cem [Sat, 23 May 2020 21:23:46 +0000 (21:23 +0000)]
Update to Zstandard 1.4.5
As usual, the full release notes are found on Github:
https://github.com/facebook/zstd/releases/tag/v1.4.5
Notable changes include:
* Improved decompress performance on amd64 and arm (5-10%
and 15-50%, respectively).
* '--patch-from' zstd(1) CLI option, which provides something like a very fast
version of bspatch(1) with slightly worse compression. See release notes.
In this update, I dropped the 3-year old -O0 workaround for an LLVM ARM bug;
the bug was fixed in LLVM SVN in 2017, but we didn't remove this workaround
from our tree until now.
MFC after: I won't, but feel free
Relnotes: yes
cem [Sat, 23 May 2020 20:39:36 +0000 (20:39 +0000)]
contrib/zstd: Revise Xlist for 1.4.5 import
cem [Sat, 23 May 2020 20:37:33 +0000 (20:37 +0000)]
Import Zstd 1.4.5
manu [Sat, 23 May 2020 19:52:20 +0000 (19:52 +0000)]
bbr: Use arc4random_uniform from libkern.
This unbreak LINT build
Reported by: jenkins, melifaro
melifaro [Sat, 23 May 2020 19:06:57 +0000 (19:06 +0000)]
Move <add|del|change>_route() functions to route_ctl.c in preparation of
multipath control plane changed described in D24141.
Currently route.c contains core routing init/teardown functions, route table
manipulation functions and various helper functions, resulting in >2KLOC
file in total. This change moves most of the route table manipulation parts
to a dedicated file, simplifying planned multipath changes and making
route.c more manageable.
Differential Revision: https://reviews.freebsd.org/D24870
manu [Sat, 23 May 2020 17:52:25 +0000 (17:52 +0000)]
linuxkpi: Add prandom_u32_max
This is just a wrapper around arc4random_uniform
Needed by DRM v5.3
Sponsored-by: The FreeBSD Foundation
Reviewed by: cem, hselasky
Differential Revision: https://reviews.freebsd.org/D24961
manu [Sat, 23 May 2020 17:51:06 +0000 (17:51 +0000)]
libkern: Add arc4random_uniform
This variant get a random number up to the limit passed as the argument.
This is simply a copy of the libc version.
Sponsored-by: The FreeBSD Foundation
Reviewed by: cem, hselasky (previous version)
Differential Revision: https://reviews.freebsd.org/D24962
melifaro [Sat, 23 May 2020 12:15:47 +0000 (12:15 +0000)]
Remove refcounting from rtentry.
After making rtentry reclamation backed by epoch(9) in r361409, there is
no reason in keeping reference counting code.
Differential Revision: https://reviews.freebsd.org/D24867
dim [Sat, 23 May 2020 10:32:18 +0000 (10:32 +0000)]
Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc1-0-gf79cd71e145 (aka 10.0.1 rc1).
MFC after: 3 weeks
melifaro [Sat, 23 May 2020 10:21:02 +0000 (10:21 +0000)]
Use epoch(9) for rtentries to simplify control plane operations.
Currently the only reason of refcounting rtentries is the need to report
the rtable operation details immediately after the execution.
Delaying rtentry reclamation allows to stop refcounting and simplify the code.
Additionally, this change allows to reimplement rib_lookup_info(), which
is used by some of the customers to get the matching prefix along
with nexthops, in more efficient way.
The change keeps per-vnet rtzone uma zone. It adds nh_vnet field to
nhop_priv to be able to reliably set curvnet even during vnet teardown.
Rest of the reference counting code will be removed in the D24867 .
Differential Revision: https://reviews.freebsd.org/D24866
jhb [Fri, 22 May 2020 20:52:36 +0000 (20:52 +0000)]
Remove a workaround for GCM requests with an empty payload.
This was copied from ccr(4) (which does require the workaround), but
is reportedly not needed for ccp(4).
Discussed with: cem
Sponsored by: Netflix
mhorne [Fri, 22 May 2020 18:54:56 +0000 (18:54 +0000)]
Simplify the RISC-V kernel linker invocation
Remove our custom SYSTEM_LD definition. This generates program headers
that are more consistent with other architectures, and more importantly,
are in line with what loader(8) expects when loading a kernel.
As noted in https://reviews.freebsd.org/D22920, there is no apparent
reason why the kernel would need a writable text segment, so removal of
the -N flag isn't likely to cause issue.
Reviewed by: kp, br
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24909
asomers [Fri, 22 May 2020 18:11:17 +0000 (18:11 +0000)]
Fix issues with FUSE_ACCESS when default_permissions is disabled
This patch fixes two issues relating to FUSE_ACCESS when the
default_permissions mount option is disabled:
* VOP_ACCESS() calls with VADMIN set should never be sent to a fuse server
in the form of FUSE_ACCESS operations. The FUSE protocol has no equivalent
of VADMIN, so we must evaluate such things kernel-side, regardless of the
default_permissions setting.
* The FUSE protocol only requires FUSE_ACCESS to be sent for two purposes:
for the access(2) syscall and to check directory permissions for
searchability during lookup. FreeBSD sends it much more frequently, due to
differences between our VFS and Linux's, for which FUSE was designed. But
this patch does eliminate several cases not required by the FUSE protocol:
* for any FUSE_*XATTR operation
* when creating a new file
* when deleting a file
* when setting timestamps, such as by utimensat(2).
* Additionally, when default_permissions is disabled, this patch removes one
FUSE_GETATTR operation when deleting a file.
PR: 245689
Reported by: MooseFS FreeBSD Team <freebsd@moosefs.pro>
Reviewed by: cem
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24777
mav [Fri, 22 May 2020 18:10:46 +0000 (18:10 +0000)]
Do not try to fill socket send buffer to the last byte.
Setting so_snd.sb_lowat to at least 1/8 of the socket buffer size allows
send thread more actively use PDUs coalescing, that dramatically reduces
TCP lock congestion and number of context switches, when the socket is
full and PDUs are small.
MFC after: 1 week
Sponsored by: iXsystems, Inc.
asomers [Fri, 22 May 2020 18:03:14 +0000 (18:03 +0000)]
Disable nullfs cacheing on top of fusefs
Nullfs cacheing can keep a large number of vnodes active. That results in
more active FUSE file handles, causing some FUSE servers to use extra
resources. Disable nullfs cacheing for fusefs, just like we already do for
NFSv4.
PR: 245688
Reported by: MooseFS FreeBSD Team <freebsd@moosefs.pro>
MFC after: 2 weeks
kib [Fri, 22 May 2020 17:52:09 +0000 (17:52 +0000)]
Implement Solaris-like link_map l_refname member.
The implementation is based on the public documentation, in particular
dlinfo(3) from Solaris.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
brooks [Fri, 22 May 2020 17:45:07 +0000 (17:45 +0000)]
Add an unprivileged mode where calls to install are passed appropriate
flags. For ease of integration, use the same flags as install:
-U unprivileged mode
-D <destdir> Specify DESTDIR (overrides the environment)
-M <metalog> Full path to METALOG file
Reviewed by: kevans
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24932
jhb [Fri, 22 May 2020 17:23:43 +0000 (17:23 +0000)]
Update name of description of vfs.ffs.setsize in comment.
Previously it used the name 'adjsize' instead of 'setsize'.
kib [Fri, 22 May 2020 17:23:09 +0000 (17:23 +0000)]
Convert linkmap_add() and linkmap_delete() to style(8).
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
jhb [Fri, 22 May 2020 17:21:22 +0000 (17:21 +0000)]
Correct the minimum key length for Camellia to 16 bytes (128 bits).
MFC after: 1 week
gordon [Fri, 22 May 2020 16:53:39 +0000 (16:53 +0000)]
Remove support for SSLv3 from the OpenSSL build.
This is the default configuration in OpenSSL 1.1.1 already. This moves
to align with that default.
Reported by: jmg
Approved by: jkim, cem, emaste, philip
Differential Revision: https://reviews.freebsd.org/D24945
jhb [Fri, 22 May 2020 16:29:09 +0000 (16:29 +0000)]
Improve support for stream ciphers in the software encryption interface.
Add a 'native_blocksize' member to 'struct enc_xform' that ciphers can
use if they support a partial final block. This is particular useful
for stream ciphers, but can also apply to other ciphers. cryptosoft
will only pass in native blocks to the encrypt and decrypt hooks. For
the final partial block, 'struct enc_xform' now has new
encrypt_last/decrypt_last hooks which accept the length of the final
block. The multi_block methods are also retired.
Mark AES-ICM (AES-CTR) as a stream cipher. This has some interesting
effects on IPsec in that FreeBSD can now properly receive all packets
sent by Linux when using AES-CTR, but FreeBSD can no longer
interoperate with OpenBSD and older verisons of FreeBSD which assume
AES-CTR packets have a payload padded to a 16-byte boundary. Kornel
has offered to work on a patch to add a compatiblity sysctl to enforce
additional padding for AES-CTR in esp_output to permit compatibility
with OpenBSD and older versions of FreeBSD.
AES-XTS continues to use a block size of a single AES block length.
It is possible to adjust it to support partial final blocks by
implementing cipher text stealing via encrypt_last/decrypt_last hooks,
but I have not done so.
Reviewed by: cem (earlier version)
Tested by: Kornel Dulęba <mindal@semihalf.com> (AES-CTR with IPsec)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24906
cem [Fri, 22 May 2020 15:30:14 +0000 (15:30 +0000)]
ctime.3: Use ASCII asterisks for C, not special unicode math glyphs
PR: 246656
Reported by: danfe
jilles [Fri, 22 May 2020 14:46:23 +0000 (14:46 +0000)]
sh: Remove a comment that was obsoleted by r358152
Since r358152, the read builtin has used a buffer.
Also, remove a space at the end of the line in a comment.
No functional change is intended.
avg [Fri, 22 May 2020 11:25:45 +0000 (11:25 +0000)]
net80211: post RTM_IFINFO notification after toggling IFF_DRV_RUNNING
This is useful when a wireless driver is stopped or started in response
to events like an RF Kill button press. Applications like
wpa_supplicant depend on such events to have a correct view of interface
state.
Reviewed by: adrian, cy, melifaro
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24925
avg [Fri, 22 May 2020 11:20:23 +0000 (11:20 +0000)]
libprocstat: fix ZFS support
First of all, znode_phys_t hasn't been used for storing file attributes
for a long time now. Modern ZFS versions use a System Attribute table
with a flexible layout. But more importantly all the required
information is available in znode_t itself.
It's not easy to include zfs_znode.h in userland without breaking code
because the most interesting parts of the header are kernel-only. And
hardcoding field offsets is too fragile. So, I created a new
compilation unit that includes zfs_znode.h using some mild kludges to
get it and its dependencies to compile in userland. The compilation
unit exports interesting field offsets and does not have any other code.
PR: 194117
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: Panzura
Differential Revision: https://reviews.freebsd.org/D24941
whu [Fri, 22 May 2020 10:50:29 +0000 (10:50 +0000)]
Bump __FreeBSD_version after r361275, HyperV socket support
Sponsored by: Microsoft
bapt [Fri, 22 May 2020 09:38:44 +0000 (09:38 +0000)]
Update pciids to 2020.05.22
MFC after: 2 days
whu [Fri, 22 May 2020 09:17:07 +0000 (09:17 +0000)]
Socket AF_HYPERV should return failure when it is not running on HyperV
Reported by: pho
Sponsored by: Microsoft
rgrimes [Fri, 22 May 2020 03:13:29 +0000 (03:13 +0000)]
Include all currently present kernel options for IPFW
Also fix igor complaint about manpage/s/man page
Reported by: rgrimes@freebsd.org
PR: 219075
Submitted by: Dries Michiels driesm.michiels_gmail.com
Reported by: rgrimes
Reviewed by: bcr (manpages), 0mp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24541
markj [Fri, 22 May 2020 01:18:55 +0000 (01:18 +0000)]
Fix the build after r361033 when ACPI is disabled.
Reported by: Herbert J. Skuhra <herbert@gojira.at>
kib [Thu, 21 May 2020 22:24:23 +0000 (22:24 +0000)]
Restore the binary compatibility for link_map l_addr.
Keep link_map l_addr binary layout compatible, rename l_addr to l_base
where rtld returns map base. Provide relocbase in newly added l_addr.
This effectively reverts the patch to the initial version of D24918.
Reported by: antoine (portmgr)
Reviewed by: jhb, markj
Tested by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24946
rscheff [Thu, 21 May 2020 21:42:49 +0000 (21:42 +0000)]
DCTCP: update alpha only once after loss recovery.
In mixed ECN marking and loss scenarios it was found, that
the alpha value of DCTCP is updated two times. The second
update happens with freshly initialized counters indicating
to ECN loss. Overall this leads to alpha not adjusting as
quickly as expected to ECN markings, and therefore lead to
excessive loss.
Reported by: Cheng Cui
Reviewed by: chengc_netapp.com, rrs, tuexen (mentor)
Approved by: tuexen (mentor)
MFC after: 2 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D24817
rscheff [Thu, 21 May 2020 21:33:15 +0000 (21:33 +0000)]
With RFC3168 ECN, CWR SHOULD only be sent with new data
Overly conservative data receivers may ignore the CWR flag
on other packets, and keep ECE latched. This can result in
continous reduction of the congestion window, and very poor
performance when ECN is enabled.
Reviewed by: rgrimes (mentor), rrs
Approved by: rgrimes (mentor), tuexen (mentor)
MFC after: 3 days
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D23364
rscheff [Thu, 21 May 2020 21:26:21 +0000 (21:26 +0000)]
Retain only mutually supported TCP options after simultaneous SYN
When receiving a parallel SYN in SYN-SENT state, remove all the
options only we supported locally before sending the SYN,ACK.
This addresses a consistency issue on parallel opens.
Also, on such a parallel open, the stack could be coaxed into
running with timestamps enabled, even if administratively disabled.
Reviewed by: tuexen (mentor)
Approved by: tuexen (mentor)
MFC after: 2 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D23371
rscheff [Thu, 21 May 2020 21:15:25 +0000 (21:15 +0000)]
Handle ECN handshake in simultaneous open
While testing simultaneous open TCP with ECN, found that
negotiation fails to arrive at the expected final state.
Reviewed by: tuexen (mentor)
Approved by: tuexen (mentor), rgrimes (mentor)
MFC after: 2 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D23373
cy [Thu, 21 May 2020 21:00:46 +0000 (21:00 +0000)]
MFV r361322:
Update unbound 1.9.6 --> 1.10.1.
Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
Reported by: emaste
MFC after: 3 days
Relnotes: yes
Security: CVE-2020-12662, CVE-2020-12663
manu [Thu, 21 May 2020 20:18:38 +0000 (20:18 +0000)]
linuxkpi: Add rcu_work functions
The rcu_work function helps to queue some work after waiting for a grace
period.
This is needed by DRM drivers.
Sponsored-by: The FreeBSD Foundation
Reviewed by: hselasky
Differential Revision: https://reviews.freebsd.org/D24942
markj [Thu, 21 May 2020 18:38:41 +0000 (18:38 +0000)]
Fix ACCEPT_FILTER_DEFINE to pass the version to MODULE_VERSION.
MFC with: r361263
pstef [Thu, 21 May 2020 17:34:31 +0000 (17:34 +0000)]
indent(1): add fallthrough markers
This silences -Wimplicit-fallthrough warnings.
Submitted by: Michael Paquier
Obtained from: postgresql.org
MFC after: 3 days
bdragon [Thu, 21 May 2020 15:53:16 +0000 (15:53 +0000)]
[PowerPC] Fix kernel boot on powerpc
Recent changes have caused the vmspace objects to start coming from KVA
instead of direct-mapped memory on powerpc. As far as I can tell, this is
not actually a problem, so we should stop arbitrarily asserting that it is.
I do not know why this was not being triggered before.
Approved by: jhibbits
Sponsored by: Tag1 Consulting, Inc.
kevans [Thu, 21 May 2020 15:15:50 +0000 (15:15 +0000)]
ls: fix WITHOUT_LS_COLORS build
*sigh* references to colorflags should be gated by COLORLS.
Pointy hat to: kevans
Reported by: jenkins (rescue build)
X-MFC-With: r361318
kevans [Thu, 21 May 2020 14:39:00 +0000 (14:39 +0000)]
ls(1): actually restore proper behavior
Highlights:
- CLICOLOR in the environment should imply --color=auto to maintain
compatibility with historical behavior
- -G should set CLICOLOR and imply --color=auto
The manpage has been updated to draw the connection between -G and --color;
the former is in-fact a sort of compromise between --color=always and
--color=auto, where we'll output color regardless of the environment lacking
CLICOLOR/COLORTERM assuming stdout is a tty.
X-MFC-With: r361318
avg [Thu, 21 May 2020 13:46:30 +0000 (13:46 +0000)]
libprocstat: fix reading of file descriptor table via kvm
This seems to have been broken since r247602 (from year 2013!).
Can be easily tested with
fstat -N /boot/kernel/kernel -M /var/crash/vmcore.last
MFC after: 1 week
Sponsored by: Panzura
jmg [Thu, 21 May 2020 06:40:51 +0000 (06:40 +0000)]
Bring in support for single core Zynq devices. Turns out that real
hardware, the registers appear like there's two cores, but the second
core does not work, so base the number of cores upon the chip id.
Tested on a XC7Z007S.
also, previous commit was suppose to be D14429.
Submitted by: Thomas Skibo
Differential Revision: https://reviews.freebsd.org/D14429
jmg [Thu, 21 May 2020 06:17:54 +0000 (06:17 +0000)]
minor cleanup of white space, and function name in panic...
This is a partial commit of the review.
Submitted by: Thomas Skibo
Differential Revision: https://reviews.freebsd.org/D23319
Reviewed by: andrew
dougm [Thu, 21 May 2020 05:34:02 +0000 (05:34 +0000)]
For the case when RB_REMOVE requires a nontrivial search to find the
node to replace the one being removed, restructure to first remove the
replacement node and correct the parent pointers around it, and then
let the all-cases code at the end deal with the parent of the deleted
node, making it point to the replacement node. This removes one or two
conditional branches.
Reviewed by: markj
Tested by: pho
Differential Revision: https://reviews.freebsd.org/D24845
cy [Thu, 21 May 2020 05:01:52 +0000 (05:01 +0000)]
Vendor import of Unbound 1.10.1.
Security: CVE-2020-12662, CVE-2020-12663
adrian [Thu, 21 May 2020 04:35:12 +0000 (04:35 +0000)]
[ath] Hopefully recover better-er upon RX restart on AR9380.
This is all very long-standing bug stuff that is touchy and still poorly
documented. Ok, here goes.
The basic bug:
* deleting a VAP causes the RX path (and TX path too) to be restarted
without a full chip reset, which causes RX hangs on the AR9380 and later.
(ie, the ones with the newer DMA engine.)
The basic fix:
* do an RX flush when stopping RX in ath_vap_delete() to match what happens
when RX is stopped elsewhere. This ensures any pending frames are completed
and we restart at the right spot; it also ensures we don't push new RX buffers
into the hardware if we're stopping receive.
The other issues I found:
* Don't bother checking the RX packet ring in the deferred read taskqueue;
that's specifically supposed to be for completing frames rather than
just yanking them off the receive ring.
* Cancel/drain any pending deferred read taskqueue. This isn't done inside
any locks so we should be super careful here. This stops the hardware
being reprogrammed at the same time in another thread/CPU whilst we're
stopping RX.
* .. (yes, this should be better serialised, but that's for another day. maybe.)
* Add more debugging to trace what's going on here.
And the fun bit:
* Reinitialise the RX FIFO ONLY if we've been reset or stopped, rather than just
reset. I noticed that after all the above was done I was STILL seeing RXEOL.
RXEOL isn't enabled on the AR9380 so I'd only see it if I was sending TX frames
(ie a ping where it'd be transmitted but never received) so I was not being
spammed by RXEOL. So, as long as stuff is stopped, restart it.
This seems to be doing the right thing in both AP and STA modes.
What I should do next, if I ever get time:
* as I said above, serialise the receive stop/start to include taskqueues
* monitor RXEOL on the AR9380 and I keep seeing it spammed / lockups, just
go do a full chip reset to get things back on track. It sucks, but it
is better than nothing.
Tested:
* AR9380 AP/STA mode, adding/deleting a hostap VAP to trigger the TX/RX
queue stop/start; whilst also running an iperf through it. Lots of times.
Lots. Of.. Times.
adrian [Thu, 21 May 2020 04:26:20 +0000 (04:26 +0000)]
[ath] reset hardware if this particular mac bug is seen.
I have to dig into why I'm seeing it on chips as late as the AR9380 era
stuff (as it's marked as an AR5416 bug, but who knows!) but i'm seeing
aggregate TX frames complete with no blockack bit set. So, everything
should be treated as a failure and do a hardware reset for good measure.
Tested:
* AR9380, STA mode
* AR9580 (5GHz), AP mode
adrian [Thu, 21 May 2020 03:53:45 +0000 (03:53 +0000)]
[ath_rate_sample] Obey the maximum frame length even when using static rates.
I wasn't enforcing the maximum packet length when using static rates
so although the driver was enforcing it itself OK, the statistics were
sometimes going into the wrong bin.
Tested:
* AR9380, STA mode
kevans [Thu, 21 May 2020 03:50:56 +0000 (03:50 +0000)]
ls: fix a --color regression from r337956
The regression is in-fact that I flipped the default from never to auto. The
incorrect impression was based on an alias that I failed to notice,
installed by the Linux distribution that I used for testing compatibility
here. Users that want the old default should be doing so with a shell alias
as is done elsewhere, rather than making this decision in ls(1).
Many thanks to rgrimes for pointing out the alias that I clearly overlooked
that resulted in this; if you despised colors in your terminal from this,
consider buying him a beer at the next venue that you see him at.
MFC after: 1 week
Relnotes: yes
jhibbits [Thu, 21 May 2020 03:33:20 +0000 (03:33 +0000)]
powerpc: Handle machine checks caused by D-ERAT multihit
Instead of crashing the user process when a D-ERAT multihit is detected, try
to flush the ERAT, and continue. This machine check indicates a likely PMAP
invalidation shortcoming that will need to be addressed, but it's
recoverable, so just recover. The recovery is pmap-specific to flush the
ERAT, so add a pmap function to do so, currently only implemented by the
POWER9 radix pmap.
csjp [Thu, 21 May 2020 02:10:45 +0000 (02:10 +0000)]
Decode the file descriptor argument to closefrom(2) as an Integer.
This is consistent with what we are doing for close(2) and it makes
it a bit easier to follow when debugging file descriptor operations.
i.e. many other syscalls are decoding fds as integers rather than
base 16 numbers.
MFC after: 1 week
freqlabs [Thu, 21 May 2020 01:55:35 +0000 (01:55 +0000)]
Deduplicate fsid comparisons
Comparing fsid_t objects requires internal knowledge of the fsid structure
and yet this is duplicated across a number of places in the code.
Simplify by creating a fsidcmp function (macro).
Reviewed by: mjg, rmacklem
Approved by: mav (mentor)
MFC after: 1 week
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D24749
sjg [Wed, 20 May 2020 22:25:46 +0000 (22:25 +0000)]
Merge bmake-
20200517
Changes since
20181221 are mostly portability related
hence the large gap in versions imported.
There are however some bug fixes, and a rework of filemon handling.
In NetBSD make/filemon/filemon_ktrace.c allows use of fktrace
and elimination of filemon(4) which has not had the TLC it needs.
FreeBSD filemon(4) is in much better shape, so bmake/filemon/filemon_dev.c
allows use of that, with a bit less overhead than the ktrace model.
Summary of changes from ChangeLog
o str.c: empty string does not match % pattern
plus unit-test changes
o var.c: import handling of old sysV style modifier using '%'
o str.c: refactor brk_string
o meta.c: meta_oodate, CHECK_VALID_META is too aggressive for CMD
a blank command is perfectly valid.
o meta.c: meta_oodate, check for corrupted meta file
earlier and more often.
* meta.c: meta_compat_parent check for USE_FILEMON
patch from Soeren Tempel
o meta.c: fix compat mode, need to call meta_job_output()
o job.c: extra fds for meta mode not needed if using filemon_dev
o meta.c: avoid passing NULL to filemon_*() when meta_needed()
returns FALSE.
o filemon/filemon_{dev,ktrace}.c: allow selection of
filemon implementation. filemon_dev.c uses the kernel module
while filemon_ktrace.c leverages the fktrace api available in
NetBSD. filemon_ktrace.c can hopefully form the basis for
adding support for other tracing mechanisms such as strace on
Linux.
o meta.c: when target is out-of-date per normal make rules
record value of .OODATE in meta file.
o parse.c: don't pass NULL to realpath(3)
some versions cannot handle it.
o parse.c: ParseDoDependency: free paths rather than assert
plus more unit-tests
jhb [Wed, 20 May 2020 22:25:41 +0000 (22:25 +0000)]
Fix libstand build breakage after r361298.
- Use enc_xform_aes_xts.setkey() directly instead of duplicating the code
now that it no longer calls malloc().
- Rather than bringing back all of xform_userland.h, add a conditional
#include of <stand.h> to xform_enc.h.
- Update calls to encrypt/decrypt callbacks in enc_xform_aes_xts for
separate input/output pointers.
Pointy hat to: jhb
kib [Wed, 20 May 2020 22:08:26 +0000 (22:08 +0000)]
Change the samantic of struct link_map l_addr member.
It previously returned the object map base address, while all other
ELF operating systems return load offset, i.e. the difference between
map base and the link base.
Explain the meaning of the field in the man page.
Stop filling the mips-only l_offs member, which is apparently unused.
PR: 246561
Requested by: Damjan Jovanovic <damjan.jov@gmail.com>
Reviewed by: emaste, jhb, cem (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D24918
kib [Wed, 20 May 2020 22:00:31 +0000 (22:00 +0000)]
amd64: Add a knob to flush RSB on context switches if machine has SMEP.
The flush is needed to prevent cross-process ret2spec, which is not handled
on kernel entry if IBPB is enabled but SMEP is present.
While there, add i386 RSB flush.
Reported by: Anthony Steinhauser <asteinhauser@google.com>
Reviewed by: markj, Anthony Steinhauser
Discussed with: philip
admbugs: 961
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
dteske [Wed, 20 May 2020 21:39:19 +0000 (21:39 +0000)]
Fix indentation in bsdinstall-created wpa_supplicant.conf
PR: base/221982
Reported by: emaste
Reviewed by: emaste, allanjude
MFC after: 0 days
X-MFC-to: stable/11
Differential Revision: https://reviews.freebsd.org/D23641
kib [Wed, 20 May 2020 21:22:25 +0000 (21:22 +0000)]
Do not consider CAP_RDCL_NO as an indicator for all MDS vulnerabilities
handled by hardware.
Reported by: Anthony Steinhauser <asteinhauser@google.com>
admbugs: 962
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
jhb [Wed, 20 May 2020 21:21:01 +0000 (21:21 +0000)]
Various cleanups to the software encryption transform interface.
- Consistently use 'void *' for key schedules / key contexts instead
of a mix of 'caddr_t', 'uint8_t *', and 'void *'.
- Add a ctxsize member to enc_xform similar to what auth transforms use
and require callers to malloc/zfree the context. The setkey callback
now supplies the caller-allocated context pointer and the zerokey
callback is removed. Callers now always use zfree() to ensure
key contexts are zeroed.
- Consistently use C99 initializers for all statically-initialized
instances of 'struct enc_xform'.
- Change the encrypt and decrypt functions to accept separate in and
out buffer pointers. Almost all of the backend crypto functions
already supported separate input and output buffers and this makes
it simpler to support separate buffers in OCF.
- Remove xform_userland.h shim to permit transforms to be compiled in
userland. Transforms no longer call malloc/free directly.
Reviewed by: cem (earlier version)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24855
jhb [Wed, 20 May 2020 21:16:54 +0000 (21:16 +0000)]
Print CPU informtion later in boot.
Match other architectures and print CPU information during
cpu_startup(). In particular, this prints the information after the
message buffer is initialized which allows it to be retrieved after
boot via dmesg(8).
While here, add some extern declarations to <machine/md_var.h> in
place of duplicated declarations in various source files.
Reviewed by: brooks
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24936
jhb [Wed, 20 May 2020 21:15:43 +0000 (21:15 +0000)]
Simplify hot-patching cpu_switch() for lack of UserLocal register.
Rather than walking all of cpu_switch looking for the sequence of
instructions to patch, add a global label at the location that needs
the patch applied.
Reviewed by: brooks, Alfredo Mazzinghi <alfredo.mazzinghi_cl.cam.ac.uk>
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24931
kevans [Wed, 20 May 2020 21:02:08 +0000 (21:02 +0000)]
loader: fix userboot's ability to detect a guest's interpreter
Some time after r338418, I believe with -Os/-Oz -ffunction-sections
-fdata-sections, the bootprog_interp variable that held our "$Interpreter:"
marker started getting strip from all loaders, with exception to userboot
since it used bootprog_interp to determine what flavor of userboot it was.
At some point, it had been brought to my attention that this was no longer
working and I had worked up some potential solutions to use the variable
that involved printing it out. My vague recollection is that this was
rejected, and I forgot to explore the alternatives; I cannot find records of
this discussion anymore.
Fast forward to present day, Andrew reported that it was non-functional and
offered (effectively) this patch (sans comment) to stop the compiler from
optimizing it out by assigning it to a volatile variable. This removes
concerns about user-facing change while retaining the interpreter marker.
Furthermore, it could certainly be uglier.
Reported and tested by: Andrew Gierth <andrew_tao173.riddles.org.uk>
MFC after: 3 days
mm [Wed, 20 May 2020 20:58:48 +0000 (20:58 +0000)]
MFV r361280:
Update libarchive to 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
jhb [Wed, 20 May 2020 20:58:17 +0000 (20:58 +0000)]
Remove copyinfrom() and copyinstrfrom().
These functions were added in 2001 and are currently unused.
copyinfrom() looks to have never been used. copyinstrfrom() was used
for two weeks before the code was refactored to remove it's sole use.
Reviewed by: brooks, kib
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24928
emaste [Wed, 20 May 2020 20:24:37 +0000 (20:24 +0000)]
vt: fix duplicate keymap descriptions
PR: 246495
Submitted by: Jorge Maidana
MFC after: 1 week
jhb [Wed, 20 May 2020 19:51:39 +0000 (19:51 +0000)]
Merge freebsd32_exec_setregs() into exec_setregs() on MIPS.
The stack pointer was being decremented by 64k twice previously.
Reviewed by: brooks
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24930
emaste [Wed, 20 May 2020 19:45:22 +0000 (19:45 +0000)]
pkgbase: use -dev,-dbg instead of -development,-debug
-development is long and awkward, and is also inconsistent with prior art
from the Linux world, which uses -dev (Debian) or -devel (Red Hat). Follow
the Debian convention, and similarly for debug info packages.
Also remove redundant pkgbase development tag from includes. We already tag
include files with package=runtime,dev; there is no need to separately tag
them as dev.
Discussed with: bapt
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24139
sjg [Wed, 20 May 2020 19:35:38 +0000 (19:35 +0000)]
sjg [Wed, 20 May 2020 19:34:48 +0000 (19:34 +0000)]
Import bmake-
20200517
Changes since
20181221 are mostly portability related
hence the large gap in versions imported.
There are however some bug fixes, and a rework of filemon handling.
In NetBSD make/filemon/filemon_ktrace.c allows use of fktrace
and elimination of filemon(4) which has not had the TLC it needs.
FreeBSD filemon(4) is in much better shape, so bmake/filemon/filemon_dev.c
allows use of that, with a bit less overhead than the ktrace model.
Summary of changes from ChangeLog
o str.c: empty string does not match % pattern
plus unit-test changes
o var.c: import handling of old sysV style modifier using '%'
o str.c: refactor brk_string
o meta.c: meta_oodate, CHECK_VALID_META is too aggressive for CMD
a blank command is perfectly valid.
o meta.c: meta_oodate, check for corrupted meta file
earlier and more often.
* meta.c: meta_compat_parent check for USE_FILEMON
patch from Soeren Tempel
o meta.c: fix compat mode, need to call meta_job_output()
o job.c: extra fds for meta mode not needed if using filemon_dev
o meta.c: avoid passing NULL to filemon_*() when meta_needed()
returns FALSE.
o filemon/filemon_{dev,ktrace}.c: allow selection of
filemon implementation. filemon_dev.c uses the kernel module
while filemon_ktrace.c leverages the fktrace api available in
NetBSD. filemon_ktrace.c can hopefully form the basis for
adding support for other tracing mechanisms such as strace on
Linux.
o meta.c: when target is out-of-date per normal make rules
record value of .OODATE in meta file.
o parse.c: don't pass NULL to realpath(3)
some versions cannot handle it.
o parse.c: ParseDoDependency: free paths rather than assert
plus more unit-tests
markj [Wed, 20 May 2020 18:29:23 +0000 (18:29 +0000)]
Don't block on the range lock in zfs_getpages().
After r358443 the vnode object lock no longer synchronizes concurrent
zfs_getpages() and zfs_write() (which must update vnode pages to
maintain coherence). This created a potential deadlock between ZFS
range locks and VM page busy locks: a fault on a mapped file will cause
the fault page to be busied, after which zfs_getpages() locks a range
around the file offset in order to map adjacent, resident pages;
zfs_write() locks the range first, and then must busy vnode pages when
synchronizing.
Solve this by adding a non-blocking mode for ZFS range locks, and using
it in zfs_getpages(). If zfs_getpages() fails to acquire the range
lock, only the fault page will be populated.
Reported by: bdrewery
Reviewed by: avg
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24839
markj [Wed, 20 May 2020 17:48:18 +0000 (17:48 +0000)]
Avoid hard-coding pipe buffer sizes in the pipe and fifo kqueue tests.
Fix some style issues in the modified tests while here.
Reported by: Jenkins via lwhsu
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
cem [Wed, 20 May 2020 17:27:54 +0000 (17:27 +0000)]
vmm(4): Add 12 user ABI compat after r349948
Reported by: kp
Reviewed by: jhb, kp
Tested by: kp
Differential Revision: https://reviews.freebsd.org/D24929
emaste [Wed, 20 May 2020 17:27:22 +0000 (17:27 +0000)]
src.conf.5: regen after r361282, GNU_DIFF knob descriptions
emaste [Wed, 20 May 2020 17:20:48 +0000 (17:20 +0000)]
Update GNU_DIFF knob descriptions
After r317209 the WITH_/WITHOUT_GNU_DIFF knob controls only diff3;
diff is always BSD diff.
MFC after: 1 week
mm [Wed, 20 May 2020 16:13:02 +0000 (16:13 +0000)]
Update vendor/libarchive/dist to git
fc6563f5130d8a7ee1fc27c0e55baef35119f26c
Libarchive 3.4.3
Relevant vendor changes:
PR #1352: support negative zstd compression levels
PR #1359: improve zstd version checking
PR #1348: support RHT.security.selinux from GNU tar
PR #1357: support for archives compressed with pzstd
PR #1367: fix issues in acl tests
PR #1372: child handling cleanup
PR #1378: fix memory leak from passphrase callback
kp [Wed, 20 May 2020 16:07:37 +0000 (16:07 +0000)]
bnxt: isc_nrxd_max and isc_ntxd_max must be powers of two
Reviewed by: gallatin, rpokala
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24922
lwhsu [Wed, 20 May 2020 13:51:27 +0000 (13:51 +0000)]
Fix i386 build for r361275
kponsored by: The FreeBSD Foundation
kib [Wed, 20 May 2020 11:20:45 +0000 (11:20 +0000)]
mlx5_core: add more port module event types to decode.
Reviewed by: hselasky
Sponsored by: Mellanox Technologies
MFC after: 3 days
kib [Wed, 20 May 2020 11:10:10 +0000 (11:10 +0000)]
mlx5_core: add "PMD type not enabled" port module event type.
Reviewed by: hselasky
Sponsored by: Mellanox Technologies
MFC after: 3 days
whu [Wed, 20 May 2020 11:03:59 +0000 (11:03 +0000)]
HyperV socket implementation for FreeBSD
This change adds Hyper-V socket feature in FreeBSD. New socket address
family AF_HYPERV and its kernel support are added.
Submitted by: Wei Hu <weh@microsoft.com>
Reviewed by: Dexuan Cui <decui@microsoft.com>
Relnotes: yes
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D24061
royger [Wed, 20 May 2020 11:01:10 +0000 (11:01 +0000)]
dev/xenstore: fix return with locks held
Fix returning from xenstore device with locks held, which triggers the
following panic:
# cat /dev/xen/xenstore
^C
userret: returning with the following locks held:
exclusive sx evtchn_ringc_sx (evtchn_ringc_sx) r = 0 (0xfffff8000650be40) locked @ /usr/src/sys/dev/xen/evtchn/evtchn_dev.c:262
Note this is not a security issue since access to the device is
limited to root by default.
Sponsored by: Citrix Systems R&D
MFC after: 1 week
avg [Wed, 20 May 2020 08:15:09 +0000 (08:15 +0000)]
iwm: improve rfkill handling
Previously the driver handled the bit within itself, but did not expose
the state change to net80211 and interface layers.
This change uses net80211 KPI for rfkill signaling.
The code is modeled after similar code in iwn and wpi.
Reviewed by: adrian
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D24923
cy [Wed, 20 May 2020 04:16:13 +0000 (04:16 +0000)]
Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.
Submitted by: avg
Reported by: avg
MFC after: 1 week
jhibbits [Wed, 20 May 2020 02:33:41 +0000 (02:33 +0000)]
powerpc/radix mmu: No need for delayed TLB invalidation
x86 needs delayed TLB invalidation because invalidation requires an
expensive IPI. PowerPC has had a TLB invalidation instruction since the
POWER1 in 1990, so there's no need to delay anything.
trasz [Tue, 19 May 2020 21:55:29 +0000 (21:55 +0000)]
Make sys.net.if_bridge_test depend on python; sys.net.if_bridge_test.span
requires it.
MFC after: 2 weeks
Sponsored by: DARPA
trasz [Tue, 19 May 2020 21:48:45 +0000 (21:48 +0000)]
Make sys.netinet.output and sys.netinet6.output6 tests depend on python;
they need to be able to run net_receiver.py.
MFC after: 2 weeks
Sponsored by: DARPA
tsoome [Tue, 19 May 2020 19:53:12 +0000 (19:53 +0000)]
lz4 hash table does not start zeroed
illumos issue: https://www.illumos.org/issues/12757
Submitted by: andyf
freqlabs [Tue, 19 May 2020 18:41:46 +0000 (18:41 +0000)]
Mention new jail(8) command hooks in RELNOTES
Reported by: 0mp
Approved by: mmacy (mentor)
freqlabs [Tue, 19 May 2020 18:38:46 +0000 (18:38 +0000)]
Mention new dd flags in RELNOTES
Approved by: mmacy (mentor)
Sponsored by: iXsystems, Inc.
markj [Tue, 19 May 2020 18:35:08 +0000 (18:35 +0000)]
Define a module version for accept filter modules.
Otherwise accept filters compiled into the kernel do not preempt
preloaded accept filter modules. Then, the preloaded file registers its
accept filter module before the kernel, and the kernel's attempt fails
since duplicate accept filter list entries are not permitted. This
causes the preloaded file's module to be released, since
module_register_init() does a lookup by name, so the preloaded file is
unloaded, and the accept filter's callback points to random memory since
preload_delete_name() unmaps the file on x86 as of r336505.
Add a new ACCEPT_FILTER_DEFINE macro which wraps the accept filter and
module definitions, and ensures that a module version is defined.
PR: 245870
Reported by: Thomas von Dein <freebsd@daemon.de>
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
markj [Tue, 19 May 2020 18:34:50 +0000 (18:34 +0000)]
Use the symbolic name for "modmetadata_set".
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
np [Tue, 19 May 2020 16:28:20 +0000 (16:28 +0000)]
cxgbe/iw_cxgbe: Add an async callback to notify iw_cxgbe in case of a
fatal error.
Submitted by: Krishnamraju Eraparaju @ Chelsio
MFC after: 2 weeks
Sponsored by: Chelsio Communications
delphij [Tue, 19 May 2020 16:06:03 +0000 (16:06 +0000)]
Update leap-seconds to leap-seconds.
3676924800.
Obtained from: ftp://ftp.nist.gov/pub/time/leap-seconds.
3676924800
MFC after: 3 days
andrew [Tue, 19 May 2020 16:04:27 +0000 (16:04 +0000)]
Stop performing a full icache sync when the DIC and IDC flags are set
The DIC and IDC bits in the CTR_EL0 register signal to the kernel when it
can relax the instruction cache synchronisation operations. The IDC bit
means we can relax cleaning the data cache to the point of unification
while the DIC bit means we don't need to invalidate the instruction cache
for data coherence. In both cases an appropriate barrier is still needed.
For now only implement the case where both bits are set, as is the case
on the Neoverse-N1 as used in the Amazon AWS Graviton 2 CPU. Note that
this behaviour is a optional on the N1 so we may later need to implement
only one or the other bit being set.
There is a tunable to disable each flag on boot.
Testing on a 4 core Graviton 2 instance found a significant improvement
in sys and real time when running "make buildkernel -j4", with no
significant difference in user time.
Reviewed by: markj
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D24853
andrew [Tue, 19 May 2020 15:27:20 +0000 (15:27 +0000)]
Create MSI/MSI-X isrcs as needed in the GICv3 ITS driver
Previously we would create an isrc for each MSI/MSI-X interrupt. This
causes issues for other interrupt sources in the system, e.g. a GPIO
driver, as they may be unable to allocate interrupts. This works around
this by allocating the isrc only when needed.
Reported by: alisaidi@amazon.com
Reviewed by: mmel
Sponsored by: Innovaate UK
Differential Revision: https://reviews.freebsd.org/D24876
kevans [Tue, 19 May 2020 15:19:39 +0000 (15:19 +0000)]
bsdinstall: do a `certctl rehash` upon installation of configuration
If certctl is installed on the system we're configuring, do a certctl
rehash.
Note that certctl may not be present if the world we've installed was built
either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't
currently see if the host has a certctl as this may be an indication that
the system *shouldn't* have certs installed into /etc/ssl.
Reviewed by: allanjude, dteske
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24640
takawata [Tue, 19 May 2020 13:58:52 +0000 (13:58 +0000)]
Fix Typo in ng_hci_le_connection_complete_ep struct.
PR: 246538
Submitted by: Marc Veldman