Tue, 9 Jan 2018 07:31:55 +0000 (08:31 +0100)]
boot/efi: Include just Uefi.h instead of Uefi{BaseType,Spec}.h
Sascha Wildner [Tue, 9 Jan 2018 07:22:33 +0000 (08:22 +0100)]
boot/efi: Bring in an additional TianoCore EDK II header.
Taken from the MdePkg of the UDK2017 branch of the
git://github.com/tianocore/edk2 repository.
All I modified was killing CRs using 'tr -d "\015"'.
This is a work in progress.
Tomohiro Kusumi [Sun, 7 Jan 2018 16:51:52 +0000 (18:51 +0200)]
sys/vfs/autofs: Cleanups
Eitan Adler [Sun, 7 Jan 2018 06:28:58 +0000 (22:28 -0800)]
ldconfig(8): clean up manual page
- describe "-s"
- add newlines to sentence ends
- clarify file usage
Reviewed-by: swildner
Sascha Wildner [Sun, 7 Jan 2018 06:19:32 +0000 (07:19 +0100)]
arp(8): Staticize.
Sascha Wildner [Sun, 7 Jan 2018 06:19:18 +0000 (07:19 +0100)]
ac(8): Staticize and raise WARNS to 6.
While here, put a CONSOLE_TTY specific prototype in a corresponding
#ifdef.
Eitan Adler [Sun, 7 Jan 2018 05:21:56 +0000 (21:21 -0800)]
xtr(1) clean up
- clean usage of comma operator
- use char instead of int
- add brackets
Reviewed-by: dillon
Tomohiro Kusumi [Sat, 6 Jan 2018 18:37:53 +0000 (20:37 +0200)]
etc/autofs: Sync with FreeBSD commits
Bring in below from FreeBSD@GitHub in 1 commit.
64382aa4e68 Add /etc/autofs/include_nis, a non-rewriting NIS map.
a5ff2845f3f Rename /etc/autofs/include_nis to /etc/autofs/include_nis_nullfs, to indicate that this script provides nullfs map rewriting for local mounts.
759e1781cc0 Change formatting; no functional changes.
Tomohiro Kusumi [Sat, 6 Jan 2018 18:28:14 +0000 (20:28 +0200)]
etc/autofs: Cleanup trailing whitespaces
This generates diff between these and FreeBSD scripts.
Tomohiro Kusumi [Sat, 6 Jan 2018 18:16:46 +0000 (20:16 +0200)]
usr.sbin/fstyp: Remove local MIN() definition
This isn't needed.
Having local MIN() also broke compilation on NetBSD with ZFS support,
due to ZFS headers already included sys/param.h.
Matthew Dillon [Sat, 6 Jan 2018 18:13:31 +0000 (10:13 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 6 (stabilization)
* Stabilization. Fix a bug which can crash the machine when the sysctl
is toggled back and forth on a live system.
* The fork code was inheriting ISOMMU in pcb_flags from the parent
process, but potentially not getting a pmap with the feature configured
due to the sysctl being toggled off.
Reported-by: profmakx, zrj, swildner
Sascha Wildner [Sat, 6 Jan 2018 16:58:09 +0000 (17:58 +0100)]
kernel/lagg: Normalize various #if XXX and #ifdef XXX to #if 0.
Fixes some -Wundef warnings too.
No functional change.
zrj [Sat, 6 Jan 2018 14:39:31 +0000 (16:39 +0200)]
drm/radeon: Fix -Wundef warnings.
Pointed-by: swildner
Sepherosa Ziehau [Sat, 6 Jan 2018 05:03:41 +0000 (13:03 +0800)]
ipfw: ICMP_MAXTYPE could be any value; don't assume it's < 32
It is 40 as of this commit.
Sepherosa Ziehau [Sat, 6 Jan 2018 04:58:02 +0000 (12:58 +0800)]
ipfw: Support all possible ICMP types.
Sepherosa Ziehau [Sat, 6 Jan 2018 03:48:12 +0000 (11:48 +0800)]
ipfw.8: Reset do_pipe and do_table.
Since ipfw_main could be called in a loop, if the rules are loaded
from file.
Sepherosa Ziehau [Sat, 6 Jan 2018 03:35:53 +0000 (11:35 +0800)]
ipfw: Define instruction size max.
Matthew Dillon [Sat, 6 Jan 2018 07:53:47 +0000 (23:53 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 5
* Fix iretq fault handling. As I thought, I messed it up with
the trampoline patches. Fixing it involves issuing the correct
KMMU* macros to ensure that the code is on the correct stack
and has the correct mmu context.
Revalidate with a test program that uses a signal handler to
change the stack segment descriptor to something it shouldn't
be.
* Get rid of the "kernel trap 9..." console message for the iretq
fault case.
Sascha Wildner [Sat, 6 Jan 2018 05:31:50 +0000 (06:31 +0100)]
Add __attribute__((__noreturn__)) to various function prototypes in usr.bin/.
This general cleanup is useful in various ways. It helps the compiler
optimize better and it also helps later GCCs detect better when to give
-Wimplicit-fallthrough warnings and when not.
Found-with: -Wsuggest-attribute=noreturn
Sascha Wildner [Sat, 6 Jan 2018 05:15:37 +0000 (06:15 +0100)]
xstr(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 05:06:20 +0000 (06:06 +0100)]
whereis(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 05:03:17 +0000 (06:03 +0100)]
usbhidaction(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 04:58:52 +0000 (05:58 +0100)]
uname(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 04:39:51 +0000 (05:39 +0100)]
tcopy(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 04:23:41 +0000 (05:23 +0100)]
symorder(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 04:20:07 +0000 (05:20 +0100)]
stat(1): Staticize.
Sascha Wildner [Sat, 6 Jan 2018 04:15:08 +0000 (05:15 +0100)]
ruptime(1): Staticize and remove a wrong prototype.
Sascha Wildner [Sat, 6 Jan 2018 03:38:16 +0000 (04:38 +0100)]
nfsstat(1): Staticize and remove an unused variable.
Matthew Dillon [Fri, 5 Jan 2018 17:52:13 +0000 (09:52 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 4
* This completes 99% of the meltdown mitigation work, implementing
a feature which isolates user and kernel page tables. There
are currently two remaining TODO's:
(1) We still map all of kernel text (btext to etext) to avoid
having to tabulate vector entry and exit points. No
kernel data or bss or any other kernel data is mapped,
beyond trampoline and cpu hw requirements.
(2) iretq + %gs fault bug needs to be re-tested.
* Automate enablement of machdep.isolated_user_pmap added.
The bug mitigation will be enabled for all Intel CPUs.
This will increase system call and interrupt overhead by
150-250nS. System-call-heavy or interrupt-heavy workloads
will be more severely effected (network, database, high speed
storage, etc), up to 30%. Nominal workloads such as compiles will
lose around 5%.
* Cleanup boot messages (zrj).
* Rename sysctl from vm.isolated_user_pmap to
machdep.isolated_user_pmap (zrj)
Matthew Dillon [Fri, 5 Jan 2018 08:47:46 +0000 (00:47 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 3/3
* Implement the isolated pmap template, iso_pmap. The pmap code will
generate a dummy iso_pmap containing only the kernel mappings required
for userland to be able to transition into the kernel and vise-versa.
The mappings needed are:
(1) The per-cpu trampoline area for our stack (rsp0)
(2) The global descriptor table (gdt) for all cpus
(3) The interrupt descriptor table (idt) for all cpus
(4) The TSS block for all cpus (we store this in the trampoline page)
(5) Kernel code addresses for the interrupt vector entry and exit
* In this implementation the 'kernel code' addresses are currently just
btext to etext. That is, the kernel's primary text area. Kernel
data and bss are not part of the isolation map.
TODO - just put the vector entry and exit points in the map, and
not the entire kernel.
* System call performance is reduced when isolation is turned on.
100ns -> 350ns or so. However, typical workloads should not lose
more than 5% performance or so. System-call heavy and interrupt-heavy
workloads (network, database, high-speed storage, etc) can lose a lot
more performance.
We leave the trampoline code in-place whether isolation is turned on
or not. The trampoline overhead, without isolation, is only 5nS or so.
* Fix a missing exec-related trampoline initialization.
* Clean-up kernel page table PTEs a bit. PG_M is ignored on non-terminal
PTEs, so don't set it. Also don't set PG_U in non-terminal kernel
page table pages (PG_U is never set on terminal PTEs so this wasn't
a problem, but we should be correct).
* Fix a bug in fast_syscall's trampoline stack. The wrong stack
pointer was being loaded.
* Move mdglobaldata->gd_common_tss to privatespace->common_tss.
Place common_tss in the same page as the trampoline to reduce
exposure to globaldata from the isolated MMU context.
* 16-byte align struct trampframe for convenience.
* Fix a bug in POP_FRAME. Always cli in order to avoid getting
an interrupt just at the iretq instruction, which might be
misinterpreted.
Matthew Dillon [Thu, 4 Jan 2018 18:34:51 +0000 (10:34 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 2/3
* Cleanup pass. Throw in some documentation.
* Move the gd_pcb_* fields into the trampoline page to allow
kernel memory to be further restricted in part 3.
Matthew Dillon [Wed, 3 Jan 2018 20:45:17 +0000 (12:45 -0800)]
kernel - Intel user/kernel separation MMU bug fix part 1/3
* Part 1/3 of the fix for the Intel user/kernel separation MMU bug.
It appears that it is possible to discern the contents of kernel
memory with careful timing measurements of instructions due to
speculative memory reads and speculative instruction execution
by Intel cpus. This can happen because Intel will allow both to
occur even when the memory access is later disallowed due to
privilege separation in the PTE.
Even though the execution is always aborted, the speculative
reads and speculative execution results in timing artifacts which
can be measured. A speculative compare/branch can lead to timing
artifacts that allow the actual contents of kernel memory to be
discerned.
While there are multiple speculative attacks possible, the Intel
bug is particularly bad because it allows a user program to more
or less effortlessly access kernel memory (and if a DMAP is
present, all of physical memory).
* Part 1 implements all the logic required to load an 'isolated'
version of the user process's PML4e into %cr3 on all user
transitions, and to load the 'normal' U+K version into %cr3 on
all transitions from user to kernel.
* Part 1 fully allocates, copies, and implements the %cr3 loads for
the 'isolated' version of the user process PML4e.
* Part 1 does not yet actually adjust the contents of this isolated
version to replace the kernel map with just a trampoline map in
kernel space. It does remove the DMAP as a test, though. The
full separation will be done in part 3.
Sascha Wildner [Fri, 5 Jan 2018 16:46:05 +0000 (17:46 +0100)]
kernel/vmxnet3: Fix wrong check (no functional change).
Eitan Adler [Fri, 5 Jan 2018 06:48:14 +0000 (22:48 -0800)]
morse(6): correct email for original author
Obtained-From: FreeBSD
Sascha Wildner [Fri, 5 Jan 2018 02:01:22 +0000 (03:01 +0100)]
libthread_xu: Fix a typo in a comment.
Sascha Wildner [Fri, 5 Jan 2018 01:57:01 +0000 (02:57 +0100)]
Clean up a bit for symlinked headers.
<errno.h> as well as <poll.h> are symlinked to their <sys/...>
counterparts, so there is no need to include both.
Also fix a comment that suggests that there is a difference.
Peeter Must [Thu, 4 Jan 2018 12:34:57 +0000 (14:34 +0200)]
kernel/evdev: Expose headers to userland.