Re: svn commit: r350550 - head/share/mk
In message <20190806165614.ga41...@freebsd.org>, Glen Barber writes: >In my opinion, those that want the non-reproducible metadata included in >output from 'uname -a' should set WITHOUT_REPRODUCIBLE_BUILDS in their >src.conf. Turning off a sane default for the benefit of what I suspect >is likely a short list of use cases feels like a step in the wrong >direction. Seconded. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 p...@freebsd.org | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350671 - head/contrib/elftoolchain/readelf
Author: markj Date: Wed Aug 7 03:14:45 2019 New Revision: 350671 URL: https://svnweb.freebsd.org/changeset/base/350671 Log: readelf: Close input files when done with them. The low fd limit used by poudriere exposed an odd failure mode in cap_fileargs (used by readelf as of r350516). In particular, when the limit was hit, both the main process and casper service would block on their shared socket, waiting forever for the other to send a message. Reported by: zeising MFC after:3 days Sponsored by: The FreeBSD Foundation Modified: head/contrib/elftoolchain/readelf/readelf.c Modified: head/contrib/elftoolchain/readelf/readelf.c == --- head/contrib/elftoolchain/readelf/readelf.c Wed Aug 7 01:41:17 2019 (r350670) +++ head/contrib/elftoolchain/readelf/readelf.c Wed Aug 7 03:14:45 2019 (r350671) @@ -7732,10 +7732,12 @@ main(int argc, char **argv) for (i = 0; i < argc; i++) { re->filename = argv[i]; fd = fileargs_open(fa, re->filename); - if (fd < 0) + if (fd < 0) { warn("open %s failed", re->filename); - else + } else { dump_object(re, fd); + close(fd); + } } exit(EXIT_SUCCESS); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350670 - in head/sys: conf contrib/zlib dev/zlib modules/crypto modules/mxge/mxge modules/zfs modules/zlib
Author: delphij Date: Wed Aug 7 01:41:17 2019 New Revision: 350670 URL: https://svnweb.freebsd.org/changeset/base/350670 Log: Expose zlib's utility functions in Z_SOLO library when building kernel. This allows kernel code to reuse zlib's implementation. PR: 229763 Reviewed by: Yoshihiro Ota Relnotes: yes Differential Revision:https://reviews.freebsd.org/D21156 Modified: head/sys/conf/files head/sys/conf/kern.pre.mk head/sys/conf/kmod.mk head/sys/contrib/zlib/deflate.c head/sys/contrib/zlib/infback.c head/sys/contrib/zlib/inflate.c head/sys/contrib/zlib/zconf.h head/sys/contrib/zlib/zlib.h head/sys/contrib/zlib/zutil.h head/sys/dev/zlib/zcalloc.c head/sys/dev/zlib/zcalloc.h head/sys/modules/crypto/Makefile head/sys/modules/mxge/mxge/Makefile head/sys/modules/zfs/Makefile head/sys/modules/zlib/Makefile Modified: head/sys/conf/files == --- head/sys/conf/files Wed Aug 7 01:34:41 2019(r350669) +++ head/sys/conf/files Wed Aug 7 01:41:17 2019(r350670) @@ -273,7 +273,7 @@ cddl/contrib/opensolaris/uts/common/os/callb.c opti cddl/contrib/opensolaris/uts/common/os/fm.c optional zfs compile-with "${ZFS_C}" cddl/contrib/opensolaris/uts/common/os/list.c optional zfs compile-with "${ZFS_C}" cddl/contrib/opensolaris/uts/common/os/nvpair_alloc_system.c optional zfs compile-with "${ZFS_C}" -cddl/contrib/opensolaris/uts/common/zmod/zmod.c optional zfs compile-with "${ZFS_C} ${ZLIB_CFLAGS}" +cddl/contrib/opensolaris/uts/common/zmod/zmod.c optional zfs compile-with "${ZFS_C}" # zfs lua support cddl/contrib/opensolaris/uts/common/fs/zfs/lua/lapi.c optional zfs compile-with "${ZFS_C}" cddl/contrib/opensolaris/uts/common/fs/zfs/lua/lauxlib.c optional zfs compile-with "${ZFS_C}" @@ -2443,8 +2443,7 @@ mwlboot.fwoptional mwlfw \ compile-with"${NORMAL_FW}" \ no-obj no-implicit-rule \ clean "mwlboot.fw" -dev/mxge/if_mxge.c optional mxge pci \ - compile-with "${ZLIB_C}" +dev/mxge/if_mxge.c optional mxge pci dev/mxge/mxge_eth_z8e.coptional mxge pci dev/mxge/mxge_ethp_z8e.c optional mxge pci dev/mxge/mxge_rss_eth_z8e.coptional mxge pci @@ -3999,35 +3998,32 @@ libkern/timingsafe_bcmp.c standard libkern/zlib.c optional crypto | geom_uzip | ipsec | \ ipsec_support | mxge | netgraph_deflate | ddb_ctf | gzio contrib/zlib/adler32.c optional crypto | geom_uzip | ipsec | \ + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib +contrib/zlib/compress.coptional crypto | geom_uzip | ipsec | \ ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + compile-with "${NORMAL_C} -Wno-cast-qual" contrib/zlib/crc32.c optional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C} -Wno-cast-qual" + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib contrib/zlib/deflate.c optional crypto | geom_uzip | ipsec | \ ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C} -Wno-cast-qual" + compile-with "${NORMAL_C} -Wno-cast-qual" contrib/zlib/inffast.c optional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib contrib/zlib/inflate.c optional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib contrib/zlib/inftrees.coptional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib contrib/zlib/trees.c optional crypto | geom_uzip | ipsec | \ + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib +contrib/zlib/uncompr.c optional crypto | geom_uzip | ipsec | \ ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + compile-with "${NORMAL_C} -Wno-cast-qual" contrib/zlib/zutil.c optional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with "${ZLIB_C}" + ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib dev/zlib/zlib_mod.coptional crypto | geom_uzip | ipsec | \ - ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \ - compile-with
svn commit: r350666 - head/usr.bin/netstat
Author: jhb Date: Wed Aug 7 00:53:27 2019 New Revision: 350666 URL: https://svnweb.freebsd.org/changeset/base/350666 Log: Tidy up the list of auth and encryption algorithms for IPsec stats. - Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match the names accepted by setkey and to also avoid confusion since these are not "plain" MD5 or SHA1. - Remove always-true #ifdef's to make the source a bit easier to read. - Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac. MFC after:2 weeks Sponsored by: Chelsio Communications Modified: head/usr.bin/netstat/ipsec.c Modified: head/usr.bin/netstat/ipsec.c == --- head/usr.bin/netstat/ipsec.cWed Aug 7 00:38:26 2019 (r350665) +++ head/usr.bin/netstat/ipsec.cWed Aug 7 00:53:27 2019 (r350666) @@ -125,33 +125,18 @@ static struct val2str ipsec_ahnames[] = { { SADB_AALG_NONE, "none", }, { SADB_AALG_MD5HMAC, "hmac-md5", }, { SADB_AALG_SHA1HMAC, "hmac-sha1", }, - { SADB_X_AALG_MD5, "md5", }, - { SADB_X_AALG_SHA, "sha", }, + { SADB_X_AALG_MD5, "keyed-md5", }, + { SADB_X_AALG_SHA, "keyed-sha1", }, { SADB_X_AALG_NULL, "null", }, -#ifdef SADB_X_AALG_SHA2_256 { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, -#endif -#ifdef SADB_X_AALG_SHA2_384 { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, -#endif -#ifdef SADB_X_AALG_SHA2_512 { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, -#endif -#ifdef SADB_X_AALG_RIPEMD160HMAC { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, -#endif -#ifdef SADB_X_AALG_AES_XCBC_MAC { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, -#endif -#ifdef SADB_X_AALG_AES128GMAC + { SADB_X_AALG_TCP_MD5, "tcp-md5", }, { SADB_X_AALG_AES128GMAC, "aes-gmac-128", }, -#endif -#ifdef SADB_X_AALG_AES192GMAC { SADB_X_AALG_AES192GMAC, "aes-gmac-192", }, -#endif -#ifdef SADB_X_AALG_AES256GMAC { SADB_X_AALG_AES256GMAC, "aes-gmac-256", }, -#endif { -1, NULL }, }; @@ -162,15 +147,11 @@ static struct val2str ipsec_espnames[] = { { SADB_EALG_NULL, "null", }, { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, -#ifdef SADB_X_EALG_RIJNDAELCBC { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, -#endif -#ifdef SADB_X_EALG_AESCTR + { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, { SADB_X_EALG_AESCTR, "aes-ctr", }, -#endif -#ifdef SADB_X_EALG_AESGCM16 { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, -#endif + { SADB_X_EALG_AESGMAC, "aes-gmac", }, { -1, NULL }, }; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r350665 - in head: . etc/mtree sbin/mount_fusefs share/man/man5 sys/fs/fuse sys/sys tests/sys/fs tests/sys/fs/fusefs
-Original Message- From: on behalf of Alan Somers Date: 2019-08-06, Tuesday at 17:38 To: , , Subject: svn commit: r350665 - in head: . etc/mtree sbin/mount_fusefs share/man/man5 sys/fs/fuse sys/sys tests/sys/fs tests/sys/fs/fusefs > Author: asomers > Date: Wed Aug 7 00:38:26 2019 > New Revision: 350665 > URL: https://svnweb.freebsd.org/changeset/base/350665 > > Log: > fusefs: merge from projects/fuse2 Thanks Alan! I've been watching this work with significant interest[*] for quite a while, and am glad this is finally landing. Thanks again, Ravi (rpokala@) [*] or as much interest as anyone who knows ~nothing about filesystems can muster ;-) > This commit imports the new fusefs driver. It raises the protocol level > from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and > adds many new features. New features include: > > * Optional kernel-side permissions checks (-o default_permissions) > * Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK > * Allow interrupting FUSE operations > * Support named pipes and unix-domain sockets in fusefs file systems > * Forward UTIME_NOW during utimensat(2) to the daemon > * kqueue support for /dev/fuse > * Allow updating mounts with "mount -u" > * Allow exporting fusefs file systems over NFS > * Server-initiated invalidation of the name cache or data cache > * Respect RLIMIT_FSIZE > * Try to support servers as old as protocol 7.4 > > Performance enhancements include: > > * Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags > * Cache file attributes > * Cache lookup entries, both positive and negative > * Server-selectable cache modes: writethrough, writeback, or uncached > * Write clustering > * Readahead > * Use counter(9) for statistical reporting > > PR: 199934 216391 233783 234581 235773 235774 235775 > PR: 236226 236231 236236 236291 236329 236381 236405 > PR: 236327 236466 236472 236473 236474 236530 236557 > PR: 236560 236844 237052 237181 237588 238565 > Reviewed by:bcr (man pages) > Reviewed by:cem, ngie, rpokala, glebius, kib, bde, emaste > (post-commit > review on project branch) > MFC after: 3 weeks > Relnotes: yes > Sponsored by: The FreeBSD Foundation > Pull Request: https://reviews.freebsd.org/D21110 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350665 - in head: . etc/mtree sbin/mount_fusefs share/man/man5 sys/fs/fuse sys/sys tests/sys/fs tests/sys/fs/fusefs
Author: asomers Date: Wed Aug 7 00:38:26 2019 New Revision: 350665 URL: https://svnweb.freebsd.org/changeset/base/350665 Log: fusefs: merge from projects/fuse2 This commit imports the new fusefs driver. It raises the protocol level from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and adds many new features. New features include: * Optional kernel-side permissions checks (-o default_permissions) * Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK * Allow interrupting FUSE operations * Support named pipes and unix-domain sockets in fusefs file systems * Forward UTIME_NOW during utimensat(2) to the daemon * kqueue support for /dev/fuse * Allow updating mounts with "mount -u" * Allow exporting fusefs file systems over NFS * Server-initiated invalidation of the name cache or data cache * Respect RLIMIT_FSIZE * Try to support servers as old as protocol 7.4 Performance enhancements include: * Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags * Cache file attributes * Cache lookup entries, both positive and negative * Server-selectable cache modes: writethrough, writeback, or uncached * Write clustering * Readahead * Use counter(9) for statistical reporting PR: 199934 216391 233783 234581 235773 235774 235775 PR: 236226 236231 236236 236291 236329 236381 236405 PR: 236327 236466 236472 236473 236474 236530 236557 PR: 236560 236844 237052 237181 237588 238565 Reviewed by: bcr (man pages) Reviewed by: cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit review on project branch) MFC after:3 weeks Relnotes: yes Sponsored by: The FreeBSD Foundation Pull Request: https://reviews.freebsd.org/D21110 Added: head/tests/sys/fs/fusefs/ - copied from r350621, projects/fuse2/tests/sys/fs/fusefs/ Deleted: head/sys/fs/fuse/fuse_param.h Modified: head/MAINTAINERS (contents, props changed) head/UPDATING head/etc/mtree/BSD.tests.dist head/sbin/mount_fusefs/mount_fusefs.8 head/sbin/mount_fusefs/mount_fusefs.c head/share/man/man5/fusefs.5 head/sys/fs/fuse/fuse.h head/sys/fs/fuse/fuse_device.c head/sys/fs/fuse/fuse_file.c head/sys/fs/fuse/fuse_file.h head/sys/fs/fuse/fuse_internal.c head/sys/fs/fuse/fuse_internal.h head/sys/fs/fuse/fuse_io.c head/sys/fs/fuse/fuse_io.h head/sys/fs/fuse/fuse_ipc.c head/sys/fs/fuse/fuse_ipc.h head/sys/fs/fuse/fuse_kernel.h head/sys/fs/fuse/fuse_main.c head/sys/fs/fuse/fuse_node.c head/sys/fs/fuse/fuse_node.h head/sys/fs/fuse/fuse_vfsops.c head/sys/fs/fuse/fuse_vnops.c head/sys/sys/param.h head/tests/sys/fs/Makefile Directory Properties: head/ (props changed) Modified: head/MAINTAINERS == --- head/MAINTAINERSTue Aug 6 23:22:25 2019(r350664) +++ head/MAINTAINERSWed Aug 7 00:38:26 2019(r350665) @@ -53,6 +53,7 @@ contrib/pjdfstest asomers,ngie,pjd,#test Pre-commit re etc/mail gshapiroPre-commit review requested. Keep in sync with -STABLE. etc/sendmail gshapiroPre-commit review requested. Keep in sync with -STABLE. fetch des Pre-commit review requested, email only. +fusefs(5) asomers Pre-commit review requested. geli pjd Pre-commit review requested (both sys/geom/eli/ and sbin/geom/class/eli/). isci(4)jimharris Pre-commit review requested. iwm(4) adrian Pre-commit review requested, send to freebsd-wirel...@freebsd.org Modified: head/UPDATING == --- head/UPDATING Tue Aug 6 23:22:25 2019(r350664) +++ head/UPDATING Wed Aug 7 00:38:26 2019(r350665) @@ -26,6 +26,18 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20190727: + The vfs.fusefs.sync_unmount and vfs.fusefs.init_backgrounded sysctls + and the "-o sync_unmount" and "-o init_backgrounded" mount options have + been removed from mount_fusefs(8). You can safely remove them from + your scripts, because they had no effect. + + The vfs.fusefs.fix_broken_io, vfs.fusefs.sync_resize, + vfs.fusefs.refresh_size, vfs.fusefs.mmap_enable, + vfs.fusefs.reclaim_revoked, and vfs.fusefs.data_cache_invalidate + sysctls have been removed. If you felt the need to set any of them to + a non-default value, please tell asom...@freebsd.org why. + 20190713: Default permissions on the /var/account/acct file (and copies of it rotated by periodic daily scripts) are changed from 0644 to 0640 Modified: head/etc/mtree/BSD.tests.dist == ---
svn commit: r350664 - head/sys/conf
Author: jhb Date: Tue Aug 6 23:22:25 2019 New Revision: 350664 URL: https://svnweb.freebsd.org/changeset/base/350664 Log: Fix LOCAL_MODULES and improve the make output. The exists() check guarding the invocation of ls was not working correctly as it was expanding '$L' to determine the path of the local modules directory. Fix by using {} around the variable name. Inline some of the logic from bsd.subdir.mk when invoking local module builds. This gives output in 'make buildkernel' the same as if there was a Makefile in /usr/local/sys/modules with SUBDIR = ${LOCAL_MODULES}. Reviewed by: imp Differential Revision:https://reviews.freebsd.org/D20991 Modified: head/sys/conf/kern.post.mk Modified: head/sys/conf/kern.post.mk == --- head/sys/conf/kern.post.mk Tue Aug 6 23:15:34 2019(r350663) +++ head/sys/conf/kern.post.mk Tue Aug 6 23:22:25 2019(r350664) @@ -61,7 +61,7 @@ LOCAL_MODULES_DIR?= ${LOCALBASE}/sys/modules # Default to installing all modules installed by ports unless overridden # by the user. -.if !defined(LOCAL_MODULES) && exists($LOCAL_MODULES_DIR) +.if !defined(LOCAL_MODULES) && exists(${LOCAL_MODULES_DIR}) LOCAL_MODULES!= ls ${LOCAL_MODULES_DIR} .endif .endif @@ -77,7 +77,9 @@ modules-${target}: ${target:S/^reinstall$/install/:S/^clobber$/cleandir/} .endif .for module in ${LOCAL_MODULES} - cd ${LOCAL_MODULES_DIR}/${module}; ${MKMODULESENV} ${MAKE} \ + @${ECHODIR} "===> ${module} (${target:S/^reinstall$/install/:S/^clobber$/cleandir/})" + @cd ${LOCAL_MODULES_DIR}/${module}; ${MKMODULESENV} ${MAKE} \ + DIRPRFX="${module}/" \ ${target:S/^reinstall$/install/:S/^clobber$/cleandir/} .endfor .endif ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350663 - in head/sys: ddb sys vm
Author: jeff Date: Tue Aug 6 23:15:34 2019 New Revision: 350663 URL: https://svnweb.freebsd.org/changeset/base/350663 Log: Cache kernel stacks in UMA. This gives us NUMA support, better concurrency, and more statistics. Reviewed by: kib, markj Tested by:pho Sponsored by: Netflix Differential Revision:https://reviews.freebsd.org/D20931 Deleted: head/sys/sys/_kstack_cache.h Modified: head/sys/ddb/db_ps.c head/sys/vm/vm_glue.c head/sys/vm/vm_param.h head/sys/vm/vm_swapout.c Modified: head/sys/ddb/db_ps.c == --- head/sys/ddb/db_ps.cTue Aug 6 23:15:04 2019(r350662) +++ head/sys/ddb/db_ps.cTue Aug 6 23:15:34 2019(r350663) @@ -42,7 +42,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -505,7 +504,6 @@ db_findstack_cmd(db_expr_t addr, bool have_addr, db_ex { struct proc *p; struct thread *td; - struct kstack_cache_entry *ks_ce; vm_offset_t saddr; if (have_addr) @@ -522,15 +520,6 @@ db_findstack_cmd(db_expr_t addr, bool have_addr, db_ex db_printf("Thread %p\n", td); return; } - } - } - - for (ks_ce = kstack_cache; ks_ce != NULL; -ks_ce = ks_ce->next_ks_entry) { - if ((vm_offset_t)ks_ce <= saddr && saddr < (vm_offset_t)ks_ce + - PAGE_SIZE * kstack_pages) { - db_printf("Cached stack %p\n", ks_ce); - return; } } } Modified: head/sys/vm/vm_glue.c == --- head/sys/vm/vm_glue.c Tue Aug 6 23:15:04 2019(r350662) +++ head/sys/vm/vm_glue.c Tue Aug 6 23:15:34 2019(r350663) @@ -84,12 +84,12 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include #include +#include #include #include #include @@ -282,52 +282,39 @@ vm_sync_icache(vm_map_t map, vm_offset_t va, vm_offset pmap_sync_icache(map->pmap, va, sz); } -struct kstack_cache_entry *kstack_cache; +static uma_zone_t kstack_cache; static int kstack_cache_size = 128; -static int kstacks, kstack_domain_iter; -static struct mtx kstack_cache_mtx; -MTX_SYSINIT(kstack_cache, _cache_mtx, "kstkch", MTX_DEF); +static int kstack_domain_iter; -SYSCTL_INT(_vm, OID_AUTO, kstack_cache_size, CTLFLAG_RW, _cache_size, 0, -""); -SYSCTL_INT(_vm, OID_AUTO, kstacks, CTLFLAG_RD, , 0, -""); +static int +sysctl_kstack_cache_size(SYSCTL_HANDLER_ARGS) +{ + int error, newsize; + newsize = kstack_cache_size; + error = sysctl_handle_int(oidp, , 0, req); + if (error == 0 && req->newptr && newsize != kstack_cache_size) + kstack_cache_size = + uma_zone_set_maxcache(kstack_cache, newsize); + return (error); +} +SYSCTL_PROC(_vm, OID_AUTO, kstack_cache_size, CTLTYPE_INT|CTLFLAG_RW, + _cache_size, 0, sysctl_kstack_cache_size, "IU", + "Maximum number of cached kernel stacks"); + /* * Create the kernel stack (including pcb for i386) for a new thread. * This routine directly affects the fork perf for a process and * create performance for a thread. */ -int -vm_thread_new(struct thread *td, int pages) +static vm_offset_t +vm_thread_stack_create(struct domainset *ds, vm_object_t *ksobjp, int pages) { + vm_page_t ma[KSTACK_MAX_PAGES]; vm_object_t ksobj; vm_offset_t ks; - vm_page_t ma[KSTACK_MAX_PAGES]; - struct kstack_cache_entry *ks_ce; int i; - /* Bounds check */ - if (pages <= 1) - pages = kstack_pages; - else if (pages > KSTACK_MAX_PAGES) - pages = KSTACK_MAX_PAGES; - - if (pages == kstack_pages && kstack_cache != NULL) { - mtx_lock(_cache_mtx); - if (kstack_cache != NULL) { - ks_ce = kstack_cache; - kstack_cache = ks_ce->next_ks_entry; - mtx_unlock(_cache_mtx); - - td->td_kstack_obj = ks_ce->ksobj; - td->td_kstack = (vm_offset_t)ks_ce; - td->td_kstack_pages = kstack_pages; - return (1); - } - mtx_unlock(_cache_mtx); - } - /* * Allocate an object for the kstack. */ @@ -354,30 +341,17 @@ vm_thread_new(struct thread *td, int pages) vm_object_deallocate(ksobj); return (0); } - - /* -* Ensure that kstack objects can draw pages from any memory -* domain. Otherwise a local memory shortage can block a process -* swap-in. -*/ if (vm_ndomains > 1) { -
svn commit: r350662 - in head/sys: dev/acpica i386/pci
Author: jhb Date: Tue Aug 6 23:15:04 2019 New Revision: 350662 URL: https://svnweb.freebsd.org/changeset/base/350662 Log: Detect invalid PCI devices more correctly in PCI interrupt router drivers. - Check for an invalid device (vendor is invalid) before reading the header type register when examining function 0 of a possible device. - When iterating over functions of a device, reject any device whose 16-bit vendor is invalid rather than requiring the full 32-bit vendor+device to be all 1's. In practice the latter check is probably fine, but checking the vendor is what the PCI spec recommends. Reviewed by: imp MFC after:2 weeks Differential Revision:https://reviews.freebsd.org/D21147 Modified: head/sys/dev/acpica/acpi_pci_link.c head/sys/i386/pci/pci_pir.c Modified: head/sys/dev/acpica/acpi_pci_link.c == --- head/sys/dev/acpica/acpi_pci_link.c Tue Aug 6 23:04:59 2019 (r350661) +++ head/sys/dev/acpica/acpi_pci_link.c Tue Aug 6 23:15:04 2019 (r350662) @@ -580,6 +580,9 @@ acpi_pci_link_search_irq(int bus, int device, int pin) uint8_t func, maxfunc; /* See if we have a valid device at function 0. */ + value = pci_cfgregread(bus, device, 0, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) + return (PCI_INVALID_IRQ); value = pci_cfgregread(bus, device, 0, PCIR_HDRTYPE, 1); if ((value & PCIM_HDRTYPE) > PCI_MAXHDRTYPE) return (PCI_INVALID_IRQ); @@ -590,8 +593,8 @@ acpi_pci_link_search_irq(int bus, int device, int pin) /* Scan all possible functions at this device. */ for (func = 0; func <= maxfunc; func++) { - value = pci_cfgregread(bus, device, func, PCIR_DEVVENDOR, 4); - if (value == 0x) + value = pci_cfgregread(bus, device, func, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) continue; value = pci_cfgregread(bus, device, func, PCIR_INTPIN, 1); Modified: head/sys/i386/pci/pci_pir.c == --- head/sys/i386/pci/pci_pir.c Tue Aug 6 23:04:59 2019(r350661) +++ head/sys/i386/pci/pci_pir.c Tue Aug 6 23:15:04 2019(r350662) @@ -257,8 +257,8 @@ pci_pir_create_links(struct PIR_entry *entry, struct P } /* - * Look to see if any of the function on the PCI device at bus/device have - * an interrupt routed to intpin 'pin' by the BIOS. + * Look to see if any of the functions on the PCI device at bus/device + * have an interrupt routed to intpin 'pin' by the BIOS. */ static uint8_t pci_pir_search_irq(int bus, int device, int pin) @@ -267,6 +267,9 @@ pci_pir_search_irq(int bus, int device, int pin) uint8_t func, maxfunc; /* See if we have a valid device at function 0. */ + value = pci_cfgregread(bus, device, 0, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) + return (PCI_INVALID_IRQ); value = pci_cfgregread(bus, device, 0, PCIR_HDRTYPE, 1); if ((value & PCIM_HDRTYPE) > PCI_MAXHDRTYPE) return (PCI_INVALID_IRQ); @@ -277,8 +280,8 @@ pci_pir_search_irq(int bus, int device, int pin) /* Scan all possible functions at this device. */ for (func = 0; func <= maxfunc; func++) { - value = pci_cfgregread(bus, device, func, PCIR_DEVVENDOR, 4); - if (value == 0x) + value = pci_cfgregread(bus, device, func, PCIR_VENDOR, 2); + if (value == PCIV_INVALID) continue; value = pci_cfgregread(bus, device, func, PCIR_INTPIN, 1); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350661 - head/sys/vm
Author: jeff Date: Tue Aug 6 23:04:59 2019 New Revision: 350661 URL: https://svnweb.freebsd.org/changeset/base/350661 Log: Implement a MINBUCKET zone flag so we can use minimal caching on zones that may be expensive to cache. Reviewed by: markj, kib Sponsored by: Netflix Differential Revision:https://reviews.freebsd.org/D20930 Modified: head/sys/vm/uma.h head/sys/vm/uma_core.c Modified: head/sys/vm/uma.h == --- head/sys/vm/uma.h Tue Aug 6 22:36:29 2019(r350660) +++ head/sys/vm/uma.h Tue Aug 6 23:04:59 2019(r350661) @@ -274,6 +274,7 @@ uma_zone_t uma_zcache_create(char *name, int size, uma * NUMA aware Zone. Implements a best * effort first-touch policy. */ +#defineUMA_ZONE_MINBUCKET 0x2 /* Use smallest buckets. */ /* * These flags are shared between the keg and zone. In zones wishing to add Modified: head/sys/vm/uma_core.c == --- head/sys/vm/uma_core.c Tue Aug 6 22:36:29 2019(r350660) +++ head/sys/vm/uma_core.c Tue Aug 6 23:04:59 2019(r350661) @@ -209,6 +209,7 @@ struct uma_bucket_zone { (((sizeof(void *) * (n)) - sizeof(struct uma_bucket)) / sizeof(void *)) #defineBUCKET_MAX BUCKET_SIZE(256) +#defineBUCKET_MIN BUCKET_SIZE(4) struct uma_bucket_zone bucket_zones[] = { { NULL, "4 Bucket", BUCKET_SIZE(4), 4096 }, @@ -1867,9 +1868,12 @@ out: KASSERT((arg->flags & (UMA_ZONE_MAXBUCKET | UMA_ZONE_NOBUCKET)) != (UMA_ZONE_MAXBUCKET | UMA_ZONE_NOBUCKET), ("Invalid zone flag combination")); - if ((arg->flags & UMA_ZONE_MAXBUCKET) != 0) + if ((arg->flags & UMA_ZONE_MAXBUCKET) != 0) { zone->uz_count = BUCKET_MAX; - else if ((arg->flags & UMA_ZONE_NOBUCKET) != 0) + } else if ((arg->flags & UMA_ZONE_MINBUCKET) != 0) { + zone->uz_count = BUCKET_MIN; + zone->uz_count_max = BUCKET_MIN; + } else if ((arg->flags & UMA_ZONE_NOBUCKET) != 0) zone->uz_count = 0; else zone->uz_count = bucket_select(zone->uz_size); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350656 - in head/stand/efi: include libefi
Author: tsoome Date: Tue Aug 6 20:13:28 2019 New Revision: 350656 URL: https://svnweb.freebsd.org/changeset/base/350656 Log: loader.efi: efilib.h and libefi.c were left out of 350654 And this is second followup for 350654 Modified: head/stand/efi/include/efilib.h head/stand/efi/libefi/libefi.c Modified: head/stand/efi/include/efilib.h == --- head/stand/efi/include/efilib.h Tue Aug 6 20:08:01 2019 (r350655) +++ head/stand/efi/include/efilib.h Tue Aug 6 20:13:28 2019 (r350656) @@ -70,6 +70,7 @@ pdinfo_t *efiblk_get_pdinfo_by_handle(EFI_HANDLE h); pdinfo_t *efiblk_get_pdinfo_by_device_path(EFI_DEVICE_PATH *path); void *efi_get_table(EFI_GUID *tbl); +EFI_STATUS OpenProtocolByHandle(EFI_HANDLE, EFI_GUID *, void **); int efi_getdev(void **vdev, const char *devspec, const char **path); char *efi_fmtdev(void *vdev); Modified: head/stand/efi/libefi/libefi.c == --- head/stand/efi/libefi/libefi.c Tue Aug 6 20:08:01 2019 (r350655) +++ head/stand/efi/libefi/libefi.c Tue Aug 6 20:13:28 2019 (r350656) @@ -50,3 +50,10 @@ efi_get_table(EFI_GUID *tbl) } return (NULL); } + +EFI_STATUS +OpenProtocolByHandle(EFI_HANDLE handle, EFI_GUID *protocol, void **interface) +{ + return (BS->OpenProtocol(handle, protocol, interface, IH, NULL, + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL)); +} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350653 - head/sys/geom/label
Author: mckusick Date: Tue Aug 6 18:28:44 2019 New Revision: 350653 URL: https://svnweb.freebsd.org/changeset/base/350653 Log: Ignore UFS/FFS superblock check hash failures so as to allow a higher level in the filesystem stack to decide what to do about them. Reported by: Peter Holm Tested by:Peter Holm Sponsored by: Netflix Modified: head/sys/geom/label/g_label_ufs.c Modified: head/sys/geom/label/g_label_ufs.c == --- head/sys/geom/label/g_label_ufs.c Tue Aug 6 18:15:26 2019 (r350652) +++ head/sys/geom/label/g_label_ufs.c Tue Aug 6 18:28:44 2019 (r350653) @@ -76,8 +76,8 @@ g_label_ufs_taste_common(struct g_consumer *cp, char * label[0] = '\0'; fs = NULL; - if (SBLOCKSIZE % pp->sectorsize != 0 || - ffs_sbget(cp, , STDSB, M_GEOM, g_use_g_read_data) != 0) { + if (SBLOCKSIZE % pp->sectorsize != 0 || ffs_sbget(cp, , + STDSB_NOHASHFAIL, M_GEOM, g_use_g_read_data) != 0) { KASSERT(fs == NULL, ("g_label_ufs_taste_common: non-NULL fs %p\n", fs)); return; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350635 - head/contrib/bsnmp/lib
Author: emaste Date: Tue Aug 6 16:09:06 2019 New Revision: 350635 URL: https://svnweb.freebsd.org/changeset/base/350635 Log: bsnmp: add asn1 message length validation admbugs: 780 Submitted by: Guido Vranken, bz Reported by: Guido Vranken Security: CVE-2019-5610 Modified: head/contrib/bsnmp/lib/asn1.c Modified: head/contrib/bsnmp/lib/asn1.c == --- head/contrib/bsnmp/lib/asn1.c Tue Aug 6 14:39:02 2019 (r350634) +++ head/contrib/bsnmp/lib/asn1.c Tue Aug 6 16:09:06 2019 (r350635) @@ -100,6 +100,11 @@ asn_get_header(struct asn_buf *b, u_char *type, asn_le *len = *b->asn_cptr++; b->asn_len--; } + if (*len > b->asn_len) { + asn_error(b, "len %u exceeding asn_len %u", *len, b->asn_len); + return (ASN_ERR_EOBUF); + } + return (ASN_ERR_OK); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r350550 - head/share/mk
On Sat, Aug 03, 2019 at 01:06:18AM +, John Baldwin wrote: > Author: jhb > Date: Sat Aug 3 01:06:17 2019 > New Revision: 350550 > URL: https://svnweb.freebsd.org/changeset/base/350550 > > Log: > Flip REPRODUCIBLE_BUILD back to off by default in head. > > Having the full uname output can be useful on head even with > unmodified trees or trees that newvers.sh fails to recognize as > modified. > > Reviewed by:emaste > Differential Revision: https://reviews.freebsd.org/D20895 > I would like to request this commit be reverted. While the original commit message to enable this knob stated the commit would be reverted after stable/12 branched, I have seen no public complaints about enabling REPRODUCIBLE_BUILD by default (and quite honestly, do not see the benefit of disabling it by default -- why wouldn't we want reproducibility?). To me, this feels like a step backwards, with no tangible benefit. Note, newvers.sh does properly detect a modified tree if it can find the VCS metadata directory (i.e., .git, .svn) -- I know this because I personally helped with it. In my opinion, those that want the non-reproducible metadata included in output from 'uname -a' should set WITHOUT_REPRODUCIBLE_BUILDS in their src.conf. Turning off a sane default for the benefit of what I suspect is likely a short list of use cases feels like a step in the wrong direction. Glen signature.asc Description: PGP signature
svn commit: r350655 - head/stand/efi/boot1
Author: tsoome Date: Tue Aug 6 20:08:01 2019 New Revision: 350655 URL: https://svnweb.freebsd.org/changeset/base/350655 Log: loader.efi: boot1.c was left out of 350654 Followup for 350654. Modified: head/stand/efi/boot1/boot1.c Modified: head/stand/efi/boot1/boot1.c == --- head/stand/efi/boot1/boot1.cTue Aug 6 19:27:27 2019 (r350654) +++ head/stand/efi/boot1/boot1.cTue Aug 6 20:08:01 2019 (r350655) @@ -137,8 +137,9 @@ try_boot(const boot_module_t *mod, dev_info_t *dev, vo goto errout; } - if ((status = BS->HandleProtocol(loaderhandle, , - (VOID**)_image)) != EFI_SUCCESS) { + status = OpenProtocolByHandle(loaderhandle, , + (void **)_image); + if (status != EFI_SUCCESS) { printf("Failed to query LoadedImage provided by %s (%lu)\n", mod->name, EFI_ERROR_CODE(status)); goto errout; @@ -242,7 +243,7 @@ efi_main(EFI_HANDLE Ximage, EFI_SYSTEM_TABLE *Xsystab) nhandles = hsize / sizeof(*handles); /* Determine the devpath of our image so we can prefer it. */ - status = BS->HandleProtocol(IH, , (VOID**)); + status = OpenProtocolByHandle(IH, , (void **)); imgpath = NULL; if (status == EFI_SUCCESS) { text = efi_devpath_name(img->FilePath); @@ -252,8 +253,8 @@ efi_main(EFI_HANDLE Ximage, EFI_SYSTEM_TABLE *Xsystab) efi_free_devpath_name(text); } - status = BS->HandleProtocol(img->DeviceHandle, , - (void **)); + status = OpenProtocolByHandle(img->DeviceHandle, + , (void **)); if (status != EFI_SUCCESS) { DPRINTF("Failed to get image DevicePath (%lu)\n", EFI_ERROR_CODE(status)); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350659 - in head: lib/libmemstat sys/conf sys/vm usr.bin/vmstat
Author: jeff Date: Tue Aug 6 21:50:34 2019 New Revision: 350659 URL: https://svnweb.freebsd.org/changeset/base/350659 Log: Add two new kernel options to control memory locality on NUMA hardware. - UMA_XDOMAIN enables an additional per-cpu bucket for freed memory that was freed on a different domain from where it was allocated. This is only used for UMA_ZONE_NUMA (first-touch) zones. - UMA_FIRSTTOUCH sets the default UMA policy to be first-touch for all zones. This tries to maintain locality for kernel memory. Reviewed by: gallatin, alc, kib Tested by:pho, gallatin Sponsored by: Netflix Differential Revision:https://reviews.freebsd.org/D20929 Modified: head/lib/libmemstat/memstat.c head/lib/libmemstat/memstat.h head/lib/libmemstat/memstat_internal.h head/lib/libmemstat/memstat_uma.c head/sys/conf/options head/sys/vm/uma.h head/sys/vm/uma_core.c head/sys/vm/uma_int.h head/sys/vm/vm_phys.c head/sys/vm/vm_phys.h head/usr.bin/vmstat/vmstat.c Modified: head/lib/libmemstat/memstat.c == --- head/lib/libmemstat/memstat.c Tue Aug 6 21:17:22 2019 (r350658) +++ head/lib/libmemstat/memstat.c Tue Aug 6 21:50:34 2019 (r350659) @@ -326,6 +326,13 @@ memstat_get_sleeps(const struct memory_type *mtp) return (mtp->mt_sleeps); } +uint64_t +memstat_get_xdomain(const struct memory_type *mtp) +{ + + return (mtp->mt_xdomain); +} + void * memstat_get_caller_pointer(const struct memory_type *mtp, int index) { Modified: head/lib/libmemstat/memstat.h == --- head/lib/libmemstat/memstat.h Tue Aug 6 21:17:22 2019 (r350658) +++ head/lib/libmemstat/memstat.h Tue Aug 6 21:50:34 2019 (r350659) @@ -136,6 +136,7 @@ uint64_t memstat_get_count(const struct memory_type * uint64_tmemstat_get_free(const struct memory_type *mtp); uint64_tmemstat_get_failures(const struct memory_type *mtp); uint64_tmemstat_get_sleeps(const struct memory_type *mtp); +uint64_tmemstat_get_xdomain(const struct memory_type *mtp); void *memstat_get_caller_pointer(const struct memory_type *mtp, int index); voidmemstat_set_caller_pointer(struct memory_type *mtp, Modified: head/lib/libmemstat/memstat_internal.h == --- head/lib/libmemstat/memstat_internal.h Tue Aug 6 21:17:22 2019 (r350658) +++ head/lib/libmemstat/memstat_internal.h Tue Aug 6 21:50:34 2019 (r350659) @@ -69,6 +69,7 @@ struct memory_type { uint64_t mt_free; /* Number of cached free items. */ uint64_t mt_failures; /* Number of allocation failures. */ uint64_t mt_sleeps; /* Number of allocation sleeps. */ + uint64_t mt_xdomain;/* Number of cross domain sleeps. */ /* * Caller-owned memory. Modified: head/lib/libmemstat/memstat_uma.c == --- head/lib/libmemstat/memstat_uma.c Tue Aug 6 21:17:22 2019 (r350658) +++ head/lib/libmemstat/memstat_uma.c Tue Aug 6 21:50:34 2019 (r350659) @@ -201,6 +201,7 @@ retry: mtp->mt_numfrees = uthp->uth_frees; mtp->mt_failures = uthp->uth_fails; mtp->mt_sleeps = uthp->uth_sleeps; + mtp->mt_xdomain = uthp->uth_xdomain; for (j = 0; j < maxcpus; j++) { upsp = (struct uma_percpu_stat *)p; @@ -423,11 +424,11 @@ memstat_kvm_uma(struct memory_type_list *list, void *k mtp->mt_failures = kvm_counter_u64_fetch(kvm, (unsigned long )uz.uz_fails); mtp->mt_sleeps = uz.uz_sleeps; - /* See comment above in memstat_sysctl_uma(). */ if (mtp->mt_numallocs < mtp->mt_numfrees) mtp->mt_numallocs = mtp->mt_numfrees; + mtp->mt_xdomain = uz.uz_xdomain; if (kz.uk_flags & UMA_ZFLAG_INTERNAL) goto skip_percpu; for (i = 0; i < mp_maxid + 1; i++) { Modified: head/sys/conf/options == --- head/sys/conf/options Tue Aug 6 21:17:22 2019(r350658) +++ head/sys/conf/options Tue Aug 6 21:50:34 2019(r350659) @@ -618,6 +618,8 @@ NO_SWAPPING opt_vm.h MALLOC_MAKE_FAILURES opt_vm.h MALLOC_PROFILE opt_vm.h MALLOC_DEBUG_MAXZONES opt_vm.h +UMA_XDOMAINopt_vm.h +UMA_FIRSTTOUCH opt_vm.h # The MemGuard replacement allocator used for tamper-after-free
svn commit: r350654 - in head/stand/efi: boot1 gptboot libefi loader
Author: tsoome Date: Tue Aug 6 19:27:27 2019 New Revision: 350654 URL: https://svnweb.freebsd.org/changeset/base/350654 Log: loader.efi: replace HandleProtocol() with OpenProtocol() The HandleProtocol() is deprecated interface and we should use OpenProtocol() instead. Moreover, in some firmware implementation(s), the HandleProtocol() does return device path using static storage, so we can not keep the value returned there. With same firmware, the OpenProtocol() does return data we do not need to clone. Reviewed by: imp Differential Revision:https://reviews.freebsd.org/D21162 Modified: head/stand/efi/boot1/proto.c head/stand/efi/gptboot/proto.c head/stand/efi/libefi/devpath.c head/stand/efi/libefi/efinet.c head/stand/efi/libefi/efipart.c head/stand/efi/loader/efi_main.c head/stand/efi/loader/framebuffer.c head/stand/efi/loader/main.c Modified: head/stand/efi/boot1/proto.c == --- head/stand/efi/boot1/proto.cTue Aug 6 18:28:44 2019 (r350653) +++ head/stand/efi/boot1/proto.cTue Aug 6 19:27:27 2019 (r350654) @@ -61,7 +61,7 @@ probe_handle(EFI_HANDLE h, EFI_DEVICE_PATH *imgpath) int preferred; /* Figure out if we're dealing with an actual partition. */ - status = BS->HandleProtocol(h, , (void **)); + status = OpenProtocolByHandle(h, , (void **)); if (status == EFI_UNSUPPORTED) return (0); @@ -77,7 +77,7 @@ probe_handle(EFI_HANDLE h, EFI_DEVICE_PATH *imgpath) efi_free_devpath_name(text); } #endif - status = BS->HandleProtocol(h, , (void **)); + status = OpenProtocolByHandle(h, , (void **)); if (status == EFI_UNSUPPORTED) return (0); Modified: head/stand/efi/gptboot/proto.c == --- head/stand/efi/gptboot/proto.c Tue Aug 6 18:28:44 2019 (r350653) +++ head/stand/efi/gptboot/proto.c Tue Aug 6 19:27:27 2019 (r350654) @@ -146,7 +146,7 @@ probe_handle(EFI_HANDLE h, EFI_DEVICE_PATH *imgpath) EFI_STATUS status; /* Figure out if we're dealing with an actual partition. */ - status = BS->HandleProtocol(h, , (void **)); + status = OpenProtocolByHandle(h, , (void **)); if (status != EFI_SUCCESS) return; #ifdef EFI_DEBUG @@ -169,7 +169,7 @@ probe_handle(EFI_HANDLE h, EFI_DEVICE_PATH *imgpath) return; } } - status = BS->HandleProtocol(h, , (void **)); + status = OpenProtocolByHandle(h, , (void **)); if (status != EFI_SUCCESS) { DPRINTF("Can't get the block I/O protocol block\n"); return; Modified: head/stand/efi/libefi/devpath.c == --- head/stand/efi/libefi/devpath.c Tue Aug 6 18:28:44 2019 (r350653) +++ head/stand/efi/libefi/devpath.c Tue Aug 6 19:27:27 2019 (r350654) @@ -44,8 +44,8 @@ efi_lookup_image_devpath(EFI_HANDLE handle) EFI_DEVICE_PATH *devpath; EFI_STATUS status; - status = BS->HandleProtocol(handle, , - (VOID **)); + status = OpenProtocolByHandle(handle, , + (void **)); if (EFI_ERROR(status)) devpath = NULL; return (devpath); @@ -57,7 +57,8 @@ efi_lookup_devpath(EFI_HANDLE handle) EFI_DEVICE_PATH *devpath; EFI_STATUS status; - status = BS->HandleProtocol(handle, , (VOID **)); + status = OpenProtocolByHandle(handle, , + (void **)); if (EFI_ERROR(status)) devpath = NULL; return (devpath); Modified: head/stand/efi/libefi/efinet.c == --- head/stand/efi/libefi/efinet.c Tue Aug 6 18:28:44 2019 (r350653) +++ head/stand/efi/libefi/efinet.c Tue Aug 6 19:27:27 2019 (r350654) @@ -286,7 +286,7 @@ efinet_init(struct iodesc *desc, void *machdep_hint) } h = nif->nif_driver->netif_ifs[nif->nif_unit].dif_private; - status = BS->HandleProtocol(h, _guid, (VOID **)>nif_devdata); + status = OpenProtocolByHandle(h, _guid, (void **)>nif_devdata); if (status != EFI_SUCCESS) { printf("net%d: cannot fetch interface data (status=%lu)\n", nif->nif_unit, EFI_ERROR_CODE(status)); Modified: head/stand/efi/libefi/efipart.c == --- head/stand/efi/libefi/efipart.c Tue Aug 6 18:28:44 2019 (r350653) +++ head/stand/efi/libefi/efipart.c Tue Aug 6 19:27:27 2019 (r350654) @@ -297,8 +297,8 @@ efipart_hdd(EFI_DEVICE_PATH *dp) } /* Make sure we do have the media. */ -
svn commit: r350639 - in head/sys/amd64: amd64 include
Author: kib Date: Tue Aug 6 16:53:25 2019 New Revision: 350639 URL: https://svnweb.freebsd.org/changeset/base/350639 Log: amd64: prevents speculations over swapgs reload of %gs base. Such speculations could use user-controlled %gs base, esp. since FreeBSD supports WRGSBASE instructions. Place LFENCEs on entry for each basic block after the test for previous kernel/user mode on the kernel entry, which prevents the speculation. Code accesses %gs-based PCPU before any serialization instructions are executed, like %cr3 reload for KPTI. With pti disabled, on haswell i7-4770S machine, "syscall_timings getppid" shows when no lfence is added to syscall path: test looptimeiterations periteration getppid 0 1.040918865 4643611 0.00224 getppid 1 1.004985962 4481816 0.00224 getppid 2 1.005196483 4482363 0.00224 with lfence: getppid 0 1.043701091 4554779 0.00229 getppid 1 1.016930328 4438094 0.00229 getppid 2 1.023223117 4466640 0.00229 and ministat reports 'No difference proven at 95.0% confidence.' Security: CVE-2019-1125 Sponsored by: The FreeBSD Foundation MFC after:1 week Modified: head/sys/amd64/amd64/exception.S head/sys/amd64/include/asmacros.h Modified: head/sys/amd64/amd64/exception.S == --- head/sys/amd64/amd64/exception.STue Aug 6 16:12:43 2019 (r350638) +++ head/sys/amd64/amd64/exception.STue Aug 6 16:53:25 2019 (r350639) @@ -129,6 +129,7 @@ X\l: testb $SEL_RPL_MASK,TF_CS(%rsp) jz alltraps_noen_k swapgs + lfence jmp alltraps_noen_u .endm @@ -163,6 +164,7 @@ X\l: testb $SEL_RPL_MASK,TF_CS(%rsp) jz alltraps_k swapgs + lfence jmp alltraps_u .endm @@ -198,6 +200,7 @@ X\l: testb $SEL_RPL_MASK,TF_CS(%rsp) jz alltraps_k swapgs + lfence jmp alltraps_u .endm @@ -227,6 +230,7 @@ alltraps_u: .globl alltraps_k .type alltraps_k,@function alltraps_k: + lfence movq%rdi,TF_RDI(%rsp) movq%rdx,TF_RDX(%rsp) movq%rax,TF_RAX(%rsp) @@ -304,6 +308,7 @@ alltraps_noen_u: .globl alltraps_noen_k .type alltraps_noen_k,@function alltraps_noen_k: + lfence movq%rdi,TF_RDI(%rsp) alltraps_noen_save_segs: SAVE_SEGS @@ -343,7 +348,7 @@ IDTVEC(dblfault) testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ jz 1f /* already running with kernel GS.base */ swapgs -1: +1: lfence movqPCPU(KCR3),%rax cmpq$~0,%rax je 2f @@ -358,6 +363,7 @@ IDTVEC(page_pti) testb $SEL_RPL_MASK,PTI_CS-PTI_ERR(%rsp) jz page_k swapgs + lfence pushq %rax movq%cr3,%rax movq%rax,PCPU(SAVED_UCR3) @@ -373,6 +379,7 @@ IDTVEC(page) testb $SEL_RPL_MASK,TF_CS-TF_ERR(%rsp) /* Did we come from kernel? */ jnz page_u_swapgs /* already running with kernel GS.base */ page_k: + lfence subq$TF_ERR,%rsp movq%rdi,TF_RDI(%rsp) /* free up GP registers */ movq%rax,TF_RAX(%rsp) @@ -382,6 +389,7 @@ page_k: ALIGN_TEXT page_u_swapgs: swapgs + lfence page_u: subq$TF_ERR,%rsp movq%rdi,TF_RDI(%rsp) @@ -419,6 +427,7 @@ page_cr2: .macro PROTF_ENTRY name,trapno \name\()_pti_doreti: swapgs + lfence cmpq$~0,PCPU(UCR3) je 1f pushq %rax @@ -441,9 +450,9 @@ IDTVEC(\name\()_pti) cmpq$doreti_iret,PTI_RIP-2*8(%rsp) je \name\()_pti_doreti testb $SEL_RPL_MASK,PTI_CS-2*8(%rsp) /* %rax, %rdx not yet pushed */ - jz X\name + jz X\name /* lfence is not needed until %gs: use */ PTI_UENTRY has_err=1 - swapgs + swapgs /* fence provided by PTI_UENTRY */ IDTVEC(\name) subq$TF_ERR,%rsp movl$\trapno,TF_TRAPNO(%rsp) @@ -476,6 +485,7 @@ prot_addrf: jne 2f rdgsbase %rdx 2: swapgs + lfence movqPCPU(CURPCB),%rdi testb $CPUID_STDEXT_FSGSBASE,cpu_stdext_feature(%rip) jz 4f @@ -495,7 +505,8 @@ prot_addrf: jmp alltraps_pushregs_no_rax 5: swapgs -6: movqPCPU(CURPCB),%rdi +6: lfence + movqPCPU(CURPCB),%rdi jmp 4b /* @@ -510,6 +521,7 @@ prot_addrf: SUPERALIGN_TEXT IDTVEC(fast_syscall_pti) swapgs + lfence movq%rax,PCPU(SCRATCH_RAX) cmpq$~0,PCPU(UCR3) je fast_syscall_common @@ -519,6 +531,7 @@
svn commit: r350657 - head/sys/dev/ral
Author: kevans Date: Tue Aug 6 20:21:57 2019 New Revision: 350657 URL: https://svnweb.freebsd.org/changeset/base/350657 Log: ral: rt2860: fix wcid2ni access/size issue RT2860_WCID_MAX is supposed to describe the max STA index for wcid2ni, and was instead being used as the size -- off-by-one. rt2860_drain_stats_fifo was range-checking wcid only after accessing out-of-bounds potentially. Submitted by: Augustin Cavalier (basically) Obtained from:Haiku (58d16d9fe2d5a209cf22823359a8407d138e1a87) Differential Revision:3 days Modified: head/sys/dev/ral/rt2860.c head/sys/dev/ral/rt2860var.h Modified: head/sys/dev/ral/rt2860.c == --- head/sys/dev/ral/rt2860.c Tue Aug 6 20:13:28 2019(r350656) +++ head/sys/dev/ral/rt2860.c Tue Aug 6 20:21:57 2019(r350657) @@ -1092,10 +1092,12 @@ rt2860_drain_stats_fifo(struct rt2860_softc *sc) DPRINTFN(4, ("tx stat 0x%08x\n", stat)); wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff; + if (wcid > RT2860_WCID_MAX) + continue; ni = sc->wcid2ni[wcid]; /* if no ACK was requested, no feedback is available */ - if (!(stat & RT2860_TXQ_ACKREQ) || wcid == 0xff || ni == NULL) + if (!(stat & RT2860_TXQ_ACKREQ) || ni == NULL) continue; /* update per-STA AMRR stats */ Modified: head/sys/dev/ral/rt2860var.h == --- head/sys/dev/ral/rt2860var.hTue Aug 6 20:13:28 2019 (r350656) +++ head/sys/dev/ral/rt2860var.hTue Aug 6 20:21:57 2019 (r350657) @@ -142,7 +142,7 @@ struct rt2860_softc { #define RT2860_PCIE(1 << 2) #defineRT2860_RUNNING (1 << 3) - struct ieee80211_node *wcid2ni[RT2860_WCID_MAX]; + struct ieee80211_node *wcid2ni[RT2860_WCID_MAX + 1]; struct rt2860_tx_ring txq[6]; struct rt2860_rx_ring rxq; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350645 - head/sys/netinet6
Author: emaste Date: Tue Aug 6 17:11:30 2019 New Revision: 350645 URL: https://svnweb.freebsd.org/changeset/base/350645 Log: Correct ICMPv6/MLDv2 out-of-bounds memory access Previously the ICMPv6 input path incorrectly handled cases where an MLDv2 listener query packet was internally fragmented across multiple mbufs. admbugs: 921 Submitted by: jtl Reported by: CJD of Apple Approved by: so MFC after:0 minutes Security: CVE-2019-5608 Modified: head/sys/netinet6/mld6.c Modified: head/sys/netinet6/mld6.c == --- head/sys/netinet6/mld6.cTue Aug 6 17:11:17 2019(r350644) +++ head/sys/netinet6/mld6.cTue Aug 6 17:11:30 2019(r350645) @@ -139,14 +139,15 @@ static intmld_v2_enqueue_group_record(struct mbufq *, struct in6_multi *, const int, const int, const int, const int); static int mld_v2_input_query(struct ifnet *, const struct ip6_hdr *, - struct mbuf *, const int, const int); + struct mbuf *, struct mldv2_query *, const int, const int); static int mld_v2_merge_state_changes(struct in6_multi *, struct mbufq *); static voidmld_v2_process_group_timers(struct in6_multi_head *, struct mbufq *, struct mbufq *, struct in6_multi *, const int); static int mld_v2_process_group_query(struct in6_multi *, - struct mld_ifsoftc *mli, int, struct mbuf *, const int); + struct mld_ifsoftc *mli, int, struct mbuf *, + struct mldv2_query *, const int); static int sysctl_mld_gsr(SYSCTL_HANDLER_ARGS); static int sysctl_mld_ifinfo(SYSCTL_HANDLER_ARGS); @@ -804,16 +805,16 @@ mld_v1_update_group(struct in6_multi *inm, const int t * Process a received MLDv2 general, group-specific or * group-and-source-specific query. * - * Assumes that the query header has been pulled up to sizeof(mldv2_query). + * Assumes that mld points to a struct mldv2_query which is stored in + * contiguous memory. * * Return 0 if successful, otherwise an appropriate error code is returned. */ static int mld_v2_input_query(struct ifnet *ifp, const struct ip6_hdr *ip6, -struct mbuf *m, const int off, const int icmp6len) +struct mbuf *m, struct mldv2_query *mld, const int off, const int icmp6len) { struct mld_ifsoftc *mli; - struct mldv2_query *mld; struct in6_multi*inm; uint32_t maxdelay, nsrc, qqi; int is_general_query; @@ -845,8 +846,6 @@ mld_v2_input_query(struct ifnet *ifp, const struct ip6 CTR2(KTR_MLD, "input v2 query on ifp %p(%s)", ifp, if_name(ifp)); - mld = (struct mldv2_query *)(mtod(m, uint8_t *) + off); - maxdelay = ntohs(mld->mld_maxdelay);/* in 1/10ths of a second */ if (maxdelay >= 32768) { maxdelay = (MLD_MRC_MANT(maxdelay) | 0x1000) << @@ -973,7 +972,7 @@ mld_v2_input_query(struct ifnet *ifp, const struct ip6 * group-specific or group-and-source query. */ if (mli->mli_v2_timer == 0 || mli->mli_v2_timer >= timer) - mld_v2_process_group_query(inm, mli, timer, m, off); + mld_v2_process_group_query(inm, mli, timer, m, mld, off); /* XXX Clear embedded scope ID as userland won't expect it. */ in6_clearscope(>mld_addr); @@ -994,9 +993,8 @@ out_locked: */ static int mld_v2_process_group_query(struct in6_multi *inm, struct mld_ifsoftc *mli, -int timer, struct mbuf *m0, const int off) +int timer, struct mbuf *m0, struct mldv2_query *mld, const int off) { - struct mldv2_query *mld; int retval; uint16_t nsrc; @@ -1004,7 +1002,6 @@ mld_v2_process_group_query(struct in6_multi *inm, stru MLD_LOCK_ASSERT(); retval = 0; - mld = (struct mldv2_query *)(mtod(m0, uint8_t *) + off); switch (inm->in6m_state) { case MLD_NOT_MEMBER: @@ -1024,6 +1021,15 @@ mld_v2_process_group_query(struct in6_multi *inm, stru nsrc = ntohs(mld->mld_numsrc); + /* Length should be checked by calling function. */ + KASSERT((m0->m_flags & M_PKTHDR) == 0 || + m0->m_pkthdr.len >= off + sizeof(struct mldv2_query) + + nsrc * sizeof(struct in6_addr), + ("mldv2 packet is too short: (%d bytes < %zd bytes, m=%p)", + m0->m_pkthdr.len, off + sizeof(struct mldv2_query) + + nsrc * sizeof(struct in6_addr), m0)); + + /* * Deal with group-specific queries upfront. * If any group query is already pending, purge any recorded @@ -1065,28 +1071,20 @@ mld_v2_process_group_query(struct in6_multi *inm, stru * report for those
svn commit: r350636 - head/sys/kern
Author: glebius Date: Tue Aug 6 16:11:00 2019 New Revision: 350636 URL: https://svnweb.freebsd.org/changeset/base/350636 Log: Since r350426 this KASSERT doesn't serve any useful purpose. Modified: head/sys/kern/kern_sendfile.c Modified: head/sys/kern/kern_sendfile.c == --- head/sys/kern/kern_sendfile.c Tue Aug 6 16:09:06 2019 (r350635) +++ head/sys/kern/kern_sendfile.c Tue Aug 6 16:11:00 2019 (r350636) @@ -392,8 +392,6 @@ sendfile_swapin(vm_object_t obj, struct sf_io *sfio, i VM_OBJECT_WUNLOCK(obj); return (EIO); } - KASSERT(rv == VM_PAGER_OK, ("%s: pager fail obj %p page %p", - __func__, obj, pa[i])); SFSTAT_INC(sf_iocnt); SFSTAT_ADD(sf_pages_read, count); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350658 - head/tests/sys/kern
Author: jilles Date: Tue Aug 6 21:17:22 2019 New Revision: 350658 URL: https://svnweb.freebsd.org/changeset/base/350658 Log: Add a test for kill() on a zombie Added: head/tests/sys/kern/kill_zombie.c (contents, props changed) Modified: head/tests/sys/kern/Makefile Modified: head/tests/sys/kern/Makefile == --- head/tests/sys/kern/MakefileTue Aug 6 20:21:57 2019 (r350657) +++ head/tests/sys/kern/MakefileTue Aug 6 21:17:22 2019 (r350658) @@ -8,6 +8,7 @@ TESTSDIR= ${TESTSBASE}/sys/kern #ATF_TESTS_C+= kcov ATF_TESTS_C+= kern_copyin ATF_TESTS_C+= kern_descrip_test +ATF_TESTS_C+= kill_zombie ATF_TESTS_C+= ptrace_test TEST_METADATA.ptrace_test+=timeout="15" ATF_TESTS_C+= reaper Added: head/tests/sys/kern/kill_zombie.c == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tests/sys/kern/kill_zombie.c Tue Aug 6 21:17:22 2019 (r350658) @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2018 Jilles Tjoelker + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +#include +#include +#include + +ATF_TC_WITHOUT_HEAD(kill_zombie); +ATF_TC_BODY(kill_zombie, tc) +{ + pid_t child, pid; + int status, r; + + child = fork(); + ATF_REQUIRE(child != -1); + if (child == 0) { + _exit(42); + } + + r = waitid(P_PID, child, NULL, WEXITED | WNOWAIT); + ATF_REQUIRE(r == 0); + + r = kill(child, SIGTERM); + ATF_CHECK(r == 0); + + status = -1; + pid = waitpid(child, , 0); + ATF_REQUIRE(pid == child); + ATF_CHECK(WIFEXITED(status) && WEXITSTATUS(status) == 42); +} + +ATF_TP_ADD_TCS(tp) +{ + + ATF_TP_ADD_TC(tp, kill_zombie); + return (atf_no_error()); +} ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350652 - head/sbin/nvmecontrol
Author: imp Date: Tue Aug 6 18:15:26 2019 New Revision: 350652 URL: https://svnweb.freebsd.org/changeset/base/350652 Log: Fix mismerge. I merged passthru.c from the wrong branch (it was a branch that went further in a direction I wound up not taking). Fix the mismerge and turn passthru on. Modified: head/sbin/nvmecontrol/Makefile head/sbin/nvmecontrol/passthru.c Modified: head/sbin/nvmecontrol/Makefile == --- head/sbin/nvmecontrol/Makefile Tue Aug 6 18:10:34 2019 (r350651) +++ head/sbin/nvmecontrol/Makefile Tue Aug 6 18:15:26 2019 (r350652) @@ -5,7 +5,7 @@ PROG= nvmecontrol SRCS= comnd.c nvmecontrol.c SRCS+= devlist.c firmware.c format.c identify.c logpage.c ns.c nsid.c SRCS+= perftest.c power.c reset.c resv.c sanitize.c -#SRCS+=passthru.c +SRCS+= passthru.c SRCS+= identify_ext.c nvme_util.c nc_util.c MAN= nvmecontrol.8 LDFLAGS+= -rdynamic Modified: head/sbin/nvmecontrol/passthru.c == --- head/sbin/nvmecontrol/passthru.cTue Aug 6 18:10:34 2019 (r350651) +++ head/sbin/nvmecontrol/passthru.cTue Aug 6 18:15:26 2019 (r350652) @@ -101,7 +101,7 @@ static struct options { */ #define ARG(l, s, t, opt, addr, desc) { l, s, t, , desc } -static const struct opts opts[] = { +static struct opts opts[] = { ARG("opcode", 'o',arg_uint8, opt, opcode, "NVMe command opcode (required)"), ARG("cdw2", '2',arg_uint32, opt, cdw2, @@ -267,7 +267,23 @@ io_passthru(const struct cmd *nf, int argc, char *argv passthru(nf, argc, argv); } -CMD_COMMAND(top, admin-passthru, admin_passthru, sizeof(struct options), opts, args, -"Send a pass through Admin command to the specified device"); -CMD_COMMAND(top, io-passthru, io_passthru, sizeof(struct options), opts, args, -"Send a pass through I/O command to the specified device"); +static struct cmd admin_pass_cmd = { + .name = "admin-passthru", + .fn = admin_passthru, + .ctx_size = sizeof(struct options), + .opts = opts, + .args = args, + .descr = "Send a pass through Admin command to the specified device", +}; + +static struct cmd io_pass_cmd = { + .name = "io-passthru", + .fn = io_passthru, + .ctx_size = sizeof(struct options), + .opts = opts, + .args = args, + .descr = "Send a pass through Admin command to the specified device", +}; + +CMD_COMMAND(admin_pass_cmd); +CMD_COMMAND(io_pass_cmd); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350651 - head/sys/ufs/ffs
Author: mckusick Date: Tue Aug 6 18:10:34 2019 New Revision: 350651 URL: https://svnweb.freebsd.org/changeset/base/350651 Log: A race condition existed between the time a UFS/FFS superblock check hash was computed and the time that the superblock was copied to a buffer to be written to disk. The result was a failed superblock check hash the next time that the superblock was read. The fix is to compute the check hash after the superblock has been copied to a buffer to be written. PR: 236504 Reported by: Peter Holm Tested by:Peter Holm Sponsored by: Netflix Modified: head/sys/ufs/ffs/ffs_vfsops.c Modified: head/sys/ufs/ffs/ffs_vfsops.c == --- head/sys/ufs/ffs/ffs_vfsops.c Tue Aug 6 17:15:46 2019 (r350650) +++ head/sys/ufs/ffs/ffs_vfsops.c Tue Aug 6 18:10:34 2019 (r350651) @@ -1998,7 +1998,13 @@ ffs_use_bwrite(void *devfd, off_t loc, void *buf, int if (MOUNTEDSOFTDEP(ump->um_mountp)) softdep_setup_sbupdate(ump, (struct fs *)bp->b_data, bp); bcopy((caddr_t)fs, bp->b_data, (u_int)fs->fs_sbsize); - ffs_oldfscompat_write((struct fs *)bp->b_data, ump); + fs = (struct fs *)bp->b_data; + ffs_oldfscompat_write(fs, ump); + /* +* Because we may have made changes to the superblock, we need to +* recompute its check-hash. +*/ + fs->fs_ckhash = ffs_calc_sbhash(fs); if (devfdp->suspended) bp->b_flags |= B_VALIDSUSPWRT; if (devfdp->waitfor != MNT_WAIT) ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350626 - head/sys/netinet
Author: tuexen Date: Tue Aug 6 10:29:19 2019 New Revision: 350626 URL: https://svnweb.freebsd.org/changeset/base/350626 Log: Fix a locking issue in sctp_accept. PR: 238520 Reported by: pho@ MFC after:1 week Modified: head/sys/netinet/sctp_usrreq.c Modified: head/sys/netinet/sctp_usrreq.c == --- head/sys/netinet/sctp_usrreq.c Tue Aug 6 08:33:21 2019 (r350625) +++ head/sys/netinet/sctp_usrreq.c Tue Aug 6 10:29:19 2019 (r350626) @@ -7226,28 +7226,56 @@ sctp_accept(struct socket *so, struct sockaddr **addr) SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (ECONNRESET); } - SCTP_INP_RLOCK(inp); + SCTP_INP_WLOCK(inp); if (inp->sctp_flags & SCTP_PCB_FLAGS_UDPTYPE) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EOPNOTSUPP); return (EOPNOTSUPP); } if (so->so_state & SS_ISDISCONNECTED) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, ECONNABORTED); return (ECONNABORTED); } stcb = LIST_FIRST(>sctp_asoc_list); if (stcb == NULL) { - SCTP_INP_RUNLOCK(inp); + SCTP_INP_WUNLOCK(inp); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); return (ECONNRESET); } SCTP_TCB_LOCK(stcb); - SCTP_INP_RUNLOCK(inp); store = stcb->asoc.primary_destination->ro._l_addr; SCTP_CLEAR_SUBSTATE(stcb, SCTP_STATE_IN_ACCEPT_QUEUE); - SCTP_TCB_UNLOCK(stcb); + /* Wake any delayed sleep action */ + if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE; + if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; + SOCKBUF_LOCK(>sctp_socket->so_snd); + if (sowriteable(inp->sctp_socket)) { + sowwakeup_locked(inp->sctp_socket); + } else { + SOCKBUF_UNLOCK(>sctp_socket->so_snd); + } + } + if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) { + inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; + SOCKBUF_LOCK(>sctp_socket->so_rcv); + if (soreadable(inp->sctp_socket)) { + sctp_defered_wakeup_cnt++; + sorwakeup_locked(inp->sctp_socket); + } else { + SOCKBUF_UNLOCK(>sctp_socket->so_rcv); + } + } + } + SCTP_INP_WUNLOCK(inp); + if (stcb->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) { + sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, + SCTP_FROM_SCTP_USRREQ + SCTP_LOC_19); + } else { + SCTP_TCB_UNLOCK(stcb); + } switch (store.sa.sa_family) { #ifdef INET case AF_INET: @@ -7288,40 +7316,6 @@ sctp_accept(struct socket *so, struct sockaddr **addr) default: /* TSNH */ break; - } - /* Wake any delayed sleep action */ - if (inp->sctp_flags & SCTP_PCB_FLAGS_DONT_WAKE) { - SCTP_INP_WLOCK(inp); - inp->sctp_flags &= ~SCTP_PCB_FLAGS_DONT_WAKE; - if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEOUTPUT) { - inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEOUTPUT; - SCTP_INP_WUNLOCK(inp); - SOCKBUF_LOCK(>sctp_socket->so_snd); - if (sowriteable(inp->sctp_socket)) { - sowwakeup_locked(inp->sctp_socket); - } else { - SOCKBUF_UNLOCK(>sctp_socket->so_snd); - } - SCTP_INP_WLOCK(inp); - } - if (inp->sctp_flags & SCTP_PCB_FLAGS_WAKEINPUT) { - inp->sctp_flags &= ~SCTP_PCB_FLAGS_WAKEINPUT; - SCTP_INP_WUNLOCK(inp); - SOCKBUF_LOCK(>sctp_socket->so_rcv); - if (soreadable(inp->sctp_socket)) { - sctp_defered_wakeup_cnt++; - sorwakeup_locked(inp->sctp_socket); - } else { - SOCKBUF_UNLOCK(>sctp_socket->so_rcv); - } - SCTP_INP_WLOCK(inp); - } -
svn commit: r350640 - head/share/man/man7
Author: kib Date: Tue Aug 6 17:05:58 2019 New Revision: 350640 URL: https://svnweb.freebsd.org/changeset/base/350640 Log: Provide the list of knobs related to mitigations. Discussed with: bjk, emaste Sponsored by: The FreeBSD Foundation MFC after:1 week Differential revision:https://reviews.freebsd.org/D21087 Modified: head/share/man/man7/security.7 Modified: head/share/man/man7/security.7 == --- head/share/man/man7/security.7 Tue Aug 6 16:53:25 2019 (r350639) +++ head/share/man/man7/security.7 Tue Aug 6 17:05:58 2019 (r350640) @@ -1,5 +1,10 @@ .\" Copyright (C) 1998 Matthew Dillon. All rights reserved. +.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. .\" +.\" Parts of this documentation were written by +.\" Konstantin Belousov under sponsorship +.\" from the FreeBSD Foundation. +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -23,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 25, 2013 +.Dd July 27, 2019 .Dt SECURITY 7 .Os .Sh NAME @@ -941,12 +946,125 @@ option that SSH allows in its .Pa authorized_keys file to make the key only usable to entities logging in from specific machines. +.Sh KNOBS AND TWEAKS +.Fx +provides several knobs and tweak handles that make some introspection +information access more restricted. +Some people consider this as improving system security, so the knobs are +briefly listed there, together with controls which enable some mitigations +of the hardware state leaks. +.Bl -tag -width security.bsd.unprivileged_proc_debug +.It Dv security.bsd.see_other_uids +Controls visibility of processes owned by different uid. +The knob directly affects the +.Dv kern.proc +sysctls filtering of data, which results in restricted output from +utilities like +.Xr ps 1 . +.It Dv security.bsd.see_other_gids +Same, for processes owned by different gid. +.It Dv security.bsd.see_jail_proc +Same, for processes belonging to a jail. +.It Dv security.bsd.conservative_signals +When enabled, unprivileged users are only allowed to send job control +and usual termination signals like +.Dv SIGKILL , +.Dv SIGINT , +and +.Dv SIGTERM , +to the processes executing programs with changed uids. +.It Dv security.bsd.unprivileged_proc_debug +Controls availability of the process debugging facilities to non-root users. +See also +.Xr proccontrol 1 +mode +.Dv trace . +.It Dv vm.pmap.pti +Tunable, amd64-only. +Enables mode of operation of virtual memory system where usermode page +tables are sanitized to prevent so-called Meltdown information leak on +some Intel CPUs. +By default, the system detects whether the CPU needs the workaround, +and enables it automatically. +See also +.Xr proccontrol 1 +mode +.Dv kpti . +.It Dv hw.mds_disable +amd64 and i386. +Controls Microarchitectural Data Sampling hardware information leak +mitigation. +.It Dv hw.spec_store_bypass_disable +amd64 and i386. +Controls Speculative Store Bypass hardware information leak mitigation. +.It Dv hw.ibrs_disable +amd64 and i386. +Controls Indirect Branch Restricted Speculation hardware information leak +mitigation. +.It Dv machdep.syscall_ret_l1d_flush +amd64. +Controls force-flush of L1D cache on return from syscalls which report +errors other than +.Ev EEXIST , +.Ev EAGAIN , +.Ev EXDEV , +.Ev ENOENT , +.Ev ENOTCONN , +and +.Ev EINPROGRESS . +This is mostly a paranoid setting added to prevent hypothetical exploitation +of unknown gadgets for unknown hardware issues. +The error codes exclusion list is composed of the most common errors which +typically occurs on normal system operation. +.It Dv machdep.nmi_flush_l1d_sw +amd64. +Controls force-flush of L1D cache on NMI; +this provides software assist for bhyve mitigation of L1 terminal fault +hardware information leak. +.It Dv hw.vmm.vmx.l1d_flush +amd64. +Controls the mitigation of L1 Terminal Fault in bhyve hypervisor. +.It Dv kern.elf32.aslr.enable +Controls system-global Address Space Layour Randomization (ASLR) for +normal non-PIE (Position Independent Executable) 32bit binaries. +See also +.Xr proccontrol 1 +mode +.Dv aslr , +also affected by the per-image control note flag. +.It Dv kern.elf32.aslr.pie_enable +Controls system-global Address Space Layout Randomization for +position-independent (PIE) 32bit binaries. +.It Dv kern.elf32.aslr.honor_sbrk +Makes ASLR less aggressive and more compatible with old binaries +relying on the sbrk area. +.It Dv kern.elf32.aslr.aslr_stack_gap +If ASLR is enabled for a binary, a non-zero value creates a randomized +stack gap between strings and the end of the aux vector. +The value is the maximum percentage of main stack to waste on the gap. +Cannot be greater than 50, i.e., at most half of the stack. +.It Dv kern.elf64.aslr.enable +64bit binaries ASLR control. +.It Dv kern.elf64.aslr.pie_enable
svn commit: r350630 - head/sys/dev/oce
Author: kevans Date: Tue Aug 6 13:09:20 2019 New Revision: 350630 URL: https://svnweb.freebsd.org/changeset/base/350630 Log: oce(4): potential out of bounds access before vector validation Submitted by: Augustin Cavalier Obtained from:Haiku (ec2b89264cfc63e05e611cce82cc449197403aa4) MFC after:3 days Modified: head/sys/dev/oce/oce_if.c Modified: head/sys/dev/oce/oce_if.c == --- head/sys/dev/oce/oce_if.c Tue Aug 6 12:19:09 2019(r350629) +++ head/sys/dev/oce/oce_if.c Tue Aug 6 13:09:20 2019(r350630) @@ -836,11 +836,13 @@ oce_fast_isr(void *arg) static int oce_alloc_intr(POCE_SOFTC sc, int vector, void (*isr) (void *arg, int pending)) { - POCE_INTR_INFO ii = >intrs[vector]; + POCE_INTR_INFO ii; int rc = 0, rr; if (vector >= OCE_MAX_EQ) return (EINVAL); + + ii = >intrs[vector]; /* Set the resource id for the interrupt. * MSIx is vector + 1 for the resource id, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350627 - head/share/man/man4
Author: tuexen Date: Tue Aug 6 11:26:30 2019 New Revision: 350627 URL: https://svnweb.freebsd.org/changeset/base/350627 Log: Reference the RFC instead of the internet draft. MFC after:1 week Sponsored by: Netflix, Inc. Modified: head/share/man/man4/cc_newreno.4 head/share/man/man4/mod_cc.4 Modified: head/share/man/man4/cc_newreno.4 == --- head/share/man/man4/cc_newreno.4Tue Aug 6 10:29:19 2019 (r350626) +++ head/share/man/man4/cc_newreno.4Tue Aug 6 11:26:30 2019 (r350627) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 19, 2018 +.Dd August 6, 2019 .Dt CC_NEWRENO 4 .Os .Sh NAME @@ -117,10 +117,7 @@ Default is 80. .%A "Grenville Armitage" .%A "Gorry Fairhurst" .%T "TCP Alternative Backoff with ECN (ABE)" -.%R "internet draft" -.%D "February 2018" -.%N "draft-ietf-tcpm-alternativebackoff-ecn" -.%O "work in progress" +.%O "RFC 8511" .Re .Sh ACKNOWLEDGEMENTS Development and testing of this software were made possible in part by grants Modified: head/share/man/man4/mod_cc.4 == --- head/share/man/man4/mod_cc.4Tue Aug 6 10:29:19 2019 (r350626) +++ head/share/man/man4/mod_cc.4Tue Aug 6 11:26:30 2019 (r350627) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 19, 2018 +.Dd August 6, 2019 .Dt MOD_CC 4 .Os .Sh NAME @@ -84,7 +84,7 @@ one of the names listed by the .Va net.inet.tcp.cc.available MIB variable. .It Va abe -Enable support for draft-ietf-tcpm-alternativebackoff-ecn, +Enable support for RFC 8511, which alters the window decrease factor applied to the congestion window in response to an ECN congestion signal. Refer to individual congestion control man pages to determine if they implement ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r350625 - head/sys/netinet
Author: tuexen Date: Tue Aug 6 08:33:21 2019 New Revision: 350625 URL: https://svnweb.freebsd.org/changeset/base/350625 Log: Fix build issues for the userland stack on Raspbian. Modified: head/sys/netinet/sctp_output.c head/sys/netinet/sctputil.c Modified: head/sys/netinet/sctp_output.c == --- head/sys/netinet/sctp_output.c Tue Aug 6 03:54:27 2019 (r350624) +++ head/sys/netinet/sctp_output.c Tue Aug 6 08:33:21 2019 (r350625) @@ -12534,7 +12534,7 @@ sctp_lower_sosend(struct socket *so, struct thread *p ) { - ssize_t sndlen = 0, max_len; + ssize_t sndlen = 0, max_len, local_add_more; int error, len; struct mbuf *top = NULL; int queue_only = 0, queue_only_for_init = 0; @@ -12556,7 +12556,6 @@ sctp_lower_sosend(struct socket *so, int got_all_of_the_send = 0; int hold_tcblock = 0; int non_blocking = 0; - uint32_t local_add_more; ssize_t local_soresv = 0; uint16_t port; uint16_t sinfo_flags; @@ -12860,7 +12859,7 @@ sctp_lower_sosend(struct socket *so, free_cnt_applied = 1; if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_NO_FRAGMENT)) { - if (sndlen > asoc->smallest_mtu) { + if (sndlen > (ssize_t)asoc->smallest_mtu) { SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); error = EMSGSIZE; goto out_unlocked; @@ -12888,7 +12887,7 @@ sctp_lower_sosend(struct socket *so, if ((SCTP_SB_LIMIT_SND(so) < (amount + inqueue_bytes + stcb->asoc.sb_send_resv)) || (stcb->asoc.chunks_on_out_queue >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { SCTP_LTRACE_ERR_RET(inp, stcb, net, SCTP_FROM_SCTP_OUTPUT, EWOULDBLOCK); - if (sndlen > SCTP_SB_LIMIT_SND(so)) + if (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(so)) error = EMSGSIZE; else error = EWOULDBLOCK; @@ -13070,7 +13069,7 @@ sctp_lower_sosend(struct socket *so, /* Unless E_EOR mode is on, we must make a send FIT in one call. */ if ((user_marks_eor == 0) && - (sndlen > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { + (sndlen > (ssize_t)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { /* It will NEVER fit */ SCTP_LTRACE_ERR_RET(NULL, stcb, net, SCTP_FROM_SCTP_OUTPUT, EMSGSIZE); error = EMSGSIZE; @@ -13087,20 +13086,20 @@ sctp_lower_sosend(struct socket *so, } if (user_marks_eor) { - local_add_more = min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); + local_add_more = (ssize_t)min(SCTP_SB_LIMIT_SND(so), SCTP_BASE_SYSCTL(sctp_add_more_threshold)); } else { /*- * For non-eeor the whole message must fit in * the socket send buffer. */ - local_add_more = (uint32_t)sndlen; + local_add_more = sndlen; } len = 0; if (non_blocking) { goto skip_preblock; } if (((max_len <= local_add_more) && - (SCTP_SB_LIMIT_SND(so) >= local_add_more)) || + ((ssize_t)SCTP_SB_LIMIT_SND(so) >= local_add_more)) || (max_len == 0) || ((stcb->asoc.chunks_on_out_queue + stcb->asoc.stream_queue_cnt) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { /* No room right now ! */ @@ -13108,7 +13107,7 @@ sctp_lower_sosend(struct socket *so, inqueue_bytes = stcb->asoc.total_output_queue_size - (stcb->asoc.chunks_on_out_queue * SCTP_DATA_CHUNK_OVERHEAD(stcb)); while ((SCTP_SB_LIMIT_SND(so) < (inqueue_bytes + local_add_more)) || ((stcb->asoc.stream_queue_cnt + stcb->asoc.chunks_on_out_queue) >= SCTP_BASE_SYSCTL(sctp_max_chunks_on_queue))) { - SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %d) || (%d+%d > %d)\n", + SCTPDBG(SCTP_DEBUG_OUTPUT1, "pre_block limit:%u <(inq:%d + %zd) || (%d+%d > %d)\n", (unsigned int)SCTP_SB_LIMIT_SND(so), inqueue_bytes, local_add_more, @@ -13241,7 +13240,7 @@ skip_preblock: else max_len = 0; - if ((max_len > SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || + if ((max_len > (ssize_t)SCTP_BASE_SYSCTL(sctp_add_more_threshold)) || (max_len && (SCTP_SB_LIMIT_SND(so) < SCTP_BASE_SYSCTL(sctp_add_more_threshold))) || (uio->uio_resid && (uio->uio_resid <= max_len))) {