Re: svn commit: r341682 - head/sys/sys

[Mateusz Guzik]

On 12/7/18, Ian Lepore  wrote:
> On Fri, 2018-12-07 at 12:05 +, Mateusz Guzik wrote:
>> Author: mjg
>> Date: Fri Dec  7 12:05:11 2018
>> New Revision: 341682
>> URL: https://svnweb.freebsd.org/changeset/base/341682
>>
>> Log:
>>   unr64: use locked variant if not __LP64__
>>
>>   The current ifdefs are not sufficient to distinguish 32- and 64-
>> bit
>>   variants, which results e.g. in powerpc64 not using atomics.
>>
>>   While some 32-bit archs provide 64-bit atomics, there is no huge
>> advantage
>>   of using them on these platforms.
>>
[..]
> This seems like a wholly unsatisfying solution compared to how trivial
> it would be to do something like have each arch's atomic.h set a symbol
> to indicate whether 64-bit atomics are available. Dismissing 32-bit
> arches because you don't perceive performance to be important there
> doesn't seem like a valid argument.
>

But performance *is* improved on 32-bit architectures as well.

Bitmap handling would try to very hard to reduce memory usage, which
had a lot of single-threaded overhead (e.g. it allocates memory just in
case and then frees it). Since 64-bit inode numbers can simply grow
there is no need for any of it and memory use is 64 bit to store the
variable. And that's what unr64 is doing.

The main difference here is in scalability - taking a lock, bumping a
variable and releasing the lock scales much worse than an atomic
(which still scales poorly if heavily used). 32-bit arches don't really
have enough concurrency to see a difference with this code.

single-threaded this is indeed a little bit slower, but this is not
running in any hot path.

Fully satisfying solution would be that all architectures get 64-bit
ops, even if in the worst case they end up taking a lock. Then
subsystems would not have to ifdef on anything. However, there
was some opposition to this proposal and I don't think this is
important enough to push.

-- 
Mateusz Guzik 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341718 - stable/11/sys/vm

[Konstantin Belousov]

Author: kib
Date: Sat Dec  8 00:48:10 2018
New Revision: 341718
URL: https://svnweb.freebsd.org/changeset/base/341718

Log:
  MFC r341375:
  Allow to create swap zone larger than v_page_count / 2.

Modified:
  stable/11/sys/vm/swap_pager.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/vm/swap_pager.c
==
--- stable/11/sys/vm/swap_pager.c   Sat Dec  8 00:47:22 2018
(r341717)
+++ stable/11/sys/vm/swap_pager.c   Sat Dec  8 00:48:10 2018
(r341718)
@@ -514,12 +514,12 @@ swap_pager_swap_init(void)
mtx_unlock(_mtx);
 
/*
-* Initialize our zone, guessing on the number we need based
-* on the number of pages in the system.
+* Initialize our zone, taking the user's requested size or
+* estimating the number we need based on the number of pages
+* in the system.
 */
-   n = vm_cnt.v_page_count / 2;
-   if (maxswzone && n > maxswzone / sizeof(struct swblk))
-   n = maxswzone / sizeof(struct swblk);
+   n = maxswzone != 0 ? maxswzone / sizeof(struct swblk) :
+   vm_cnt.v_page_count / 2;
swpctrie_zone = uma_zcreate("swpctrie", pctrie_node_size(), NULL, NULL,
pctrie_zone_init, NULL, UMA_ALIGN_PTR,
UMA_ZONE_NOFREE | UMA_ZONE_VM);
@@ -549,7 +549,7 @@ swap_pager_swap_init(void)
n = uma_zone_get_max(swblk_zone);
 
if (n < n2)
-   printf("Swap blk zone entries reduced from %lu to %lu.\n",
+   printf("Swap blk zone entries changed from %lu to %lu.\n",
n2, n);
swap_maxpages = n * SWAP_META_PAGES;
swzone = n * sizeof(struct swblk);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341717 - in stable/11/sys: arm/arm i386/i386

[Konstantin Belousov]

Author: kib
Date: Sat Dec  8 00:47:22 2018
New Revision: 341717
URL: https://svnweb.freebsd.org/changeset/base/341717

Log:
  MFC r341374:
  Correct the tunable name in the message.
  
  PR:   231577

Modified:
  stable/11/sys/arm/arm/pmap-v6.c
  stable/11/sys/i386/i386/pmap.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/arm/arm/pmap-v6.c
==
--- stable/11/sys/arm/arm/pmap-v6.c Sat Dec  8 00:46:05 2018
(r341716)
+++ stable/11/sys/arm/arm/pmap-v6.c Sat Dec  8 00:47:22 2018
(r341717)
@@ -3028,7 +3028,7 @@ get_pv_entry(pmap_t pmap, boolean_t try)
if (ratecheck(, ))
printf("Approaching the limit on PV entries, consider "
"increasing either the vm.pmap.shpgperproc or the "
-   "vm.pmap.pv_entry_max tunable.\n");
+   "vm.pmap.pv_entries tunable.\n");
 retry:
pc = TAILQ_FIRST(>pm_pvchunk);
if (pc != NULL) {

Modified: stable/11/sys/i386/i386/pmap.c
==
--- stable/11/sys/i386/i386/pmap.c  Sat Dec  8 00:46:05 2018
(r341716)
+++ stable/11/sys/i386/i386/pmap.c  Sat Dec  8 00:47:22 2018
(r341717)
@@ -2414,7 +2414,7 @@ get_pv_entry(pmap_t pmap, boolean_t try)
if (ratecheck(, ))
printf("Approaching the limit on PV entries, consider "
"increasing either the vm.pmap.shpgperproc or the "
-   "vm.pmap.pv_entry_max tunable.\n");
+   "vm.pmap.pv_entries tunable.\n");
 retry:
pc = TAILQ_FIRST(>pm_pvchunk);
if (pc != NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341716 - stable/12/sys/vm

[Konstantin Belousov]

Author: kib
Date: Sat Dec  8 00:46:05 2018
New Revision: 341716
URL: https://svnweb.freebsd.org/changeset/base/341716

Log:
  MFC r341375:
  Allow to create swap zone larger than v_page_count / 2.

Modified:
  stable/12/sys/vm/swap_pager.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/vm/swap_pager.c
==
--- stable/12/sys/vm/swap_pager.c   Sat Dec  8 00:44:44 2018
(r341715)
+++ stable/12/sys/vm/swap_pager.c   Sat Dec  8 00:46:05 2018
(r341716)
@@ -547,12 +547,12 @@ swap_pager_swap_init(void)
mtx_unlock(_mtx);
 
/*
-* Initialize our zone, guessing on the number we need based
-* on the number of pages in the system.
+* Initialize our zone, taking the user's requested size or
+* estimating the number we need based on the number of pages
+* in the system.
 */
-   n = vm_cnt.v_page_count / 2;
-   if (maxswzone && n > maxswzone / sizeof(struct swblk))
-   n = maxswzone / sizeof(struct swblk);
+   n = maxswzone != 0 ? maxswzone / sizeof(struct swblk) :
+   vm_cnt.v_page_count / 2;
swpctrie_zone = uma_zcreate("swpctrie", pctrie_node_size(), NULL, NULL,
pctrie_zone_init, NULL, UMA_ALIGN_PTR, UMA_ZONE_VM);
if (swpctrie_zone == NULL)
@@ -580,7 +580,7 @@ swap_pager_swap_init(void)
n = uma_zone_get_max(swblk_zone);
 
if (n < n2)
-   printf("Swap blk zone entries reduced from %lu to %lu.\n",
+   printf("Swap blk zone entries changed from %lu to %lu.\n",
n2, n);
swap_maxpages = n * SWAP_META_PAGES;
swzone = n * sizeof(struct swblk);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341715 - in stable/12/sys: arm/arm i386/i386

[Konstantin Belousov]

Author: kib
Date: Sat Dec  8 00:44:44 2018
New Revision: 341715
URL: https://svnweb.freebsd.org/changeset/base/341715

Log:
  MFC r341374:
  Correct the tunable name in the message.
  
  PR:   231577

Modified:
  stable/12/sys/arm/arm/pmap-v6.c
  stable/12/sys/i386/i386/pmap.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/arm/arm/pmap-v6.c
==
--- stable/12/sys/arm/arm/pmap-v6.c Sat Dec  8 00:33:20 2018
(r341714)
+++ stable/12/sys/arm/arm/pmap-v6.c Sat Dec  8 00:44:44 2018
(r341715)
@@ -3037,7 +3037,7 @@ get_pv_entry(pmap_t pmap, boolean_t try)
if (ratecheck(, ))
printf("Approaching the limit on PV entries, consider "
"increasing either the vm.pmap.shpgperproc or the "
-   "vm.pmap.pv_entry_max tunable.\n");
+   "vm.pmap.pv_entries tunable.\n");
 retry:
pc = TAILQ_FIRST(>pm_pvchunk);
if (pc != NULL) {

Modified: stable/12/sys/i386/i386/pmap.c
==
--- stable/12/sys/i386/i386/pmap.c  Sat Dec  8 00:33:20 2018
(r341714)
+++ stable/12/sys/i386/i386/pmap.c  Sat Dec  8 00:44:44 2018
(r341715)
@@ -2568,7 +2568,7 @@ get_pv_entry(pmap_t pmap, boolean_t try)
if (ratecheck(, ))
printf("Approaching the limit on PV entries, consider "
"increasing either the vm.pmap.shpgperproc or the "
-   "vm.pmap.pv_entry_max tunable.\n");
+   "vm.pmap.pv_entries tunable.\n");
 retry:
pc = TAILQ_FIRST(>pm_pvchunk);
if (pc != NULL) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341714 - stable/11/sbin/ping

[Eugene Grosbein]

Author: eugen
Date: Sat Dec  8 00:33:20 2018
New Revision: 341714
URL: https://svnweb.freebsd.org/changeset/base/341714

Log:
  MFC r340245: ping(8): improve diagnostics in case of wrong arguments.
  
For example, in case of super-user:
$ sudo ping -s -64 127.0.0.1
PING 127.0.0.1 (127.0.0.1): -64 data bytes
ping: sendto: Invalid argument
  
For unprivileged user:
$ ping -s -64 127.0.0.1
ping: packet size too large: 18446744073709551552 > 56: Operation not 
permitted
  
Fix this by switching from strtoul() to strtol() for integer arguments
and adding explicit checks for negative values.

Modified:
  stable/11/sbin/ping/ping.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/ping/ping.c
==
--- stable/11/sbin/ping/ping.c  Sat Dec  8 00:28:27 2018(r341713)
+++ stable/11/sbin/ping/ping.c  Sat Dec  8 00:33:20 2018(r341714)
@@ -246,7 +246,8 @@ main(int argc, char *const *argv)
 #endif
struct sockaddr_in *to;
double t;
-   u_long alarmtimeout, ultmp;
+   u_long alarmtimeout;
+   long ltmp;
int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
int ssend_errno, srecv_errno, tos, ttl;
char ctrl[CMSG_SPACE(sizeof(struct timeval))];
@@ -315,12 +316,12 @@ main(int argc, char *const *argv)
options |= F_AUDIBLE;
break;
case 'c':
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp > LONG_MAX || ltmp <=0)
errx(EX_USAGE,
"invalid count of packets to transmit: 
`%s'",
optarg);
-   npackets = ultmp;
+   npackets = ltmp;
break;
case 'D':
options |= F_HDRINCL;
@@ -338,46 +339,46 @@ main(int argc, char *const *argv)
setbuf(stdout, (char *)NULL);
break;
case 'G': /* Maximum packet size for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp <= 0)
errx(EX_USAGE, "invalid packet size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;
err(EX_NOPERM,
-   "packet size too large: %lu > %u",
-   ultmp, DEFDATALEN);
+   "packet size too large: %ld > %u",
+   ltmp, DEFDATALEN);
}
options |= F_SWEEP;
-   sweepmax = ultmp;
+   sweepmax = ltmp;
break;
case 'g': /* Minimum packet size for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp <= 0)
errx(EX_USAGE, "invalid packet size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;
err(EX_NOPERM,
-   "packet size too large: %lu > %u",
-   ultmp, DEFDATALEN);
+   "packet size too large: %ld > %u",
+   ltmp, DEFDATALEN);
}
options |= F_SWEEP;
-   sweepmin = ultmp;
+   sweepmin = ltmp;
break;
case 'h': /* Packet size increment for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg || ultmp < 1)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp < 1)
errx(EX_USAGE, "invalid increment size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;

svn commit: r341713 - stable/12/sbin/ping

[Eugene Grosbein]

Author: eugen
Date: Sat Dec  8 00:28:27 2018
New Revision: 341713
URL: https://svnweb.freebsd.org/changeset/base/341713

Log:
  MFC r340245: ping(8): improve diagnostics in case of wrong arguments.
  
For example, in case of super-user:
$ sudo ping -s -64 127.0.0.1
PING 127.0.0.1 (127.0.0.1): -64 data bytes
ping: sendto: Invalid argument
  
For unprivileged user:
$ ping -s -64 127.0.0.1
ping: packet size too large: 18446744073709551552 > 56: Operation not 
permitted
  
Fix this by switching from strtoul() to strtol() for integer arguments
and adding explicit checks for negative values.

Modified:
  stable/12/sbin/ping/ping.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sbin/ping/ping.c
==
--- stable/12/sbin/ping/ping.c  Fri Dec  7 23:07:51 2018(r341712)
+++ stable/12/sbin/ping/ping.c  Sat Dec  8 00:28:27 2018(r341713)
@@ -242,7 +242,8 @@ main(int argc, char *const *argv)
 #endif
struct sockaddr_in *to;
double t;
-   u_long alarmtimeout, ultmp;
+   u_long alarmtimeout;
+   long ltmp;
int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
int ssend_errno, srecv_errno, tos, ttl;
char ctrl[CMSG_SPACE(sizeof(struct timeval))];
@@ -311,12 +312,12 @@ main(int argc, char *const *argv)
options |= F_AUDIBLE;
break;
case 'c':
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp > LONG_MAX || ltmp <=0)
errx(EX_USAGE,
"invalid count of packets to transmit: 
`%s'",
optarg);
-   npackets = ultmp;
+   npackets = ltmp;
break;
case 'D':
options |= F_HDRINCL;
@@ -334,46 +335,46 @@ main(int argc, char *const *argv)
setbuf(stdout, (char *)NULL);
break;
case 'G': /* Maximum packet size for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp <= 0)
errx(EX_USAGE, "invalid packet size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;
err(EX_NOPERM,
-   "packet size too large: %lu > %u",
-   ultmp, DEFDATALEN);
+   "packet size too large: %ld > %u",
+   ltmp, DEFDATALEN);
}
options |= F_SWEEP;
-   sweepmax = ultmp;
+   sweepmax = ltmp;
break;
case 'g': /* Minimum packet size for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp <= 0)
errx(EX_USAGE, "invalid packet size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;
err(EX_NOPERM,
-   "packet size too large: %lu > %u",
-   ultmp, DEFDATALEN);
+   "packet size too large: %ld > %u",
+   ltmp, DEFDATALEN);
}
options |= F_SWEEP;
-   sweepmin = ultmp;
+   sweepmin = ltmp;
break;
case 'h': /* Packet size increment for ping sweep */
-   ultmp = strtoul(optarg, , 0);
-   if (*ep || ep == optarg || ultmp < 1)
+   ltmp = strtol(optarg, , 0);
+   if (*ep || ep == optarg || ltmp < 1)
errx(EX_USAGE, "invalid increment size: `%s'",
optarg);
-   if (uid != 0 && ultmp > DEFDATALEN) {
+   if (uid != 0 && ltmp > DEFDATALEN) {
errno = EPERM;

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[John Baldwin]

On 12/7/18 3:13 PM, Konstantin Belousov wrote:
> On Fri, Dec 07, 2018 at 10:04:51AM -0800, John Baldwin wrote:
>> On 12/7/18 9:47 AM, Konstantin Belousov wrote:
>>> On Fri, Dec 07, 2018 at 09:21:34AM -0800, John Baldwin wrote:
 On 12/7/18 7:17 AM, Konstantin Belousov wrote:
> Author: kib
> Date: Fri Dec  7 15:17:29 2018
> New Revision: 341689
> URL: https://svnweb.freebsd.org/changeset/base/341689
>
> Log:
>   Add new file handle system calls.
>   
>   Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
>   syscalls are provided for a NFS userspace server (nfs-ganesha).
>   
>   Submitted by:   Jack Halford 
>   Sponsored by:   Gandi.net
>   Tested by:  pho
>   Feedback from:  brooks, markj
>   MFC after:  1 week
>   Differential revision:  https://reviews.freebsd.org/D18359

 Can this be used to implement 'flink' (create a link to an open file
 descriptor)?  Hmm, it appears so.  It is limited to PRIV_VFS_GETFH at 
 least.
 The getfh(2) manpage notes this explicitly, but the new manpages don't
 appear to.  Even with the PRIV check, I'm still somewhat nervous about what
 flink means for processes running as root that are using Capsicum.  Maybe
 it's ok, but I didn't see any discussion of this in the review.
>>>
>>> If the process can execute getfh(2) and fhlink(2), then its privileges
>>> are not much different from the privileges of the in-kernel NFS server.
>>> During the review, I verified that PRIV_VFS_GETFH is checked, and considered
>>> suggesting fine-grainer individual privs for other operations, but decided
>>> that this is not too useful.
>>>
>>> That said, how can you translate from file descriptor to file
>>> handle ? E.g. to know (and not guess) the file handle on UFS,
>>> the process must posses PRIV_VFS_GENERATION. If you have
>>> PRIV_VFS_GETFH/PRIV_VFS_GENERATION privs, then you can implement
>>> flink(2) for UFS, but might be that it is even not undesirable.
>>
>> My understanding of the normal reason against flink is that you can make
>> unlinked files readable by other processes (though something like
>> /proc//fd/ already permits this), and in particular if a more
>> privileged process passes an fd to a less privileged process.  The
>> requirement for root mostly mitigates this when root vs not-root is your
>> only privilege.  However, a capsicum vs non-capsicum process is a more
>> recent privilege that is orthogonal to root vs non-root.  It might be that
>> allowing a capsicumized root to create links to files that were intentionally
>> unlinked by a non-capsicumized root would be the same problem.
>>
>> In practice on the majority of FreeBSD systems, root has all of the PRIV_foo
>> things.  You have to write custom MAC modules to actually limit root.  Thus
>> it would seem that we should now be happy to add flink() so long as it
>> requires root.
> 
> Do you think that flink(2) itself is useful ?

I'm not sure.  The motivating use case in some of the stuff I found online
today was to permit one to construct a file with an initial set of contents
such that other processes couldn't open the file until it was fully ready,
so you created an unlinked file (Linux has an O_TMPFILE for this I think)
and only later hooked it up in the filesystem.  (You can use linkat with
either /dev/fd/ or the /proc equivalent I think as the source to do this
on Linux apparently.)  I'm not sure it is otherwise useful.  This particular
use case also seems like a kludge to workaround the advisory file locking in
POSIX, and you could also accomplish this by just doing a rename() from a
temporary name to the final name instead.

A use case I had in the past was a helper application that wanted to avoid
races with trying to execute binaries over NFS, so it would copy the binary
to local disk and fork a child to call exec.  Once the child exec'd it would
unlink the binary so they didn't leak on the local filesystem.  However, it
would also watch the child process and if the child process crashed instead
of exiting cleanly it would make a new copy of the binary (by reading from
the original and writing it out to a new file) so that there was a matching
binary for the core that could be used with a debugger.  In theory flink()
would have been more efficient than making a copy of the file.  OTOH, that
was also running as an unprivileged user and flink() for non-root user, so if
the previous security concerns are still valid I think you probably don't
want non-root using flink().

-- 
John Baldwin


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[Konstantin Belousov]

On Fri, Dec 07, 2018 at 10:04:51AM -0800, John Baldwin wrote:
> On 12/7/18 9:47 AM, Konstantin Belousov wrote:
> > On Fri, Dec 07, 2018 at 09:21:34AM -0800, John Baldwin wrote:
> >> On 12/7/18 7:17 AM, Konstantin Belousov wrote:
> >>> Author: kib
> >>> Date: Fri Dec  7 15:17:29 2018
> >>> New Revision: 341689
> >>> URL: https://svnweb.freebsd.org/changeset/base/341689
> >>>
> >>> Log:
> >>>   Add new file handle system calls.
> >>>   
> >>>   Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
> >>>   syscalls are provided for a NFS userspace server (nfs-ganesha).
> >>>   
> >>>   Submitted by:   Jack Halford 
> >>>   Sponsored by:   Gandi.net
> >>>   Tested by:  pho
> >>>   Feedback from:  brooks, markj
> >>>   MFC after:  1 week
> >>>   Differential revision:  https://reviews.freebsd.org/D18359
> >>
> >> Can this be used to implement 'flink' (create a link to an open file
> >> descriptor)?  Hmm, it appears so.  It is limited to PRIV_VFS_GETFH at 
> >> least.
> >> The getfh(2) manpage notes this explicitly, but the new manpages don't
> >> appear to.  Even with the PRIV check, I'm still somewhat nervous about what
> >> flink means for processes running as root that are using Capsicum.  Maybe
> >> it's ok, but I didn't see any discussion of this in the review.
> > 
> > If the process can execute getfh(2) and fhlink(2), then its privileges
> > are not much different from the privileges of the in-kernel NFS server.
> > During the review, I verified that PRIV_VFS_GETFH is checked, and considered
> > suggesting fine-grainer individual privs for other operations, but decided
> > that this is not too useful.
> > 
> > That said, how can you translate from file descriptor to file
> > handle ? E.g. to know (and not guess) the file handle on UFS,
> > the process must posses PRIV_VFS_GENERATION. If you have
> > PRIV_VFS_GETFH/PRIV_VFS_GENERATION privs, then you can implement
> > flink(2) for UFS, but might be that it is even not undesirable.
> 
> My understanding of the normal reason against flink is that you can make
> unlinked files readable by other processes (though something like
> /proc//fd/ already permits this), and in particular if a more
> privileged process passes an fd to a less privileged process.  The
> requirement for root mostly mitigates this when root vs not-root is your
> only privilege.  However, a capsicum vs non-capsicum process is a more
> recent privilege that is orthogonal to root vs non-root.  It might be that
> allowing a capsicumized root to create links to files that were intentionally
> unlinked by a non-capsicumized root would be the same problem.
> 
> In practice on the majority of FreeBSD systems, root has all of the PRIV_foo
> things.  You have to write custom MAC modules to actually limit root.  Thus
> it would seem that we should now be happy to add flink() so long as it
> requires root.

Do you think that flink(2) itself is useful ?

As I understand the typical use case, it is the last chance way to
recover of the unlinked but still opened file, by making a hard link
from /dev/fd/N.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[Konstantin Belousov]

On Fri, Dec 07, 2018 at 11:34:50AM -0800, John Baldwin wrote:
> On 12/7/18 10:59 AM, Conrad Meyer wrote:
> > On Fri, Dec 7, 2018 at 10:05 AM John Baldwin  wrote:
> >> The
> >> requirement for root mostly mitigates this when root vs not-root is your
> >> only privilege.  However, a capsicum vs non-capsicum process is a more
> >> recent privilege that is orthogonal to root vs non-root.  It might be that
> >> allowing a capsicumized root to create links to files that were 
> >> intentionally
> >> unlinked by a non-capsicumized root would be the same problem.
> > 
> > None of these syscalls were added to sys/kern/capabilities.conf, so I
> > think a capsicum-contained root cannot use them anyway.  Maybe I
> > misunderstand how capabilities.conf works, though.
> 
> Ok.

FWIW fhopenat(2) was added to capabilities.conf in the original submission.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341712 - head/sys/kern

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 23:07:51 2018
New Revision: 341712
URL: https://svnweb.freebsd.org/changeset/base/341712

Log:
  Simplify kern_readlink_vp().
  
  When we detected that the vnode is not symlink, return immediately.
  This moves the readlink code out of else branch and unindents it.
  
  Sponsored by: The FreeBSD Foundation
  MFC after:1 week

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==
--- head/sys/kern/vfs_syscalls.cFri Dec  7 23:05:12 2018
(r341711)
+++ head/sys/kern/vfs_syscalls.cFri Dec  7 23:07:51 2018
(r341712)
@@ -2539,20 +2539,19 @@ kern_readlink_vp(struct vnode *vp, char *buf, enum uio
return (error);
 #endif
if (vp->v_type != VLNK && (vp->v_vflag & VV_READLINK) == 0)
-   error = EINVAL;
-   else {
-   aiov.iov_base = buf;
-   aiov.iov_len = count;
-   auio.uio_iov = 
-   auio.uio_iovcnt = 1;
-   auio.uio_offset = 0;
-   auio.uio_rw = UIO_READ;
-   auio.uio_segflg = bufseg;
-   auio.uio_td = td;
-   auio.uio_resid = count;
-   error = VOP_READLINK(vp, , td->td_ucred);
-   td->td_retval[0] = count - auio.uio_resid;
-   }
+   return (EINVAL);
+
+   aiov.iov_base = buf;
+   aiov.iov_len = count;
+   auio.uio_iov = 
+   auio.uio_iovcnt = 1;
+   auio.uio_offset = 0;
+   auio.uio_rw = UIO_READ;
+   auio.uio_segflg = bufseg;
+   auio.uio_td = td;
+   auio.uio_resid = count;
+   error = VOP_READLINK(vp, , td->td_ucred);
+   td->td_retval[0] = count - auio.uio_resid;
return (error);
 }
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341711 - head/sys/kern

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 23:05:12 2018
New Revision: 341711
URL: https://svnweb.freebsd.org/changeset/base/341711

Log:
  Fix expression evaluation.
  
  Braces were put in the wrong place, causing failing EAGAIN check to
  return zero result.  Remove the problematic assignment from the
  conditional expression at all.
  
  While there, remove used once variable vp, and wrap too long line.
  
  Sponsored by: The FreeBSD Foundation
  MFC after:1 week

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==
--- head/sys/kern/vfs_syscalls.cFri Dec  7 21:58:08 2018
(r341710)
+++ head/sys/kern/vfs_syscalls.cFri Dec  7 23:05:12 2018
(r341711)
@@ -1502,19 +1502,18 @@ int
 kern_linkat(struct thread *td, int fd1, int fd2, const char *path1,
 const char *path2, enum uio_seg segflag, int follow)
 {
-   struct vnode *vp;
struct nameidata nd;
int error;
 
do {
bwillwrite();
-   NDINIT_ATRIGHTS(, LOOKUP, follow | AUDITVNODE1, segflag, 
path1, fd1,
-   _linkat_source_rights, td);
+   NDINIT_ATRIGHTS(, LOOKUP, follow | AUDITVNODE1, segflag,
+   path1, fd1, _linkat_source_rights, td);
if ((error = namei()) != 0)
return (error);
NDFREE(, NDF_ONLY_PNBUF);
-   vp = nd.ni_vp;
-   } while ((error = kern_linkat_vp(td, vp, fd2, path2, segflag) == 
EAGAIN));
+   error = kern_linkat_vp(td, nd.ni_vp, fd2, path2, segflag);
+   } while (error ==  EAGAIN);
return (error);
 }
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341710 - head/sys/dev/nvme

[Warner Losh]

Author: imp
Date: Fri Dec  7 21:58:08 2018
New Revision: 341710
URL: https://svnweb.freebsd.org/changeset/base/341710

Log:
  Even though they are reserved, cdw2 and cdw3 can be set via nvme-cli
  (and soon nvmecontrol). Go ahead and copy them into rsvd2 and rsvd3.
  
  Sponsored by: Netflix

Modified:
  head/sys/dev/nvme/nvme_ctrlr.c

Modified: head/sys/dev/nvme/nvme_ctrlr.c
==
--- head/sys/dev/nvme/nvme_ctrlr.c  Fri Dec  7 21:57:39 2018
(r341709)
+++ head/sys/dev/nvme/nvme_ctrlr.c  Fri Dec  7 21:58:08 2018
(r341710)
@@ -1075,6 +1075,8 @@ nvme_ctrlr_passthrough_cmd(struct nvme_controller *ctr
/* Assume userspace already converted to little-endian */
req->cmd.opc = pt->cmd.opc;
req->cmd.fuse = pt->cmd.fuse;
+   req->cmd.rsvd2 = pt->cmd.rsvd2;
+   req->cmd.rsvd3 = pt->cmd.rsvd3;
req->cmd.cdw10 = pt->cmd.cdw10;
req->cmd.cdw11 = pt->cmd.cdw11;
req->cmd.cdw12 = pt->cmd.cdw12;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341709 - head/share/man/man4

[Warner Losh]

Author: imp
Date: Fri Dec  7 21:57:39 2018
New Revision: 341709
URL: https://svnweb.freebsd.org/changeset/base/341709

Log:
  Add nda(4) cross reference to nvme(4)

Modified:
  head/share/man/man4/nvme.4

Modified: head/share/man/man4/nvme.4
==
--- head/share/man/man4/nvme.4  Fri Dec  7 21:42:41 2018(r341708)
+++ head/share/man/man4/nvme.4  Fri Dec  7 21:57:39 2018(r341709)
@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 7, 2016
+.Dd December 7, 2018
 .Dt NVME 4
 .Os
 .Sh NAME
@@ -70,6 +70,8 @@ Per-CPU IO queue pairs
 .It
 API for registering NVMe namespace consumers such as
 .Xr nvd 4
+or
+.Xr nda 4
 .It
 API for submitting NVM commands to namespaces
 .It
@@ -163,6 +165,7 @@ with a completion entry that was posted by the control
 and completion queues to the console.
 .El
 .Sh SEE ALSO
+.Xr nda 4 ,
 .Xr nvd 4 ,
 .Xr pci 4 ,
 .Xr nvmecontrol 8 ,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341708 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

[Cy Schubert]

Author: cy
Date: Fri Dec  7 21:42:41 2018
New Revision: 341708
URL: https://svnweb.freebsd.org/changeset/base/341708

Log:
  MFC r341280:
  
  Clean up a rather useless conditional structure member definition.

Modified:
  stable/12/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/12/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
  stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/10/   (props changed)
  stable/11/   (props changed)

Modified: stable/12/sys/contrib/ipfilter/netinet/ip_fil.h
==
--- stable/12/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:40:35 
2018(r341707)
+++ stable/12/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:42:41 
2018(r341708)
@@ -1026,11 +1026,7 @@ typedef  struct  iplog   {
 #defineIPLOG_SIZE  sizeof(iplog_t)
 
 typedefstruct  ipflog  {
-#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
-(defined(OpenBSD) && (OpenBSD >= 199603))
-#else
-   u_int   fl_unit;
-#endif
+   u_int   fl_unit;
u_32_t  fl_rule;
u_32_t  fl_flags;
u_32_t  fl_lflags;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341708 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

[Cy Schubert]

Author: cy
Date: Fri Dec  7 21:42:41 2018
New Revision: 341708
URL: https://svnweb.freebsd.org/changeset/base/341708

Log:
  MFC r341280:
  
  Clean up a rather useless conditional structure member definition.

Modified:
  stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/11/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
  stable/12/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/10/   (props changed)
  stable/12/   (props changed)

Modified: stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
==
--- stable/11/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:40:35 
2018(r341707)
+++ stable/11/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:42:41 
2018(r341708)
@@ -1026,11 +1026,7 @@ typedef  struct  iplog   {
 #defineIPLOG_SIZE  sizeof(iplog_t)
 
 typedefstruct  ipflog  {
-#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
-(defined(OpenBSD) && (OpenBSD >= 199603))
-#else
-   u_int   fl_unit;
-#endif
+   u_int   fl_unit;
u_32_t  fl_rule;
u_32_t  fl_flags;
u_32_t  fl_lflags;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341708 - in stable: 10/sys/contrib/ipfilter/netinet 11/sys/contrib/ipfilter/netinet 12/sys/contrib/ipfilter/netinet

[Cy Schubert]

Author: cy
Date: Fri Dec  7 21:42:41 2018
New Revision: 341708
URL: https://svnweb.freebsd.org/changeset/base/341708

Log:
  MFC r341280:
  
  Clean up a rather useless conditional structure member definition.

Modified:
  stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/10/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
  stable/12/sys/contrib/ipfilter/netinet/ip_fil.h
Directory Properties:
  stable/11/   (props changed)
  stable/12/   (props changed)

Modified: stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
==
--- stable/10/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:40:35 
2018(r341707)
+++ stable/10/sys/contrib/ipfilter/netinet/ip_fil.h Fri Dec  7 21:42:41 
2018(r341708)
@@ -1026,11 +1026,7 @@ typedef  struct  iplog   {
 #defineIPLOG_SIZE  sizeof(iplog_t)
 
 typedefstruct  ipflog  {
-#if (defined(NetBSD) && (NetBSD <= 1991011) && (NetBSD >= 199603)) || \
-(defined(OpenBSD) && (OpenBSD >= 199603))
-#else
-   u_int   fl_unit;
-#endif
+   u_int   fl_unit;
u_32_t  fl_rule;
u_32_t  fl_flags;
u_32_t  fl_lflags;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341707 - release/12.0.0

[Glen Barber]

Author: gjb
Date: Fri Dec  7 21:40:35 2018
New Revision: 341707
URL: https://svnweb.freebsd.org/changeset/base/341707

Log:
  Tag releng/12.0@r341666 as release/12.0.0 (12.0-RELEASE).
  
  Approved by:  re (implicit)
  Sponsored by: The FreeBSD Foundation

Added:
  release/12.0.0/
 - copied from r341666, releng/12.0/
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341706 - head/usr.sbin/bhyve

[Alexander Motin]

Author: mav
Date: Fri Dec  7 20:55:29 2018
New Revision: 341706
URL: https://svnweb.freebsd.org/changeset/base/341706

Log:
  Make virtio-scsi pass SCSI Task Attributes to CTL.
  
  MFC after:1 week
  Sponsored by: iXsystems, Inc.

Modified:
  head/usr.sbin/bhyve/pci_virtio_scsi.c

Modified: head/usr.sbin/bhyve/pci_virtio_scsi.c
==
--- head/usr.sbin/bhyve/pci_virtio_scsi.c   Fri Dec  7 20:30:00 2018
(r341705)
+++ head/usr.sbin/bhyve/pci_virtio_scsi.c   Fri Dec  7 20:55:29 2018
(r341706)
@@ -499,7 +499,21 @@ pci_vtscsi_request_handle(struct pci_vtscsi_queue *q, 
 
io->scsiio.sense_len = sc->vss_config.sense_size;
io->scsiio.tag_num = (uint32_t)cmd_rd->id;
-   io->scsiio.tag_type = CTL_TAG_SIMPLE;
+   switch (cmd_rd->task_attr) {
+   case VIRTIO_SCSI_S_ORDERED:
+   io->scsiio.tag_type = CTL_TAG_ORDERED;
+   break;
+   case VIRTIO_SCSI_S_HEAD:
+   io->scsiio.tag_type = CTL_TAG_HEAD_OF_QUEUE;
+   break;
+   case VIRTIO_SCSI_S_ACA:
+   io->scsiio.tag_type = CTL_TAG_ACA;
+   break;
+   case VIRTIO_SCSI_S_SIMPLE:
+   default:
+   io->scsiio.tag_type = CTL_TAG_SIMPLE;
+   break;
+   }
io->scsiio.ext_sg_entries = ext_sg_entries;
io->scsiio.ext_data_ptr = ext_data_ptr;
io->scsiio.ext_data_len = ext_data_len;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341705 - head/usr.sbin/bhyve

[Alexander Motin]

Author: mav
Date: Fri Dec  7 20:30:00 2018
New Revision: 341705
URL: https://svnweb.freebsd.org/changeset/base/341705

Log:
  Fix several iov handling bugs in bhyve virtio-scsi backend.
  
   - buf_to_iov() does not use buflen parameter, allowing out of bound read.
   - buf_to_iov() leaks memory if seek argument > 0.
   - iov_to_buf() doesn't need to reallocate buffer for every segment.
   - there is no point to use size_t for iov counts, int is more then enough.
   - some iov function arguments can be constified.
   - pci_vtscsi_request_handle() used truncate_iov() incorrectly, allowing
 getting out of buffer and possibly corrupting data.
   - pci_vtscsi_controlq_notify() written returned status at wrong offset.
   - pci_vtscsi_controlq_notify() leaked one buffer per event.
  
  Reported by:  wg
  Reviewed by:  araujo
  MFC after:1 week
  Sponsored by: iXsystems, Inc.
  Differential Revision:https://reviews.freebsd.org/D18465

Modified:
  head/usr.sbin/bhyve/iov.c
  head/usr.sbin/bhyve/iov.h
  head/usr.sbin/bhyve/pci_virtio_scsi.c

Modified: head/usr.sbin/bhyve/iov.c
==
--- head/usr.sbin/bhyve/iov.c   Fri Dec  7 19:10:51 2018(r341704)
+++ head/usr.sbin/bhyve/iov.c   Fri Dec  7 20:30:00 2018(r341705)
@@ -2,6 +2,7 @@
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
  *
  * Copyright (c) 2016 Jakub Klama .
+ * Copyright (c) 2018 Alexander Motin 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -39,12 +40,12 @@ __FBSDID("$FreeBSD$");
 #include "iov.h"
 
 void
-seek_iov(struct iovec *iov1, size_t niov1, struct iovec *iov2, size_t *niov2,
+seek_iov(const struct iovec *iov1, int niov1, struct iovec *iov2, int *niov2,
 size_t seek)
 {
size_t remainder = 0;
size_t left = seek;
-   size_t i, j;
+   int i, j;
 
for (i = 0; i < niov1; i++) {
size_t toseek = MIN(left, iov1[i].iov_len);
@@ -69,9 +70,10 @@ seek_iov(struct iovec *iov1, size_t niov1, struct iove
 }
 
 size_t
-count_iov(struct iovec *iov, size_t niov)
+count_iov(const struct iovec *iov, int niov)
 {
-   size_t i, total = 0;
+   size_t total = 0;
+   int i;
 
for (i = 0; i < niov; i++)
total += iov[i].iov_len;
@@ -79,35 +81,36 @@ count_iov(struct iovec *iov, size_t niov)
return (total);
 }
 
-size_t
-truncate_iov(struct iovec *iov, size_t niov, size_t length)
+void
+truncate_iov(struct iovec *iov, int *niov, size_t length)
 {
-   size_t i, done = 0;
+   size_t done = 0;
+   int i;
 
-   for (i = 0; i < niov; i++) {
+   for (i = 0; i < *niov; i++) {
size_t toseek = MIN(length - done, iov[i].iov_len);
done += toseek;
 
-   if (toseek < iov[i].iov_len) {
+   if (toseek <= iov[i].iov_len) {
iov[i].iov_len = toseek;
-   return (i + 1);
+   *niov = i + 1;
+   return;
}
}
-
-   return (niov);
 }
 
 ssize_t
-iov_to_buf(struct iovec *iov, size_t niov, void **buf)
+iov_to_buf(const struct iovec *iov, int niov, void **buf)
 {
-   size_t i, ptr = 0, total = 0;
+   size_t ptr, total;
+   int i;
 
-   for (i = 0; i < niov; i++) {
-   total += iov[i].iov_len;
-   *buf = realloc(*buf, total);
-   if (*buf == NULL)
-   return (-1);
+   total = count_iov(iov, niov);
+   *buf = realloc(*buf, total);
+   if (*buf == NULL)
+   return (-1);
 
+   for (i = 0, ptr = 0; i < niov; i++) {
memcpy(*buf + ptr, iov[i].iov_base, iov[i].iov_len);
ptr += iov[i].iov_len;
}
@@ -116,12 +119,12 @@ iov_to_buf(struct iovec *iov, size_t niov, void **buf)
 }
 
 ssize_t
-buf_to_iov(void *buf, size_t buflen, struct iovec *iov, size_t niov,
+buf_to_iov(const void *buf, size_t buflen, struct iovec *iov, int niov,
 size_t seek)
 {
struct iovec *diov;
-   size_t ndiov, i;
-   uintptr_t off = 0;
+   int ndiov, i;
+   size_t off = 0, len;
 
if (seek > 0) {
diov = malloc(sizeof(struct iovec) * niov);
@@ -131,10 +134,14 @@ buf_to_iov(void *buf, size_t buflen, struct iovec *iov
ndiov = niov;
}
 
-   for (i = 0; i < ndiov; i++) {
-   memcpy(diov[i].iov_base, buf + off, diov[i].iov_len);
-   off += diov[i].iov_len;
+   for (i = 0; i < ndiov && off < buflen; i++) {
+   len = MIN(diov[i].iov_len, buflen - off);
+   memcpy(diov[i].iov_base, buf + off, len);
+   off += len;
}
+
+   if (seek > 0)
+   free(diov);
 
return ((ssize_t)off);
 }

Modified: head/usr.sbin/bhyve/iov.h
==
--- 

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[John Baldwin]

On 12/7/18 10:59 AM, Conrad Meyer wrote:
> On Fri, Dec 7, 2018 at 10:05 AM John Baldwin  wrote:
>> The
>> requirement for root mostly mitigates this when root vs not-root is your
>> only privilege.  However, a capsicum vs non-capsicum process is a more
>> recent privilege that is orthogonal to root vs non-root.  It might be that
>> allowing a capsicumized root to create links to files that were intentionally
>> unlinked by a non-capsicumized root would be the same problem.
> 
> None of these syscalls were added to sys/kern/capabilities.conf, so I
> think a capsicum-contained root cannot use them anyway.  Maybe I
> misunderstand how capabilities.conf works, though.

Ok.

-- 
John Baldwin


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341704 - head/usr.sbin/bhyve

[Alexander Motin]

Author: mav
Date: Fri Dec  7 19:10:51 2018
New Revision: 341704
URL: https://svnweb.freebsd.org/changeset/base/341704

Log:
  Fill initid explicitly on requests.
  
  Unfortunately ctl_scsi_zero_io() wipes that field, so it was always zero.
  While there, targ_port is set by kernel, so user-space should not fill it.
  
  MFC after:1 week

Modified:
  head/usr.sbin/bhyve/pci_virtio_scsi.c

Modified: head/usr.sbin/bhyve/pci_virtio_scsi.c
==
--- head/usr.sbin/bhyve/pci_virtio_scsi.c   Fri Dec  7 16:52:52 2018
(r341703)
+++ head/usr.sbin/bhyve/pci_virtio_scsi.c   Fri Dec  7 19:10:51 2018
(r341704)
@@ -389,7 +389,7 @@ pci_vtscsi_tmf_handle(struct pci_vtscsi_softc *sc,
ctl_scsi_zero_io(io);
 
io->io_hdr.io_type = CTL_IO_TASK;
-   io->io_hdr.nexus.targ_port = tmf->lun[1];
+   io->io_hdr.nexus.initid = sc->vss_iid;
io->io_hdr.nexus.targ_lun = pci_vtscsi_get_lun(tmf->lun);
io->taskio.tag_type = CTL_TAG_SIMPLE;
io->taskio.tag_num = (uint32_t)tmf->id;
@@ -480,7 +480,7 @@ pci_vtscsi_request_handle(struct pci_vtscsi_queue *q, 
io = ctl_scsi_alloc_io(sc->vss_iid);
ctl_scsi_zero_io(io);
 
-   io->io_hdr.nexus.targ_port = cmd_rd->lun[1];
+   io->io_hdr.nexus.initid = sc->vss_iid;
io->io_hdr.nexus.targ_lun = pci_vtscsi_get_lun(cmd_rd->lun);
 
io->io_hdr.io_type = CTL_IO_SCSI;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[Conrad Meyer]

On Fri, Dec 7, 2018 at 10:05 AM John Baldwin  wrote:
> The
> requirement for root mostly mitigates this when root vs not-root is your
> only privilege.  However, a capsicum vs non-capsicum process is a more
> recent privilege that is orthogonal to root vs non-root.  It might be that
> allowing a capsicumized root to create links to files that were intentionally
> unlinked by a non-capsicumized root would be the same problem.

None of these syscalls were added to sys/kern/capabilities.conf, so I
think a capsicum-contained root cannot use them anyway.  Maybe I
misunderstand how capabilities.conf works, though.

Best,
Conrad
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341682 - head/sys/sys

[John Baldwin]

On 12/7/18 10:10 AM, Ian Lepore wrote:
> On Fri, 2018-12-07 at 12:05 +, Mateusz Guzik wrote:
>> Author: mjg
>> Date: Fri Dec  7 12:05:11 2018
>> New Revision: 341682
>> URL: https://svnweb.freebsd.org/changeset/base/341682
>>
>> Log:
>>   unr64: use locked variant if not __LP64__
>>   
>>   The current ifdefs are not sufficient to distinguish 32- and 64-
>> bit
>>   variants, which results e.g. in powerpc64 not using atomics.
>>   
>>   While some 32-bit archs provide 64-bit atomics, there is no huge
>> advantage
>>   of using them on these platforms.
>>   
>>   Reported by:   many
>>   Suggested by:  jhb
>>   Sponsored by:  The FreeBSD Foundation
>>
>> Modified:
>>   head/sys/sys/systm.h
>>
>> Modified: head/sys/sys/systm.h
>> =
>> =
>> --- head/sys/sys/systm.h Fri Dec  7 12:02:31 2018(r341
>> 681)
>> +++ head/sys/sys/systm.h Fri Dec  7 12:05:11 2018(r341
>> 682)
>> @@ -523,7 +523,7 @@ int alloc_unr_specific(struct unrhdr *uh, u_int
>> item);
>>  int alloc_unrl(struct unrhdr *uh);
>>  void free_unr(struct unrhdr *uh, u_int item);
>>  
>> -#if defined(__mips__) || defined(__powerpc__)
>> +#ifndef __LP64__
>>  #define UNR64_LOCKED
>>  #endif
>>  
>>
> 
> This seems like a wholly unsatisfying solution compared to how trivial
> it would be to do something like have each arch's atomic.h set a symbol
> to indicate whether 64-bit atomics are available. Dismissing 32-bit
> arches because you don't perceive performance to be important there
> doesn't seem like a valid argument.

I think you are free to adjust the #ifdef if you find that it actually
makes a difference.  unr lists have been using a mutex on 32-bit architectures
the entire time the API has existed, and I'm not sure you are running -j128
poudriere package builds on a raspberry pi to get the kind of workload where
this lock contention matters.

-- 
John Baldwin


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341682 - head/sys/sys

[Ian Lepore]

On Fri, 2018-12-07 at 12:05 +, Mateusz Guzik wrote:
> Author: mjg
> Date: Fri Dec  7 12:05:11 2018
> New Revision: 341682
> URL: https://svnweb.freebsd.org/changeset/base/341682
> 
> Log:
>   unr64: use locked variant if not __LP64__
>   
>   The current ifdefs are not sufficient to distinguish 32- and 64-
> bit
>   variants, which results e.g. in powerpc64 not using atomics.
>   
>   While some 32-bit archs provide 64-bit atomics, there is no huge
> advantage
>   of using them on these platforms.
>   
>   Reported by:many
>   Suggested by:   jhb
>   Sponsored by:   The FreeBSD Foundation
> 
> Modified:
>   head/sys/sys/systm.h
> 
> Modified: head/sys/sys/systm.h
> =
> =
> --- head/sys/sys/systm.h  Fri Dec  7 12:02:31 2018(r341
> 681)
> +++ head/sys/sys/systm.h  Fri Dec  7 12:05:11 2018(r341
> 682)
> @@ -523,7 +523,7 @@ int alloc_unr_specific(struct unrhdr *uh, u_int
> item);
>  int alloc_unrl(struct unrhdr *uh);
>  void free_unr(struct unrhdr *uh, u_int item);
>  
> -#if defined(__mips__) || defined(__powerpc__)
> +#ifndef __LP64__
>  #define UNR64_LOCKED
>  #endif
>  
> 

This seems like a wholly unsatisfying solution compared to how trivial
it would be to do something like have each arch's atomic.h set a symbol
to indicate whether 64-bit atomics are available. Dismissing 32-bit
arches because you don't perceive performance to be important there
doesn't seem like a valid argument.

-- Ian

___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[John Baldwin]

On 12/7/18 9:47 AM, Konstantin Belousov wrote:
> On Fri, Dec 07, 2018 at 09:21:34AM -0800, John Baldwin wrote:
>> On 12/7/18 7:17 AM, Konstantin Belousov wrote:
>>> Author: kib
>>> Date: Fri Dec  7 15:17:29 2018
>>> New Revision: 341689
>>> URL: https://svnweb.freebsd.org/changeset/base/341689
>>>
>>> Log:
>>>   Add new file handle system calls.
>>>   
>>>   Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
>>>   syscalls are provided for a NFS userspace server (nfs-ganesha).
>>>   
>>>   Submitted by: Jack Halford 
>>>   Sponsored by: Gandi.net
>>>   Tested by:pho
>>>   Feedback from:brooks, markj
>>>   MFC after:1 week
>>>   Differential revision:https://reviews.freebsd.org/D18359
>>
>> Can this be used to implement 'flink' (create a link to an open file
>> descriptor)?  Hmm, it appears so.  It is limited to PRIV_VFS_GETFH at least.
>> The getfh(2) manpage notes this explicitly, but the new manpages don't
>> appear to.  Even with the PRIV check, I'm still somewhat nervous about what
>> flink means for processes running as root that are using Capsicum.  Maybe
>> it's ok, but I didn't see any discussion of this in the review.
> 
> If the process can execute getfh(2) and fhlink(2), then its privileges
> are not much different from the privileges of the in-kernel NFS server.
> During the review, I verified that PRIV_VFS_GETFH is checked, and considered
> suggesting fine-grainer individual privs for other operations, but decided
> that this is not too useful.
> 
> That said, how can you translate from file descriptor to file
> handle ? E.g. to know (and not guess) the file handle on UFS,
> the process must posses PRIV_VFS_GENERATION. If you have
> PRIV_VFS_GETFH/PRIV_VFS_GENERATION privs, then you can implement
> flink(2) for UFS, but might be that it is even not undesirable.

My understanding of the normal reason against flink is that you can make
unlinked files readable by other processes (though something like
/proc//fd/ already permits this), and in particular if a more
privileged process passes an fd to a less privileged process.  The
requirement for root mostly mitigates this when root vs not-root is your
only privilege.  However, a capsicum vs non-capsicum process is a more
recent privilege that is orthogonal to root vs non-root.  It might be that
allowing a capsicumized root to create links to files that were intentionally
unlinked by a non-capsicumized root would be the same problem.

In practice on the majority of FreeBSD systems, root has all of the PRIV_foo
things.  You have to write custom MAC modules to actually limit root.  Thus
it would seem that we should now be happy to add flink() so long as it
requires root.

-- 
John Baldwin


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[Konstantin Belousov]

On Fri, Dec 07, 2018 at 09:21:34AM -0800, John Baldwin wrote:
> On 12/7/18 7:17 AM, Konstantin Belousov wrote:
> > Author: kib
> > Date: Fri Dec  7 15:17:29 2018
> > New Revision: 341689
> > URL: https://svnweb.freebsd.org/changeset/base/341689
> > 
> > Log:
> >   Add new file handle system calls.
> >   
> >   Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
> >   syscalls are provided for a NFS userspace server (nfs-ganesha).
> >   
> >   Submitted by: Jack Halford 
> >   Sponsored by: Gandi.net
> >   Tested by:pho
> >   Feedback from:brooks, markj
> >   MFC after:1 week
> >   Differential revision:https://reviews.freebsd.org/D18359
> 
> Can this be used to implement 'flink' (create a link to an open file
> descriptor)?  Hmm, it appears so.  It is limited to PRIV_VFS_GETFH at least.
> The getfh(2) manpage notes this explicitly, but the new manpages don't
> appear to.  Even with the PRIV check, I'm still somewhat nervous about what
> flink means for processes running as root that are using Capsicum.  Maybe
> it's ok, but I didn't see any discussion of this in the review.

If the process can execute getfh(2) and fhlink(2), then its privileges
are not much different from the privileges of the in-kernel NFS server.
During the review, I verified that PRIV_VFS_GETFH is checked, and considered
suggesting fine-grainer individual privs for other operations, but decided
that this is not too useful.

That said, how can you translate from file descriptor to file
handle ? E.g. to know (and not guess) the file handle on UFS,
the process must posses PRIV_VFS_GENERATION. If you have
PRIV_VFS_GETFH/PRIV_VFS_GENERATION privs, then you can implement
flink(2) for UFS, but might be that it is even not undesirable.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[John Baldwin]

On 12/7/18 7:17 AM, Konstantin Belousov wrote:
> Author: kib
> Date: Fri Dec  7 15:17:29 2018
> New Revision: 341689
> URL: https://svnweb.freebsd.org/changeset/base/341689
> 
> Log:
>   Add new file handle system calls.
>   
>   Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
>   syscalls are provided for a NFS userspace server (nfs-ganesha).
>   
>   Submitted by:   Jack Halford 
>   Sponsored by:   Gandi.net
>   Tested by:  pho
>   Feedback from:  brooks, markj
>   MFC after:  1 week
>   Differential revision:  https://reviews.freebsd.org/D18359

Can this be used to implement 'flink' (create a link to an open file
descriptor)?  Hmm, it appears so.  It is limited to PRIV_VFS_GETFH at least.
The getfh(2) manpage notes this explicitly, but the new manpages don't
appear to.  Even with the PRIV check, I'm still somewhat nervous about what
flink means for processes running as root that are using Capsicum.  Maybe
it's ok, but I didn't see any discussion of this in the review.

-- 
John Baldwin


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341681 - head/sys/cam/scsi

[Andriy Gapon]

On 07/12/2018 18:33, Warner Losh wrote:
> 
> 
> On Fri, Dec 7, 2018 at 5:02 AM Andriy Gapon  > wrote:
> 
> Author: avg
> Date: Fri Dec  7 12:02:31 2018
> New Revision: 341681
> URL: https://svnweb.freebsd.org/changeset/base/341681
> 
> Log:
>   daprobedone: announce if a disk is write-protected
> 
>   MFC after:    2 weeks
> 
> Modified:
>   head/sys/cam/scsi/scsi_da.c
> 
> Modified: head/sys/cam/scsi/scsi_da.c
> 
> ==
> --- head/sys/cam/scsi/scsi_da.c Fri Dec  7 11:47:42 2018        (r341680)
> +++ head/sys/cam/scsi/scsi_da.c Fri Dec  7 12:02:31 2018        (r341681)
> @@ -2472,6 +2472,11 @@ daprobedone(struct cam_periph *periph, union ccb 
> *ccb)
>                 printf("%s%d: %s\n", periph->periph_name,
>                     periph->unit_number, buf);
>         }
> +       if ((softc->disk->d_flags & DISKFLAG_WRITE_PROTECT) != 0 &&
> +           (softc->flags & DA_FLAG_ANNOUNCED) == 0) {
> +               printf("%s%d: Write Protected\n", periph->periph_name,
> +                   periph->unit_number);
> +       }
> 
> 
> This is incorrect. It needs to be added to buf so that it gets printed
> atomically with the rest of things.

My impression is that "the rest of the things" is not printed atomically,
unfortunately.  It would be great if it was.
For example, the printf that we see in the diff context above prints only
"Delete methods:" line.

-- 
Andriy Gapon
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341703 - head/etc/mtree

[Ed Maste]

Author: emaste
Date: Fri Dec  7 16:52:52 2018
New Revision: 341703
URL: https://svnweb.freebsd.org/changeset/base/341703

Log:
  BSD.debug.dist: add newly added nvmecontrol directory

Modified:
  head/etc/mtree/BSD.debug.dist

Modified: head/etc/mtree/BSD.debug.dist
==
--- head/etc/mtree/BSD.debug.dist   Fri Dec  7 16:51:38 2018
(r341702)
+++ head/etc/mtree/BSD.debug.dist   Fri Dec  7 16:52:52 2018
(r341703)
@@ -19,6 +19,8 @@
 ..
 geom
 ..
+nvmecontrol
+..
 ..
 libexec
 ..
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341702 - head/sys/kern

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:51:38 2018
New Revision: 341702
URL: https://svnweb.freebsd.org/changeset/base/341702

Log:
  fd: use racct_set_unlocked
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_descrip.c

Modified: head/sys/kern/kern_descrip.c
==
--- head/sys/kern/kern_descrip.cFri Dec  7 16:47:34 2018
(r341701)
+++ head/sys/kern/kern_descrip.cFri Dec  7 16:51:38 2018
(r341702)
@@ -878,10 +878,8 @@ kern_dup(struct thread *td, u_int mode, int flags, int
 * the limit on the size of the file descriptor table.
 */
 #ifdef RACCT
-   if (racct_enable) {
-   PROC_LOCK(p);
-   error = racct_set(p, RACCT_NOFILE, new + 1);
-   PROC_UNLOCK(p);
+   if (RACCT_ENABLED()) {
+   error = racct_set_unlocked(p, RACCT_NOFILE, new 
+ 1);
if (error != 0) {
error = EMFILE;
goto unlock;
@@ -1751,10 +1749,8 @@ fdalloc(struct thread *td, int minfd, int *result)
if (fd >= fdp->fd_nfiles) {
allocfd = min(fd * 2, maxfd);
 #ifdef RACCT
-   if (racct_enable) {
-   PROC_LOCK(p);
-   error = racct_set(p, RACCT_NOFILE, allocfd);
-   PROC_UNLOCK(p);
+   if (RACCT_ENABLED()) {
+   error = racct_set_unlocked(p, RACCT_NOFILE, allocfd);
if (error != 0)
return (EMFILE);
}
@@ -2266,11 +2262,8 @@ fdescfree(struct thread *td)
MPASS(fdp != NULL);
 
 #ifdef RACCT
-   if (racct_enable) {
-   PROC_LOCK(p);
-   racct_set(p, RACCT_NOFILE, 0);
-   PROC_UNLOCK(p);
-   }
+   if (RACCT_ENABLED())
+   racct_set_unlocked(p, RACCT_NOFILE, 0);
 #endif
 
if (p->p_fdtol != NULL)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341701 - in head/sys: kern sys

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:47:34 2018
New Revision: 341701
URL: https://svnweb.freebsd.org/changeset/base/341701

Log:
  racct: add RACCT_ENABLED macro and racct_set_unlocked
  
  This allows to remove PROC_LOCK/UNLOCK pairs spread thorought the kernel
  only used to appease racct_set.
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_racct.c
  head/sys/sys/racct.h

Modified: head/sys/kern/kern_racct.c
==
--- head/sys/kern/kern_racct.c  Fri Dec  7 16:44:52 2018(r341700)
+++ head/sys/kern/kern_racct.c  Fri Dec  7 16:47:34 2018(r341701)
@@ -726,6 +726,18 @@ racct_set_locked(struct proc *p, int resource, uint64_
  * even if it's above the limit.
  */
 int
+racct_set_unlocked(struct proc *p, int resource, uint64_t amount)
+{
+   int error;
+
+   ASSERT_RACCT_ENABLED();
+   PROC_LOCK(p);
+   error = racct_set(p, resource, amount);
+   PROC_UNLOCK(p);
+   return (error);
+}
+
+int
 racct_set(struct proc *p, int resource, uint64_t amount)
 {
int error;

Modified: head/sys/sys/racct.h
==
--- head/sys/sys/racct.hFri Dec  7 16:44:52 2018(r341700)
+++ head/sys/sys/racct.hFri Dec  7 16:47:34 2018(r341701)
@@ -164,12 +164,14 @@ extern struct mtx racct_lock;
 #define RACCT_UNLOCK() mtx_unlock(_lock)
 #define RACCT_LOCK_ASSERT()mtx_assert(_lock, MA_OWNED)
 
+#define RACCT_ENABLED()__predict_false(racct_enable)
+
 #defineRACCT_PROC_LOCK(p)  do {\
-   if (__predict_false(racct_enable))  \
+   if (RACCT_ENABLED())\
PROC_LOCK(p);   \
 } while (0)
 #defineRACCT_PROC_UNLOCK(p)do {\
-   if (__predict_false(racct_enable))  \
+   if (RACCT_ENABLED())\
PROC_UNLOCK(p); \
 } while (0)
 
@@ -178,6 +180,7 @@ voidracct_add_cred(struct ucred *cred, int 
resource, 
 void   racct_add_force(struct proc *p, int resource, uint64_t amount);
 void   racct_add_buf(struct proc *p, const struct buf *bufp, int is_write);
 intracct_set(struct proc *p, int resource, uint64_t amount);
+intracct_set_unlocked(struct proc *p, int resource, uint64_t amount);
 void   racct_set_force(struct proc *p, int resource, uint64_t amount);
 void   racct_sub(struct proc *p, int resource, uint64_t amount);
 void   racct_sub_cred(struct ucred *cred, int resource, uint64_t amount);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341700 - head/sys/kern

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:44:52 2018
New Revision: 341700
URL: https://svnweb.freebsd.org/changeset/base/341700

Log:
  fd: try do less work with the lock in dup
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_descrip.c

Modified: head/sys/kern/kern_descrip.c
==
--- head/sys/kern/kern_descrip.cFri Dec  7 16:22:54 2018
(r341699)
+++ head/sys/kern/kern_descrip.cFri Dec  7 16:44:52 2018
(r341700)
@@ -818,6 +818,7 @@ kern_dup(struct thread *td, u_int mode, int flags, int
 
p = td->td_proc;
fdp = p->p_fd;
+   oioctls = NULL;
 
MPASS((flags & ~(FDDUP_FLAG_CLOEXEC)) == 0);
MPASS(mode < FDDUP_LASTMODE);
@@ -922,7 +923,6 @@ kern_dup(struct thread *td, u_int mode, int flags, int
 #ifdef CAPABILITIES
seq_write_end(>fde_seq);
 #endif
-   filecaps_free_finish(oioctls);
td->td_retval[0] = new;
 
error = 0;
@@ -935,6 +935,7 @@ unlock:
FILEDESC_XUNLOCK(fdp);
}
 
+   filecaps_free_finish(oioctls);
return (error);
 }
 
@@ -1511,7 +1512,7 @@ filecaps_copy_prep(const struct filecaps *src)
u_long *ioctls;
size_t size;
 
-   if (src->fc_ioctls == NULL)
+   if (__predict_true(src->fc_ioctls == NULL))
return (NULL);
 
KASSERT(src->fc_nioctls > 0,
@@ -1529,7 +1530,7 @@ filecaps_copy_finish(const struct filecaps *src, struc
size_t size;
 
*dst = *src;
-   if (src->fc_ioctls == NULL) {
+   if (__predict_true(src->fc_ioctls == NULL)) {
MPASS(ioctls == NULL);
return;
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r341681 - head/sys/cam/scsi

[Warner Losh]

On Fri, Dec 7, 2018 at 5:02 AM Andriy Gapon  wrote:

> Author: avg
> Date: Fri Dec  7 12:02:31 2018
> New Revision: 341681
> URL: https://svnweb.freebsd.org/changeset/base/341681
>
> Log:
>   daprobedone: announce if a disk is write-protected
>
>   MFC after:2 weeks
>
> Modified:
>   head/sys/cam/scsi/scsi_da.c
>
> Modified: head/sys/cam/scsi/scsi_da.c
>
> ==
> --- head/sys/cam/scsi/scsi_da.c Fri Dec  7 11:47:42 2018(r341680)
> +++ head/sys/cam/scsi/scsi_da.c Fri Dec  7 12:02:31 2018(r341681)
> @@ -2472,6 +2472,11 @@ daprobedone(struct cam_periph *periph, union ccb
> *ccb)
> printf("%s%d: %s\n", periph->periph_name,
> periph->unit_number, buf);
> }
> +   if ((softc->disk->d_flags & DISKFLAG_WRITE_PROTECT) != 0 &&
> +   (softc->flags & DA_FLAG_ANNOUNCED) == 0) {
> +   printf("%s%d: Write Protected\n", periph->periph_name,
> +   periph->unit_number);
> +   }
>

This is incorrect. It needs to be added to buf so that it gets printed
atomically with the rest of things.

Warner


> /*
>  * Since our peripheral may be invalidated by an error
>
>
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341699 - head/sys/vm

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:22:54 2018
New Revision: 341699
URL: https://svnweb.freebsd.org/changeset/base/341699

Log:
  vm: use fcmpset for vmspace reference counting
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/vm/vm_map.c

Modified: head/sys/vm/vm_map.c
==
--- head/sys/vm/vm_map.cFri Dec  7 16:11:45 2018(r341698)
+++ head/sys/vm/vm_map.cFri Dec  7 16:22:54 2018(r341699)
@@ -391,8 +391,8 @@ vmspace_exit(struct thread *td)
p = td->td_proc;
vm = p->p_vmspace;
atomic_add_int(_refcnt, 1);
+   refcnt = vm->vm_refcnt;
do {
-   refcnt = vm->vm_refcnt;
if (refcnt > 1 && p->p_vmspace != ) {
/* Switch now since other proc might free vmspace */
PROC_VMSPACE_LOCK(p);
@@ -400,7 +400,7 @@ vmspace_exit(struct thread *td)
PROC_VMSPACE_UNLOCK(p);
pmap_activate(td);
}
-   } while (!atomic_cmpset_int(>vm_refcnt, refcnt, refcnt - 1));
+   } while (!atomic_fcmpset_int(>vm_refcnt, , refcnt - 1));
if (refcnt == 1) {
if (p->p_vmspace != vm) {
/* vmspace not yet freed, switch back */
@@ -437,13 +437,13 @@ vmspace_acquire_ref(struct proc *p)
PROC_VMSPACE_UNLOCK(p);
return (NULL);
}
+   refcnt = vm->vm_refcnt;
do {
-   refcnt = vm->vm_refcnt;
if (refcnt <= 0) {  /* Avoid 0->1 transition */
PROC_VMSPACE_UNLOCK(p);
return (NULL);
}
-   } while (!atomic_cmpset_int(>vm_refcnt, refcnt, refcnt + 1));
+   } while (!atomic_fcmpset_int(>vm_refcnt, , refcnt + 1));
if (vm != p->p_vmspace) {
PROC_VMSPACE_UNLOCK(p);
vmspace_free(vm);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341698 - head/sys/kern

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:11:45 2018
New Revision: 341698
URL: https://svnweb.freebsd.org/changeset/base/341698

Log:
  Replace hand-rolled unrefs if > 1 with refcount_release_if_not_last
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_jail.c
  head/sys/kern/kern_loginclass.c
  head/sys/kern/kern_resource.c

Modified: head/sys/kern/kern_jail.c
==
--- head/sys/kern/kern_jail.c   Fri Dec  7 16:10:13 2018(r341697)
+++ head/sys/kern/kern_jail.c   Fri Dec  7 16:11:45 2018(r341698)
@@ -4023,13 +4023,11 @@ prison_racct_free_locked(struct prison_racct *prr)
 void
 prison_racct_free(struct prison_racct *prr)
 {
-   int old;
 
ASSERT_RACCT_ENABLED();
sx_assert(_lock, SA_UNLOCKED);
 
-   old = prr->prr_refcount;
-   if (old > 1 && atomic_cmpset_int(>prr_refcount, old, old - 1))
+   if (refcount_release_if_not_last(>prr_refcount))
return;
 
sx_xlock(_lock);

Modified: head/sys/kern/kern_loginclass.c
==
--- head/sys/kern/kern_loginclass.c Fri Dec  7 16:10:13 2018
(r341697)
+++ head/sys/kern/kern_loginclass.c Fri Dec  7 16:11:45 2018
(r341698)
@@ -84,10 +84,8 @@ loginclass_hold(struct loginclass *lc)
 void
 loginclass_free(struct loginclass *lc)
 {
-   int old;
 
-   old = lc->lc_refcount;
-   if (old > 1 && atomic_cmpset_int(>lc_refcount, old, old - 1))
+   if (refcount_release_if_not_last(>lc_refcount))
return;
 
rw_wlock(_lock);

Modified: head/sys/kern/kern_resource.c
==
--- head/sys/kern/kern_resource.c   Fri Dec  7 16:10:13 2018
(r341697)
+++ head/sys/kern/kern_resource.c   Fri Dec  7 16:11:45 2018
(r341698)
@@ -1323,14 +1323,10 @@ uihold(struct uidinfo *uip)
 void
 uifree(struct uidinfo *uip)
 {
-   int old;
 
-   /* Prepare for optimal case. */
-   old = uip->ui_ref;
-   if (old > 1 && atomic_cmpset_int(>ui_ref, old, old - 1))
+   if (refcount_release_if_not_last(>ui_ref))
return;
 
-   /* Prepare for suboptimal case. */
rw_wlock(_lock);
if (refcount_release(>ui_ref) == 0) {
rw_wunlock(_lock);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341697 - head/sys/sys

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 16:10:13 2018
New Revision: 341697
URL: https://svnweb.freebsd.org/changeset/base/341697

Log:
  refcount: remove a stale comment about conditional ref/unref routines
  
  It was there for vfs-specific variants and was copied over when it should not.
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/sys/refcount.h

Modified: head/sys/sys/refcount.h
==
--- head/sys/sys/refcount.h Fri Dec  7 16:05:39 2018(r341696)
+++ head/sys/sys/refcount.h Fri Dec  7 16:10:13 2018(r341697)
@@ -79,8 +79,6 @@ refcount_release(volatile u_int *count)
 /*
  * This functions returns non-zero if the refcount was
  * incremented. Else zero is returned.
- *
- * A temporary hack until refcount_* APIs are sorted out.
  */
 static __inline __result_use_check int
 refcount_acquire_if_not_zero(volatile u_int *count)
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341696 - head/sys/dev/acpica

[Andriy Gapon]

Author: avg
Date: Fri Dec  7 16:05:39 2018
New Revision: 341696
URL: https://svnweb.freebsd.org/changeset/base/341696

Log:
  acpi_MatchHid: use ACPI_MATCHHID_NOMATCH instead of FALSE
  
  Binary representation of both is the same (zero), but
  ACPI_MATCHHID_NOMATCH is better for consistency.
  
  MFC after:4 days
  X-MFC with:   r339754

Modified:
  head/sys/dev/acpica/acpi.c

Modified: head/sys/dev/acpica/acpi.c
==
--- head/sys/dev/acpica/acpi.c  Fri Dec  7 16:01:51 2018(r341695)
+++ head/sys/dev/acpica/acpi.c  Fri Dec  7 16:05:39 2018(r341696)
@@ -2290,7 +2290,7 @@ acpi_MatchHid(ACPI_HANDLE h, const char *hid) 
ACPI_FAILURE(AcpiGetObjectInfo(h, )))
return (ACPI_MATCHHID_NOMATCH);
 
-ret = FALSE;
+ret = ACPI_MATCHHID_NOMATCH;
 if ((devinfo->Valid & ACPI_VALID_HID) != 0 &&
strcmp(hid, devinfo->HardwareId.String) == 0)
ret = ACPI_MATCHHID_HID;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341695 - head/sys/dev/acpi_support

[Andriy Gapon]

Author: avg
Date: Fri Dec  7 16:01:51 2018
New Revision: 341695
URL: https://svnweb.freebsd.org/changeset/base/341695

Log:
  aibs: fix a typo in the probe method that was introduced in r339754
  
  Because of that typo the driver would try to attach to every device
  on acpi bus.  That disrupted acpi attachment of uart driver, at least.
  
  MFC after:4 days
  X-MFC with:   r339754

Modified:
  head/sys/dev/acpi_support/atk0110.c

Modified: head/sys/dev/acpi_support/atk0110.c
==
--- head/sys/dev/acpi_support/atk0110.c Fri Dec  7 15:56:40 2018
(r341694)
+++ head/sys/dev/acpi_support/atk0110.c Fri Dec  7 16:01:51 2018
(r341695)
@@ -129,7 +129,7 @@ aibs_probe(device_t dev)
rv = ACPI_ID_PROBE(device_get_parent(dev), dev, aibs_hids, NULL);
if (rv <= 0 )
device_set_desc(dev, "ASUSTeK AI Booster (ACPI ASOC ATK0110)");
-   return (0);
+   return (rv);
 }
 
 static int
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341694 - head/sys/riscv/include

[Mark Johnston]

Author: markj
Date: Fri Dec  7 15:56:40 2018
New Revision: 341694
URL: https://svnweb.freebsd.org/changeset/base/341694

Log:
  Update the description of the address space layout on RISC-V.
  
  This adds more detail and fixes some inaccuracies.
  
  Reviewed by:  jhb
  MFC after:1 week
  Sponsored by: The FreeBSD Foundation
  Differential Revision:https://reviews.freebsd.org/D18463

Modified:
  head/sys/riscv/include/vmparam.h

Modified: head/sys/riscv/include/vmparam.h
==
--- head/sys/riscv/include/vmparam.hFri Dec  7 15:55:23 2018
(r341693)
+++ head/sys/riscv/include/vmparam.hFri Dec  7 15:56:40 2018
(r341694)
@@ -115,23 +115,24 @@
 /**
  * Address space layout.
  *
- * RISC-V implements up to a 48 bit virtual address space. The address space is
- * split into 2 regions at each end of the 64 bit address space, with an
- * out of range "hole" in the middle.
+ * RISC-V implements multiple paging modes with different virtual address space
+ * sizes: SV32, SV39 and SV48.  SV39 permits a virtual address space size of
+ * 512GB and uses a three-level page table.  Since this is large enough for 
most
+ * purposes, we currently use SV39 for both userland and the kernel, avoiding
+ * the extra translation step required by SV48.
  *
- * We limit the size of the two spaces to 39 bits each.
+ * The address space is split into two regions at each end of the 64-bit 
address
+ * space:
  *
- * Upper region:   0x
- * 0xff80
+ * 0x - 0x003f256GB user map
+ * 0x0040 - 0xffbfunmappable
+ * 0xffc0 - 0xffc732GB kernel map
+ * 0xffc8 - 0xffcf32GB unused
+ * 0xffd0 - 0xffef128GB direct map
+ * 0xfff0 - 0x64GB unused
  *
- * Hole:   0xff7f
- * 0x0080
+ * The kernel is loaded at the beginning of the kernel map.
  *
- * Lower region:   0x007f
- * 0x
- *
- * We use the upper region for the kernel, and the lower region for userland.
- *
  * We define some interesting address constants:
  *
  * VM_MIN_ADDRESS and VM_MAX_ADDRESS define the start and end of the entire
@@ -146,11 +147,9 @@
 #defineVM_MIN_ADDRESS  (0xUL)
 #defineVM_MAX_ADDRESS  (0xUL)
 
-/* 32 GiB of kernel addresses */
 #defineVM_MIN_KERNEL_ADDRESS   (0xffc0UL)
 #defineVM_MAX_KERNEL_ADDRESS   (0xffc8UL)
 
-/* 128 GiB maximum for the direct map region */
 #defineDMAP_MIN_ADDRESS(0xffd0UL)
 #defineDMAP_MAX_ADDRESS(0xfff0UL)
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341693 - in head/sys/riscv: include riscv

[Mark Johnston]

Author: markj
Date: Fri Dec  7 15:55:23 2018
New Revision: 341693
URL: https://svnweb.freebsd.org/changeset/base/341693

Log:
  Rename sptbr to satp per v1.10 of the privileged architecture spec.
  
  Add a subroutine for updating satp, for use when updating the
  active pmap.  No functional change intended.
  
  Reviewed by:  jhb
  MFC after:1 week
  Sponsored by: The FreeBSD Foundation
  Differential Revision:https://reviews.freebsd.org/D18462

Modified:
  head/sys/riscv/include/cpufunc.h
  head/sys/riscv/riscv/locore.S
  head/sys/riscv/riscv/pmap.c
  head/sys/riscv/riscv/swtch.S

Modified: head/sys/riscv/include/cpufunc.h
==
--- head/sys/riscv/include/cpufunc.hFri Dec  7 15:52:50 2018
(r341692)
+++ head/sys/riscv/include/cpufunc.hFri Dec  7 15:55:23 2018
(r341693)
@@ -109,6 +109,13 @@ sfence_vma_page(uintptr_t addr)
 #definerdinstret() csr_read64(instret)
 #definerdhpmcounter(n) csr_read64(hpmcounter##n)
 
+static __inline void
+load_satp(uint64_t val)
+{
+
+   __asm __volatile("csrw satp, %0" :: "r"(val));
+}
+
 #definecpufunc_nullop()riscv_nullop()
 
 void riscv_nullop(void);

Modified: head/sys/riscv/riscv/locore.S
==
--- head/sys/riscv/riscv/locore.S   Fri Dec  7 15:52:50 2018
(r341692)
+++ head/sys/riscv/riscv/locore.S   Fri Dec  7 15:55:23 2018
(r341693)
@@ -152,7 +152,7 @@ _start:
li  t0, SATP_MODE_SV39
or  s2, s2, t0
sfence.vma
-   csrwsptbr, s2
+   csrwsatp, s2
 
.align 2
 va:
@@ -297,7 +297,7 @@ ENTRY(mpentry)
li  t0, SATP_MODE_SV39
or  s2, s2, t0
sfence.vma
-   csrwsptbr, s2
+   csrwsatp, s2
 
.align 2
 mpva:

Modified: head/sys/riscv/riscv/pmap.c
==
--- head/sys/riscv/riscv/pmap.c Fri Dec  7 15:52:50 2018(r341692)
+++ head/sys/riscv/riscv/pmap.c Fri Dec  7 15:55:23 2018(r341693)
@@ -3302,7 +3302,7 @@ pmap_activate(struct thread *td)
 
reg = SATP_MODE_SV39;
reg |= (td->td_pcb->pcb_l1addr >> PAGE_SHIFT);
-   __asm __volatile("csrw sptbr, %0" :: "r"(reg));
+   load_satp(reg);
 
pmap_invalidate_all(pmap);
critical_exit();

Modified: head/sys/riscv/riscv/swtch.S
==
--- head/sys/riscv/riscv/swtch.SFri Dec  7 15:52:50 2018
(r341692)
+++ head/sys/riscv/riscv/swtch.SFri Dec  7 15:55:23 2018
(r341693)
@@ -223,7 +223,7 @@ ENTRY(cpu_throw)
srlit0, t0, PAGE_SHIFT
li  t1, SATP_MODE_SV39
or  t0, t0, t1
-   csrwsptbr, t0
+   csrwsatp, t0
 
/* TODO: Invalidate the TLB */
 
@@ -341,7 +341,7 @@ ENTRY(cpu_switch)
srlit0, t0, PAGE_SHIFT
li  t1, SATP_MODE_SV39
or  t0, t0, t1
-   csrwsptbr, t0
+   csrwsatp, t0
 
/* TODO: Invalidate the TLB */
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341692 - head/lib/libcasper/services/cap_syslog

[Mark Johnston]

Author: markj
Date: Fri Dec  7 15:52:50 2018
New Revision: 341692
URL: https://svnweb.freebsd.org/changeset/base/341692

Log:
  Let the cap_syslog capability inherit stdio descriptors.
  
  Otherwise cap_openlog(LOG_PERROR) doesn't work.
  
  Reviewed by:  oshogbo
  MFC after:1 week
  Sponsored by: The FreeBSD Foundation
  Differential Revision:https://reviews.freebsd.org/D18457

Modified:
  head/lib/libcasper/services/cap_syslog/cap_syslog.c

Modified: head/lib/libcasper/services/cap_syslog/cap_syslog.c
==
--- head/lib/libcasper/services/cap_syslog/cap_syslog.c Fri Dec  7 15:48:42 
2018(r341691)
+++ head/lib/libcasper/services/cap_syslog/cap_syslog.c Fri Dec  7 15:52:50 
2018(r341692)
@@ -198,4 +198,4 @@ syslog_command(const char *cmd, const nvlist_t *limits
return (0);
 }
 
-CREATE_SERVICE("system.syslog", NULL, syslog_command, 0);
+CREATE_SERVICE("system.syslog", NULL, syslog_command, CASPER_SERVICE_STDIO);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341691 - stable/12/usr.bin/top

[Mark Johnston]

Author: markj
Date: Fri Dec  7 15:48:42 2018
New Revision: 341691
URL: https://svnweb.freebsd.org/changeset/base/341691

Log:
  MFC r341346:
  Add missing display messages when toggling modes.
  
  PR:   233667

Modified:
  stable/12/usr.bin/top/top.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/usr.bin/top/top.c
==
--- stable/12/usr.bin/top/top.c Fri Dec  7 15:19:00 2018(r341690)
+++ stable/12/usr.bin/top/top.c Fri Dec  7 15:48:42 2018(r341691)
@@ -985,6 +985,9 @@ restart:
break;
case CMD_viewtog:
displaymode = displaymode == DISP_IO ? DISP_CPU 
: DISP_IO;
+   new_message(MT_standout | MT_delayed,
+   " Displaying %s statistics.",
+   displaymode == DISP_IO ? "IO" : "CPU");
header_text = format_header(uname_field);
display_header(true);
d_header = i_header;
@@ -992,9 +995,15 @@ restart:
break;
case CMD_viewsys:
ps.system = !ps.system;
+   new_message(MT_standout | MT_delayed,
+   " %sisplaying system processes.",
+   ps.system ? "D" : "Not d");
break;
case CMD_showargs:
fmt_flags ^= FMT_SHOWARGS;
+   new_message(MT_standout | MT_delayed,
+   " %sisplaying process arguments.",
+   fmt_flags & FMT_SHOWARGS ? "D" : "Not d");
break;
case CMD_order:
new_message(MT_standout,
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341690 - in head/sys: compat/freebsd32 kern sys

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 15:19:00 2018
New Revision: 341690
URL: https://svnweb.freebsd.org/changeset/base/341690

Log:
  Regen.

Modified:
  head/sys/compat/freebsd32/freebsd32_syscall.h
  head/sys/compat/freebsd32/freebsd32_syscalls.c
  head/sys/compat/freebsd32/freebsd32_sysent.c
  head/sys/compat/freebsd32/freebsd32_systrace_args.c
  head/sys/kern/init_sysent.c
  head/sys/kern/syscalls.c
  head/sys/kern/systrace_args.c
  head/sys/sys/syscall.h
  head/sys/sys/syscall.mk
  head/sys/sys/sysproto.h

Modified: head/sys/compat/freebsd32/freebsd32_syscall.h
==
--- head/sys/compat/freebsd32/freebsd32_syscall.h   Fri Dec  7 15:17:29 
2018(r341689)
+++ head/sys/compat/freebsd32/freebsd32_syscall.h   Fri Dec  7 15:19:00 
2018(r341690)
@@ -490,4 +490,8 @@
 #defineFREEBSD32_SYS_freebsd32_cpuset_getdomain561
 #defineFREEBSD32_SYS_freebsd32_cpuset_setdomain562
 #defineFREEBSD32_SYS_getrandom 563
-#defineFREEBSD32_SYS_MAXSYSCALL564
+#defineFREEBSD32_SYS_getfhat   564
+#defineFREEBSD32_SYS_fhlink565
+#defineFREEBSD32_SYS_fhlinkat  566
+#defineFREEBSD32_SYS_fhreadlink567
+#defineFREEBSD32_SYS_MAXSYSCALL568

Modified: head/sys/compat/freebsd32/freebsd32_syscalls.c
==
--- head/sys/compat/freebsd32/freebsd32_syscalls.c  Fri Dec  7 15:17:29 
2018(r341689)
+++ head/sys/compat/freebsd32/freebsd32_syscalls.c  Fri Dec  7 15:19:00 
2018(r341690)
@@ -600,4 +600,8 @@ const char *freebsd32_syscallnames[] = {
"freebsd32_cpuset_getdomain",   /* 561 = 
freebsd32_cpuset_getdomain */
"freebsd32_cpuset_setdomain",   /* 562 = 
freebsd32_cpuset_setdomain */
"getrandom",/* 563 = getrandom */
+   "getfhat",  /* 564 = getfhat */
+   "fhlink",   /* 565 = fhlink */
+   "fhlinkat", /* 566 = fhlinkat */
+   "fhreadlink",   /* 567 = fhreadlink */
 };

Modified: head/sys/compat/freebsd32/freebsd32_sysent.c
==
--- head/sys/compat/freebsd32/freebsd32_sysent.cFri Dec  7 15:17:29 
2018(r341689)
+++ head/sys/compat/freebsd32/freebsd32_sysent.cFri Dec  7 15:19:00 
2018(r341690)
@@ -647,4 +647,8 @@ struct sysent freebsd32_sysent[] = {
{ AS(freebsd32_cpuset_getdomain_args), (sy_call_t 
*)freebsd32_cpuset_getdomain, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   
/* 561 = freebsd32_cpuset_getdomain */
{ AS(freebsd32_cpuset_setdomain_args), (sy_call_t 
*)freebsd32_cpuset_setdomain, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC },   
/* 562 = freebsd32_cpuset_setdomain */
{ AS(getrandom_args), (sy_call_t *)sys_getrandom, AUE_NULL, NULL, 0, 0, 
SYF_CAPENABLED, SY_THR_STATIC },/* 563 = getrandom */
+   { AS(getfhat_args), (sy_call_t *)sys_getfhat, AUE_NULL, NULL, 0, 0, 0, 
SY_THR_STATIC }, /* 564 = getfhat */
+   { AS(fhlink_args), (sy_call_t *)sys_fhlink, AUE_NULL, NULL, 0, 0, 0, 
SY_THR_STATIC },   /* 565 = fhlink */
+   { AS(fhlinkat_args), (sy_call_t *)sys_fhlinkat, AUE_NULL, NULL, 0, 0, 
0, SY_THR_STATIC },   /* 566 = fhlinkat */
+   { AS(fhreadlink_args), (sy_call_t *)sys_fhreadlink, AUE_NULL, NULL, 0, 
0, 0, SY_THR_STATIC },   /* 567 = fhreadlink */
 };

Modified: head/sys/compat/freebsd32/freebsd32_systrace_args.c
==
--- head/sys/compat/freebsd32/freebsd32_systrace_args.c Fri Dec  7 15:17:29 
2018(r341689)
+++ head/sys/compat/freebsd32/freebsd32_systrace_args.c Fri Dec  7 15:19:00 
2018(r341690)
@@ -3274,6 +3274,42 @@ systrace_args(int sysnum, void *params, uint64_t *uarg
*n_args = 3;
break;
}
+   /* getfhat */
+   case 564: {
+   struct getfhat_args *p = params;
+   iarg[0] = p->fd; /* int */
+   uarg[1] = (intptr_t) p->path; /* char * */
+   uarg[2] = (intptr_t) p->fhp; /* struct fhandle * */
+   iarg[3] = p->flags; /* int */
+   *n_args = 4;
+   break;
+   }
+   /* fhlink */
+   case 565: {
+   struct fhlink_args *p = params;
+   uarg[0] = (intptr_t) p->fhp; /* struct fhandle * */
+   uarg[1] = (intptr_t) p->to; /* const char * */
+   *n_args = 2;
+   break;
+   }
+   /* fhlinkat */
+   case 566: {
+   struct fhlinkat_args *p = params;
+   uarg[0] = (intptr_t) p->fhp; /* struct fhandle * */
+   iarg[1] = p->tofd; /* int */
+   uarg[2] = (intptr_t) p->to; /* const 

svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 15:17:29 2018
New Revision: 341689
URL: https://svnweb.freebsd.org/changeset/base/341689

Log:
  Add new file handle system calls.
  
  Namely, getfhat(2), fhlink(2), fhlinkat(2), fhreadlink(2).  The
  syscalls are provided for a NFS userspace server (nfs-ganesha).
  
  Submitted by: Jack Halford 
  Sponsored by: Gandi.net
  Tested by:pho
  Feedback from:brooks, markj
  MFC after:1 week
  Differential revision:https://reviews.freebsd.org/D18359

Added:
  head/lib/libc/sys/fhlink.2   (contents, props changed)
  head/lib/libc/sys/fhreadlink.2   (contents, props changed)
Modified:
  head/lib/libc/sys/Makefile.inc
  head/lib/libc/sys/Symbol.map
  head/lib/libc/sys/getfh.2
  head/sys/compat/freebsd32/syscalls.master
  head/sys/kern/syscalls.master
  head/sys/kern/vfs_syscalls.c
  head/sys/sys/mount.h

Modified: head/lib/libc/sys/Makefile.inc
==
--- head/lib/libc/sys/Makefile.inc  Fri Dec  7 14:45:28 2018
(r341688)
+++ head/lib/libc/sys/Makefile.inc  Fri Dec  7 15:17:29 2018
(r341689)
@@ -184,7 +184,9 @@ MAN+=   abort2.2 \
extattr_get_file.2 \
fcntl.2 \
ffclock.2 \
+   fhlink.2 \
fhopen.2 \
+   fhreadlink.2 \
flock.2 \
fork.2 \
fsync.2 \
@@ -395,7 +397,8 @@ MLINKS+=ffclock.2 ffclock_getcounter.2 \
 MLINKS+=fhopen.2 fhstat.2 fhopen.2 fhstatfs.2
 MLINKS+=fsync.2 fdatasync.2
 MLINKS+=getdirentries.2 getdents.2
-MLINKS+=getfh.2 lgetfh.2
+MLINKS+=getfh.2 lgetfh.2 \
+   getfh.2 getfhat.2
 MLINKS+=getgid.2 getegid.2
 MLINKS+=getitimer.2 setitimer.2
 MLINKS+=getlogin.2 getlogin_r.3

Modified: head/lib/libc/sys/Symbol.map
==
--- head/lib/libc/sys/Symbol.mapFri Dec  7 14:45:28 2018
(r341688)
+++ head/lib/libc/sys/Symbol.mapFri Dec  7 15:17:29 2018
(r341689)
@@ -401,6 +401,13 @@ FBSD_1.5 {
cpuset_setdomain;
 };
 
+FBSD_1.6 {
+   fhlink;
+   fhlinkat;
+   fhreadlink;
+   getfhat;
+};
+
 FBSDprivate_1.0 {
___acl_aclcheck_fd;
__sys___acl_aclcheck_fd;

Added: head/lib/libc/sys/fhlink.2
==
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ head/lib/libc/sys/fhlink.2  Fri Dec  7 15:17:29 2018(r341689)
@@ -0,0 +1,268 @@
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright (c) 2018 Gandi
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"notice, this list of conditions and the following disclaimer in the
+.\"documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd November 29, 2018
+.Dt FHLINK 2
+.Os
+.Sh NAME
+.Nm fhlink ,
+.Nm fhlinkat
+.Nd make a hard file link
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In unistd.h
+.Ft int
+.Fn fhlink "fhandle_t *fhp" "const char *to"
+.Ft int
+.Fn fhlinkat "fhandle_t *fhp" "int tofd" "const char *to"
+.Fc
+.Sh DESCRIPTION
+The
+.Fn fhlink
+system call
+atomically creates the specified directory entry (hard link)
+.Fa to
+with the attributes of the underlying object pointed at by
+.Fa fhp .
+If the link is successful: the link count of the underlying object
+is incremented;
+.Fa fhp
+and
+.Fa to
+share equal access and rights
+to the
+underlying object.
+.Pp
+If
+.Fa fhp
+is removed, the file
+.Fa to
+is not deleted and the link count of the
+underlying object is
+decremented.
+.Pp
+The object pointed at by the
+.Fa fhp
+argument
+must exist for the hard link to
+succeed and
+both
+.Fa fhp
+and
+.Fa to
+must be in the same file system.
+The
+.Fa fhp
+argument
+may not be a directory.
+.Pp
+The
+.Fn fhlinkat
+system call is equivalent to
+.Fa fhlink
+except in 

svn commit: r341688 - stable/12/sys/kern

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 14:45:28 2018
New Revision: 341688
URL: https://svnweb.freebsd.org/changeset/base/341688

Log:
  MFC r340864:
  Parse FreeBSD Feature Control note on the ELF image activation.

Modified:
  stable/12/sys/kern/imgact_elf.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/kern/imgact_elf.c
==
--- stable/12/sys/kern/imgact_elf.c Fri Dec  7 14:25:46 2018
(r341687)
+++ stable/12/sys/kern/imgact_elf.c Fri Dec  7 14:45:28 2018
(r341688)
@@ -88,7 +88,7 @@ __FBSDID("$FreeBSD$");
 
 static int __elfN(check_header)(const Elf_Ehdr *hdr);
 static Elf_Brandinfo *__elfN(get_brandinfo)(struct image_params *imgp,
-const char *interp, int interp_name_len, int32_t *osrel);
+const char *interp, int interp_name_len, int32_t *osrel, uint32_t *fctl0);
 static int __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
 u_long *entry, size_t pagesize);
 static int __elfN(load_section)(struct image_params *imgp, vm_ooffset_t offset,
@@ -99,7 +99,7 @@ static bool __elfN(freebsd_trans_osrel)(const Elf_Note
 int32_t *osrel);
 static bool kfreebsd_trans_osrel(const Elf_Note *note, int32_t *osrel);
 static boolean_t __elfN(check_note)(struct image_params *imgp,
-Elf_Brandnote *checknote, int32_t *osrel);
+Elf_Brandnote *checknote, int32_t *osrel, uint32_t *fctl0);
 static vm_prot_t __elfN(trans_prot)(Elf_Word);
 static Elf_Word __elfN(untrans_prot)(vm_prot_t);
 
@@ -255,7 +255,7 @@ __elfN(brand_inuse)(Elf_Brandinfo *entry)
 
 static Elf_Brandinfo *
 __elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
-int interp_name_len, int32_t *osrel)
+int interp_name_len, int32_t *osrel, uint32_t *fctl0)
 {
const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
Elf_Brandinfo *bi, *bi_m;
@@ -279,7 +279,8 @@ __elfN(get_brandinfo)(struct image_params *imgp, const
continue;
if (hdr->e_machine == bi->machine && (bi->flags &
(BI_BRAND_NOTE|BI_BRAND_NOTE_MANDATORY)) != 0) {
-   ret = __elfN(check_note)(imgp, bi->brand_note, osrel);
+   ret = __elfN(check_note)(imgp, bi->brand_note, osrel,
+   fctl0);
/* Give brand a chance to veto check_note's guess */
if (ret && bi->header_supported)
ret = bi->header_supported(imgp);
@@ -788,6 +789,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *i
vm_prot_t prot;
u_long text_size, data_size, total_size, text_addr, data_addr;
u_long seg_size, seg_addr, addr, baddr, et_dyn_addr, entry, proghdr;
+   uint32_t fctl0;
int32_t osrel;
int error, i, n, interp_name_len, have_interp;
 
@@ -823,6 +825,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *i
n = error = 0;
baddr = 0;
osrel = 0;
+   fctl0 = 0;
text_size = data_size = total_size = text_addr = data_addr = 0;
entry = proghdr = 0;
interp_name_len = 0;
@@ -888,7 +891,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *i
}
 
brand_info = __elfN(get_brandinfo)(imgp, interp, interp_name_len,
-   );
+   , );
if (brand_info == NULL) {
uprintf("ELF binary type \"%u\" not known.\n",
hdr->e_ident[EI_OSABI]);
@@ -1091,6 +1094,7 @@ __CONCAT(exec_, __elfN(imgact))(struct image_params *i
imgp->interpreted = 0;
imgp->reloc_base = addr;
imgp->proc->p_osrel = osrel;
+   imgp->proc->p_fctl0 = fctl0;
imgp->proc->p_elf_machine = hdr->e_machine;
imgp->proc->p_elf_flags = hdr->e_flags;
 
@@ -2427,29 +2431,64 @@ brandnote_cb(const Elf_Note *note, void *arg0, boolean
return (TRUE);
 }
 
+static Elf_Note fctl_note = {
+   .n_namesz = sizeof(FREEBSD_ABI_VENDOR),
+   .n_descsz = sizeof(uint32_t),
+   .n_type = NT_FREEBSD_FEATURE_CTL,
+};
+
+struct fctl_cb_arg {
+   uint32_t *fctl0;
+};
+
+static boolean_t
+note_fctl_cb(const Elf_Note *note, void *arg0, boolean_t *res)
+{
+   struct fctl_cb_arg *arg;
+   const Elf32_Word *desc;
+   uintptr_t p;
+
+   arg = arg0;
+   p = (uintptr_t)(note + 1);
+   p += roundup2(note->n_namesz, ELF_NOTE_ROUNDSIZE);
+   desc = (const Elf32_Word *)p;
+   *arg->fctl0 = desc[0];
+   return (TRUE);
+}
+
 /*
- * Try to find the appropriate ABI-note section for checknote,
- * fetch the osreldate for binary from the ELF OSABI-note. Only the
- * first page of the image is searched, the same as for headers.
+ * Try to find the appropriate ABI-note section for checknote, fetch
+ * the osreldate and feature control flags for binary from the ELF
+ * OSABI-note.  Only the first page of the image is searched, the same
+ * as for headers.
  */
 static 

svn commit: r341687 - stable/12/libexec/rtld-elf

[Konstantin Belousov]

Author: kib
Date: Fri Dec  7 14:25:46 2018
New Revision: 341687
URL: https://svnweb.freebsd.org/changeset/base/341687

Log:
  MFC r340858:
  rtld: parse FreeBSD Feature Control note on the object load.

Modified:
  stable/12/libexec/rtld-elf/rtld.c
  stable/12/libexec/rtld-elf/rtld.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/libexec/rtld-elf/rtld.c
==
--- stable/12/libexec/rtld-elf/rtld.c   Fri Dec  7 13:53:29 2018
(r341686)
+++ stable/12/libexec/rtld-elf/rtld.c   Fri Dec  7 14:25:46 2018
(r341687)
@@ -1453,6 +1453,7 @@ digest_notes(Obj_Entry *obj, Elf_Addr note_start, Elf_
note->n_descsz != sizeof(int32_t))
continue;
if (note->n_type != NT_FREEBSD_ABI_TAG &&
+   note->n_type != NT_FREEBSD_FEATURE_CTL &&
note->n_type != NT_FREEBSD_NOINIT_TAG)
continue;
note_name = (const char *)(note + 1);
@@ -1466,6 +1467,13 @@ digest_notes(Obj_Entry *obj, Elf_Addr note_start, Elf_
p += roundup2(note->n_namesz, sizeof(Elf32_Addr));
obj->osrel = *(const int32_t *)(p);
dbg("note osrel %d", obj->osrel);
+   break;
+   case NT_FREEBSD_FEATURE_CTL:
+   /* FreeBSD ABI feature control note */
+   p = (uintptr_t)(note + 1);
+   p += roundup2(note->n_namesz, sizeof(Elf32_Addr));
+   obj->fctl0 = *(const uint32_t *)(p);
+   dbg("note fctl0 %#x", obj->fctl0);
break;
case NT_FREEBSD_NOINIT_TAG:
/* FreeBSD 'crt does not call init' note */

Modified: stable/12/libexec/rtld-elf/rtld.h
==
--- stable/12/libexec/rtld-elf/rtld.h   Fri Dec  7 13:53:29 2018
(r341686)
+++ stable/12/libexec/rtld-elf/rtld.h   Fri Dec  7 14:25:46 2018
(r341687)
@@ -236,6 +236,7 @@ typedef struct Struct_Obj_Entry {
 int fini_array_num;/* Number of entries in fini_array */
 
 int32_t osrel; /* OSREL note value */
+uint32_t fctl0;/* FEATURE_CONTROL note desc[0] value */
 
 bool mainprog : 1; /* True if this is the main program */
 bool rtld : 1; /* True if this is the dynamic linker */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341686 - in stable/12: contrib/elftoolchain/readelf sys/sys

[Ed Maste]

Author: emaste
Date: Fri Dec  7 13:53:29 2018
New Revision: 341686
URL: https://svnweb.freebsd.org/changeset/base/341686

Log:
  MFC r340076: Define NT_FREEBSD_FEATURE_CTL ELF note type
  
  This ELF note will be used to allow binaries to opt out of, or in to,
  upcoming vulnerability mitigation and other features.

Modified:
  stable/12/contrib/elftoolchain/readelf/readelf.c
  stable/12/sys/sys/elf_common.h
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/contrib/elftoolchain/readelf/readelf.c
==
--- stable/12/contrib/elftoolchain/readelf/readelf.cFri Dec  7 12:32:25 
2018(r341685)
+++ stable/12/contrib/elftoolchain/readelf/readelf.cFri Dec  7 13:53:29 
2018(r341686)
@@ -1121,6 +1121,7 @@ note_type_freebsd(unsigned int nt)
case 1: return "NT_FREEBSD_ABI_TAG";
case 2: return "NT_FREEBSD_NOINIT_TAG";
case 3: return "NT_FREEBSD_ARCH_TAG";
+   case 4: return "NT_FREEBSD_FEATURE_CTL";
default: return (note_type_unknown(nt));
}
 }

Modified: stable/12/sys/sys/elf_common.h
==
--- stable/12/sys/sys/elf_common.h  Fri Dec  7 12:32:25 2018
(r341685)
+++ stable/12/sys/sys/elf_common.h  Fri Dec  7 13:53:29 2018
(r341686)
@@ -759,6 +759,7 @@ typedef struct {
 #defineNT_FREEBSD_ABI_TAG  1
 #defineNT_FREEBSD_NOINIT_TAG   2
 #defineNT_FREEBSD_ARCH_TAG 3
+#defineNT_FREEBSD_FEATURE_CTL  4
 
 /* Values for n_type.  Used in core files. */
 #defineNT_PRSTATUS 1   /* Process status. */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341685 - head/sys/kern

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 12:32:25 2018
New Revision: 341685
URL: https://svnweb.freebsd.org/changeset/base/341685

Log:
  proc: when exiting move to zombproc before taking proctree
  
  The kernel was already doing this prior to r329615. It was changed
  to reduce contention on allproc. However, introduction of pidhash
  locks and removal of proctree -> allproc ordering from fork thanks
  to bitmaps fixed things enough to make this change pessimal.
  
  waitpid takes proctree on each call and this change (now) causes
  avoidable stalls if allproc is held.
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_exit.c

Modified: head/sys/kern/kern_exit.c
==
--- head/sys/kern/kern_exit.c   Fri Dec  7 12:22:32 2018(r341684)
+++ head/sys/kern/kern_exit.c   Fri Dec  7 12:32:25 2018(r341685)
@@ -448,7 +448,6 @@ exit1(struct thread *td, int rval, int signo)
 
WITNESS_WARN(WARN_PANIC, NULL, "process (pid %d) exiting", p->p_pid);
 
-   sx_xlock(_lock);
/*
 * Move proc from allproc queue to zombproc.
 */
@@ -458,6 +457,8 @@ exit1(struct thread *td, int rval, int signo)
LIST_INSERT_HEAD(, p, p_list);
sx_xunlock(_lock);
sx_xunlock(_lock);
+
+   sx_xlock(_lock);
 
/*
 * Reparent all children processes:
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341684 - in head/sys: kern sys

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 12:22:32 2018
New Revision: 341684
URL: https://svnweb.freebsd.org/changeset/base/341684

Log:
  Manage process-related IDs with bitmaps
  
  Currently unique pid allocation on fork often requires a full walk of
  process, group, session lists to make sure it is not used by anything.
  This has a side effect of requiring proctree to be held along with allproc,
  which adds more contention in poudriere -j 128.
  
  The patch below implements trivial bitmaps which gets rid of the problem.
  Dedicated lock is introduced to manage IDs.
  
  While here a bug was discovered: all processes would inherit reap id from
  the first process spawned by init. This had a side effect of keeping the
  ID used and when allocation rolls over to the beginning it keeps being
  skipped.
  
  The patch is loosely based on initial work by mjoras@.
  
  Reviewed by:  kib
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_exit.c
  head/sys/kern/kern_fork.c
  head/sys/kern/kern_proc.c
  head/sys/sys/proc.h

Modified: head/sys/kern/kern_exit.c
==
--- head/sys/kern/kern_exit.c   Fri Dec  7 12:06:03 2018(r341683)
+++ head/sys/kern/kern_exit.c   Fri Dec  7 12:22:32 2018(r341684)
@@ -148,6 +148,27 @@ reaper_abandon_children(struct proc *p, bool exiting)
 }
 
 static void
+reaper_clear(struct proc *p)
+{
+   struct proc *p1;
+   bool clear;
+
+   sx_assert(_lock, SX_LOCKED);
+   LIST_REMOVE(p, p_reapsibling);
+   if (p->p_reapsubtree == 1)
+   return;
+   clear = true;
+   LIST_FOREACH(p1, >p_reaper->p_reaplist, p_reapsibling) {
+   if (p1->p_reapsubtree == p->p_reapsubtree) {
+   clear = false;
+   break;
+   }
+   }
+   if (clear)
+   proc_id_clear(PROC_ID_REAP, p->p_reapsubtree);
+}
+
+static void
 clear_orphan(struct proc *p)
 {
struct proc *p1;
@@ -881,7 +902,8 @@ proc_reap(struct thread *td, struct proc *p, int *stat
sx_xunlock(PIDHASHLOCK(p->p_pid));
LIST_REMOVE(p, p_sibling);
reaper_abandon_children(p, true);
-   LIST_REMOVE(p, p_reapsibling);
+   reaper_clear(p);
+   proc_id_clear(PROC_ID_PID, p->p_pid);
PROC_LOCK(p);
clear_orphan(p);
PROC_UNLOCK(p);

Modified: head/sys/kern/kern_fork.c
==
--- head/sys/kern/kern_fork.c   Fri Dec  7 12:06:03 2018(r341683)
+++ head/sys/kern/kern_fork.c   Fri Dec  7 12:22:32 2018(r341684)
@@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -232,22 +233,18 @@ sysctl_kern_randompid(SYSCTL_HANDLER_ARGS)
 SYSCTL_PROC(_kern, OID_AUTO, randompid, CTLTYPE_INT|CTLFLAG_RW,
 0, 0, sysctl_kern_randompid, "I", "Random PID modulus. Special values: 0: 
disable, 1: choose random value");
 
+extern bitstr_t proc_id_pidmap;
+extern bitstr_t proc_id_grpidmap;
+extern bitstr_t proc_id_sessidmap;
+extern bitstr_t proc_id_reapmap;
+
 static int
 fork_findpid(int flags)
 {
-   struct proc *p;
+   pid_t result;
int trypid;
-   static int pidchecked = 0;
-   bool locked_zomb = false;
 
/*
-* Requires allproc_lock in order to iterate over the list
-* of processes, and proctree_lock to access p_pgrp.
-*/
-   sx_assert(_lock, SX_LOCKED);
-   sx_assert(_lock, SX_LOCKED);
-
-   /*
 * Find an unused process ID.  We remember a range of unused IDs
 * ready to use (from lastpid+1 through pidchecked-1).
 *
@@ -262,6 +259,7 @@ fork_findpid(int flags)
if (randompid)
trypid += arc4random() % randompid;
}
+   mtx_lock(_lock);
 retry:
/*
 * If the process ID prototype has wrapped around,
@@ -272,74 +270,28 @@ retry:
trypid = trypid % pid_max;
if (trypid < 100)
trypid += 100;
-   pidchecked = 0;
}
-   if (trypid >= pidchecked) {
-   int doingzomb = 0;
 
-   pidchecked = PID_MAX;
-   /*
-* Scan the active and zombie procs to check whether this pid
-* is in use.  Remember the lowest pid that's greater
-* than trypid, so we can avoid checking for a while.
-*
-* Avoid reuse of the process group id, session id or
-* the reaper subtree id.  Note that for process group
-* and sessions, the amount of reserved pids is
-* limited by process limit.  For the subtree ids, the
-* id is kept reserved only while there is a
-* non-reaped process in the subtree, so amount of
-* reserved pids is limited by process limit times
-   

svn commit: r341683 - in head/sys: kern sys

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 12:06:03 2018
New Revision: 341683
URL: https://svnweb.freebsd.org/changeset/base/341683

Log:
  Annotate Giant drop/pickup macros with __predict_false
  
  They are used in important places of the kernel with the lock not being held
  majority of the time.
  
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/kern/kern_lock.c
  head/sys/sys/mutex.h

Modified: head/sys/kern/kern_lock.c
==
--- head/sys/kern/kern_lock.c   Fri Dec  7 12:05:11 2018(r341682)
+++ head/sys/kern/kern_lock.c   Fri Dec  7 12:06:03 2018(r341683)
@@ -96,14 +96,14 @@ CTASSERT(LK_UNLOCKED == (LK_UNLOCKED &
int _i = 0; \
WITNESS_SAVE_DECL(Giant)
 #defineGIANT_RESTORE() do {
\
-   if (_i > 0) {   \
+   if (__predict_false(_i > 0)) {  \
while (_i--)\
mtx_lock();   \
WITNESS_RESTORE(_object, Giant); \
}   \
 } while (0)
 #defineGIANT_SAVE() do {   
\
-   if (mtx_owned()) {\
+   if (__predict_false(mtx_owned())) {   \
WITNESS_SAVE(_object, Giant);\
while (mtx_owned()) { \
_i++;   \

Modified: head/sys/sys/mutex.h
==
--- head/sys/sys/mutex.hFri Dec  7 12:05:11 2018(r341682)
+++ head/sys/sys/mutex.hFri Dec  7 12:06:03 2018(r341683)
@@ -496,7 +496,7 @@ do {
\
int _giantcnt = 0;  \
WITNESS_SAVE_DECL(Giant);   \
\
-   if (mtx_owned()) {\
+   if (__predict_false(mtx_owned())) {   \
WITNESS_SAVE(_object, Giant);\
for (_giantcnt = 0; mtx_owned() &&\
!SCHEDULER_STOPPED(); _giantcnt++)  \
@@ -509,7 +509,7 @@ do {
\
 
 #define PARTIAL_PICKUP_GIANT() \
mtx_assert(, MA_NOTOWNED);\
-   if (_giantcnt > 0) {\
+   if (__predict_false(_giantcnt > 0)) {   \
while (_giantcnt--) \
mtx_lock();   \
WITNESS_RESTORE(_object, Giant); \
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341682 - head/sys/sys

[Mateusz Guzik]

Author: mjg
Date: Fri Dec  7 12:05:11 2018
New Revision: 341682
URL: https://svnweb.freebsd.org/changeset/base/341682

Log:
  unr64: use locked variant if not __LP64__
  
  The current ifdefs are not sufficient to distinguish 32- and 64- bit
  variants, which results e.g. in powerpc64 not using atomics.
  
  While some 32-bit archs provide 64-bit atomics, there is no huge advantage
  of using them on these platforms.
  
  Reported by:  many
  Suggested by: jhb
  Sponsored by: The FreeBSD Foundation

Modified:
  head/sys/sys/systm.h

Modified: head/sys/sys/systm.h
==
--- head/sys/sys/systm.hFri Dec  7 12:02:31 2018(r341681)
+++ head/sys/sys/systm.hFri Dec  7 12:05:11 2018(r341682)
@@ -523,7 +523,7 @@ int alloc_unr_specific(struct unrhdr *uh, u_int item);
 int alloc_unrl(struct unrhdr *uh);
 void free_unr(struct unrhdr *uh, u_int item);
 
-#if defined(__mips__) || defined(__powerpc__)
+#ifndef __LP64__
 #define UNR64_LOCKED
 #endif
 
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341681 - head/sys/cam/scsi

[Andriy Gapon]

Author: avg
Date: Fri Dec  7 12:02:31 2018
New Revision: 341681
URL: https://svnweb.freebsd.org/changeset/base/341681

Log:
  daprobedone: announce if a disk is write-protected
  
  MFC after:2 weeks

Modified:
  head/sys/cam/scsi/scsi_da.c

Modified: head/sys/cam/scsi/scsi_da.c
==
--- head/sys/cam/scsi/scsi_da.c Fri Dec  7 11:47:42 2018(r341680)
+++ head/sys/cam/scsi/scsi_da.c Fri Dec  7 12:02:31 2018(r341681)
@@ -2472,6 +2472,11 @@ daprobedone(struct cam_periph *periph, union ccb *ccb)
printf("%s%d: %s\n", periph->periph_name,
periph->unit_number, buf);
}
+   if ((softc->disk->d_flags & DISKFLAG_WRITE_PROTECT) != 0 &&
+   (softc->flags & DA_FLAG_ANNOUNCED) == 0) {
+   printf("%s%d: Write Protected\n", periph->periph_name,
+   periph->unit_number);
+   }
 
/*
 * Since our peripheral may be invalidated by an error
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341680 - head/sys/dev/netmap

[Vincenzo Maffione]

Author: vmaffione
Date: Fri Dec  7 11:47:42 2018
New Revision: 341680
URL: https://svnweb.freebsd.org/changeset/base/341680

Log:
  netmap: remove dead code obsoleted by iflib
  
  The iflib subsystem implements netmap support in a driver-independent
  way (sys/net/iflib.c). We can therefore remove the headers that
  used to implement netmap support for all the drivers now supported
  by iflib (em, igb, ixl, ixgbe, lem).
  
  MFC after:1 week

Deleted:
  head/sys/dev/netmap/if_em_netmap.h
  head/sys/dev/netmap/if_igb_netmap.h
  head/sys/dev/netmap/if_ixl_netmap.h
  head/sys/dev/netmap/if_lem_netmap.h
  head/sys/dev/netmap/ixgbe_netmap.h
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341679 - head/sys/arm/include

[Michal Meloun]

Author: mmel
Date: Fri Dec  7 11:10:27 2018
New Revision: 341679
URL: https://svnweb.freebsd.org/changeset/base/341679

Log:
  Fix cut typo in atomic_fetchadd_64().
  
  Reported by:  Jia-Shiun Li 
  MFC after:1 week

Modified:
  head/sys/arm/include/atomic-v6.h

Modified: head/sys/arm/include/atomic-v6.h
==
--- head/sys/arm/include/atomic-v6.hFri Dec  7 09:39:37 2018
(r341678)
+++ head/sys/arm/include/atomic-v6.hFri Dec  7 11:10:27 2018
(r341679)
@@ -435,7 +435,7 @@ atomic_fetchadd_64(volatile uint64_t *p, uint64_t val)
 
__asm __volatile(
"1: \n"
-   "   ldrexd  %Q[tmp], %R[tmp], [%[ptr]]  \n"
+   "   ldrexd  %Q[ret], %R[ret], [%[ptr]]  \n"
"   adds%Q[tmp], %Q[ret], %Q[val]   \n"
"   adc %R[tmp], %R[ret], %R[val]   \n"
"   strexd  %[exf], %Q[tmp], %R[tmp], [%[ptr]]  \n"
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341678 - stable/11/sys/net

[Andrey V. Elsukov]

Author: ae
Date: Fri Dec  7 09:39:37 2018
New Revision: 341678
URL: https://svnweb.freebsd.org/changeset/base/341678

Log:
  MFC r341008:
Fix possible panic during ifnet detach in rtsock.
  
The panic can happen, when some application does dump of routing table
using sysctl interface. To prevent this, set IFF_DYING flag in
if_detach_internal() function, when ifnet under lock is removed from
the chain. In sysctl_rtsock() take IFNET_RLOCK_NOSLEEP() to prevent
ifnet detach during routes enumeration. In case, if some interface was
detached in the time before we take the lock, add the check, that ifnet
is not DYING. This prevents access to memory that could be freed after
ifnet is unlinked.
  
Differential Revision:  https://reviews.freebsd.org/D18338

Modified:
  stable/11/sys/net/if.c
  stable/11/sys/net/rtsock.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/net/if.c
==
--- stable/11/sys/net/if.c  Fri Dec  7 09:38:25 2018(r341677)
+++ stable/11/sys/net/if.c  Fri Dec  7 09:39:37 2018(r341678)
@@ -1031,6 +1031,8 @@ if_detach_internal(struct ifnet *ifp, int vmove, struc
TAILQ_FOREACH(iter, _ifnet, if_link)
if (iter == ifp) {
TAILQ_REMOVE(_ifnet, ifp, if_link);
+   if (!vmove)
+   ifp->if_flags |= IFF_DYING;
found = 1;
break;
}

Modified: stable/11/sys/net/rtsock.c
==
--- stable/11/sys/net/rtsock.c  Fri Dec  7 09:38:25 2018(r341677)
+++ stable/11/sys/net/rtsock.c  Fri Dec  7 09:39:37 2018(r341678)
@@ -1548,6 +1548,8 @@ sysctl_dumpentry(struct radix_node *rn, void *vw)
struct rt_addrinfo info;
struct sockaddr_storage ss;
 
+   IFNET_RLOCK_NOSLEEP_ASSERT();
+
if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
return 0;
if ((rt->rt_flags & RTF_HOST) == 0
@@ -1560,7 +1562,7 @@ sysctl_dumpentry(struct radix_node *rn, void *vw)
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(rt_key(rt),
rt_mask(rt), );
info.rti_info[RTAX_GENMASK] = 0;
-   if (rt->rt_ifp) {
+   if (rt->rt_ifp && !(rt->rt_ifp->if_flags & IFF_DYING)) {
info.rti_info[RTAX_IFP] = rt->rt_ifp->if_addr->ifa_addr;
info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
if (rt->rt_ifp->if_flags & IFF_POINTOPOINT)
@@ -1925,8 +1927,10 @@ sysctl_rtsock(SYSCTL_HANDLER_ARGS)
rnh = rt_tables_get_rnh(fib, i);
if (rnh != NULL) {
RIB_RLOCK(rnh); 
+   IFNET_RLOCK_NOSLEEP();
error = rnh->rnh_walktree(>head,
sysctl_dumpentry, );
+   IFNET_RUNLOCK_NOSLEEP();
RIB_RUNLOCK(rnh);
} else if (af != 0)
error = EAFNOSUPPORT;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r341677 - stable/12/sys/net

[Andrey V. Elsukov]

Author: ae
Date: Fri Dec  7 09:38:25 2018
New Revision: 341677
URL: https://svnweb.freebsd.org/changeset/base/341677

Log:
  MFC r341008:
Fix possible panic during ifnet detach in rtsock.
  
The panic can happen, when some application does dump of routing table
using sysctl interface. To prevent this, set IFF_DYING flag in
if_detach_internal() function, when ifnet under lock is removed from
the chain. In sysctl_rtsock() take IFNET_RLOCK_NOSLEEP() to prevent
ifnet detach during routes enumeration. In case, if some interface was
detached in the time before we take the lock, add the check, that ifnet
is not DYING. This prevents access to memory that could be freed after
ifnet is unlinked.
  
Differential Revision:  https://reviews.freebsd.org/D18338
  
  MFC r341334:
Adapt the fix in r341008 to correctly work with EBR.
  
IFNET_RLOCK_NOSLEEP() is epoch_enter_preempt() in FreeBSD 12+. Holding
it in sysctl_rtsock() doesn't protect us from ifnet unlinking, because
unlinking occurs with IFNET_WLOCK(), that is rw_wlock+sx_xlock, and it
doesn check that concurrent code is running in epoch section. But while
we are in epoch section, we should be able to do access to ifnet's
fields, even it was unlinked. Thus do not change if_addr and if_hw_addr
fields in ifnet_detach_internal() to NULL, since rtsock code can do
access to these fields and this is allowed while it is running in epoch
section.
  
This should fix the race, when ifnet_detach_internal() unlinks ifnet
after we checked it for IFF_DYING in sysctl_dumpentry.
  
Move free(ifp->if_hw_addr) into ifnet_free_internal(). Also remove the
NULL check for ifp->if_description, since free(9) can correctly handle
NULL pointer.

Modified:
  stable/12/sys/net/if.c
  stable/12/sys/net/rtsock.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/net/if.c
==
--- stable/12/sys/net/if.c  Fri Dec  7 03:43:34 2018(r341676)
+++ stable/12/sys/net/if.c  Fri Dec  7 09:38:25 2018(r341677)
@@ -597,8 +597,6 @@ if_free_internal(struct ifnet *ifp)
 #ifdef MAC
mac_ifnet_destroy(ifp);
 #endif /* MAC */
-   if (ifp->if_description != NULL)
-   free(ifp->if_description, M_IFDESCR);
IF_AFDATA_DESTROY(ifp);
IF_ADDR_LOCK_DESTROY(ifp);
ifq_delete(>if_snd);
@@ -606,6 +604,8 @@ if_free_internal(struct ifnet *ifp)
for (int i = 0; i < IFCOUNTERS; i++)
counter_u64_free(ifp->if_counters[i]);
 
+   free(ifp->if_description, M_IFDESCR);
+   free(ifp->if_hw_addr, M_IFADDR);
free(ifp, M_IFNET);
 }
 
@@ -1068,6 +1068,8 @@ if_detach_internal(struct ifnet *ifp, int vmove, struc
CK_STAILQ_FOREACH(iter, _ifnet, if_link)
if (iter == ifp) {
CK_STAILQ_REMOVE(_ifnet, ifp, ifnet, if_link);
+   if (!vmove)
+   ifp->if_flags |= IFF_DYING;
found = 1;
break;
}
@@ -1182,14 +1184,8 @@ if_detach_internal(struct ifnet *ifp, int vmove, struc
if_dead(ifp);
 
/*
-* Remove link ifaddr pointer and maybe decrement if_index.
 * Clean up all addresses.
 */
-   free(ifp->if_hw_addr, M_IFADDR);
-   ifp->if_hw_addr = NULL;
-   ifp->if_addr = NULL;
-
-   /* We can now free link ifaddr. */
IF_ADDR_WLOCK(ifp);
if (!CK_STAILQ_EMPTY(>if_addrhead)) {
ifa = CK_STAILQ_FIRST(>if_addrhead);

Modified: stable/12/sys/net/rtsock.c
==
--- stable/12/sys/net/rtsock.c  Fri Dec  7 03:43:34 2018(r341676)
+++ stable/12/sys/net/rtsock.c  Fri Dec  7 09:38:25 2018(r341677)
@@ -1559,6 +1559,8 @@ sysctl_dumpentry(struct radix_node *rn, void *vw)
struct rt_addrinfo info;
struct sockaddr_storage ss;
 
+   IFNET_RLOCK_NOSLEEP_ASSERT();
+
if (w->w_op == NET_RT_FLAGS && !(rt->rt_flags & w->w_arg))
return 0;
if ((rt->rt_flags & RTF_HOST) == 0
@@ -1571,7 +1573,7 @@ sysctl_dumpentry(struct radix_node *rn, void *vw)
info.rti_info[RTAX_NETMASK] = rtsock_fix_netmask(rt_key(rt),
rt_mask(rt), );
info.rti_info[RTAX_GENMASK] = 0;
-   if (rt->rt_ifp) {
+   if (rt->rt_ifp && !(rt->rt_ifp->if_flags & IFF_DYING)) {
info.rti_info[RTAX_IFP] = rt->rt_ifp->if_addr->ifa_addr;
info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
if (rt->rt_ifp->if_flags & IFF_POINTOPOINT)
@@ -1934,8 +1936,10 @@ sysctl_rtsock(SYSCTL_HANDLER_ARGS)
rnh = rt_tables_get_rnh(fib, i);
if (rnh