If cnt == 0 we access element 0 unconditionally, which is out of bounds,
and then if that doesn't crash and happens to be 0 we will access
element - 1, also out of bounds, and then if that doesn't crash will add
1 to whatever junk is there and use that for the variable. On CHERI,
though, this does crash. This code is also overly complicated, with
unnecessary special cases and tracking more state than needed.
Rewrite it in a more general manner that doesn't need those special
cases and naturally works for cnt == 0.
Found by: CHERI
Reviewed by: imp
Fixes: 1285bcc833 ("Import Netflix's efibootmgr to help manage UEFI boot variables")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44029
Some calls, e.g., action frames cause us to call through all the
way down to firmware from the RX path without any deferral in
net80211.
For LinuxKPI and iwlwifi this goes (with omissions) like this:
lkpi_napi_task -> linuxkpi_ieee80211_rx -> ieee80211_input_mimo ->
sta_input -> ht_recv_action_ba_addba_request ->
lkpi_ic_ampdu_rx_start -> iwl_mvm_mac_ampdu_action ->
iwl_trans_txq_send_hcmd. At that point we are waiting for an
interrupt from the firmware but given the lkpi_napi_task has not
finished (and may have more to dispatch based on budget and what
was received) we will not see the new interrupt/fw response.
With no answer from the firmware, the software timeout in the
driver kills the command and the firmware and issues a complete
restart.
Implement the deferred RX path in LinuxKPI for the moment.
At a later point we should carefully shift this into net80211.
This fixes the hangs for (*ic_ampdu_rx_start)() calls with iwlwifi.
MFC after: 3 days
PR: 276083
Reviewed by: cc
Differential Revision: https://reviews.freebsd.org/D43968
Use the macro "UART_CLASS()" for the newly created data set
'uart_class_set' as we do for other data sets.
This further hides the data set name.
Also add UART_CLASS for quicc, which was previously not done.
MFC after: 1 week
Improves: 949670f8f4 dev/uart: Use a linker set to find uart classes
Obtained from: jhb, 269e99ac86
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D43981
Enabling 11n for ath(4) so far was handled by a kernel option, which
was only enabled for certain kernel configurations.
In order to allow loading ath(4) as a module with 11n support on
all platforms, remove the kernel option and unconditionally enable
11n in ath(4).
Reported by: pkubaj
Discussed with: adrian in D43549.
Reviewed by: adrian, imp
Differential Revision: https://reviews.freebsd.org/D43964
Ideally we'd be able to use LDADD_foo here for all our various libs and
get the implicit dependencies, but rescue is a bit special. Historically
this was just used to pick up the "private" in the name automatically
(as far as I can tell), but now that _DP_pthread includes c we end up
pulling in a -lc from this (along with -lcompiler_rt and -lsys). This
results in -lc being before -lmd (and after, implictly, from the
compiler driver), which, for the specific situation here, results in
both libc.a's and libmd.a's md5c.o being included, giving duplicate
definitions of _libmd_MD5Init and other symbols. With LLD 16+ we
currently make that not an error for other reasons (which should
probably be fixed), but not for older versions, nor for BFD, and so the
build fails.
Fix all this by just using -lprivatezstd in place of LDADD_zstd, which
results in the exact same clang command line as we used to have prior to
adding c (and sys) to _DP_pthread when linking rescue. Note that bsdbox
already uses -lprivatezstd rather than LDADD_zstd.
This reverts commit 5fead429eb.
Reviewed by: imp
Fixes: 99ea675731 ("lib{c,sys}: move auxargs more firmly into libsys")
The goal of reserving firmware-assigned resources is to ensure that
"wildcard" resource allocation requests will not claim an address
range that is actually in use even if no attached driver is actively
using that range. However, the current approach can break in some
cases.
In particular, ACPI can enumerate devices behind PCI bridges that
don't show up in a normal PCI scan, but those device_t objects can end
up as direct children of acpi0. Reserving resources for those devices
directly from acpi0 ends up conflicting with later attempts to reserve
the PCI bridge windows.
As a workaround, defer reserving unclaimed resources until after the
initial probe and attach scan. Eventually this pass of reserving
unclaimed resources can be moved earlier, but it requires changes to
other drivers in the tree to permit enumerating devices and reserving
firmware-assigned resources in a depth-first traversal before
attaching devices whose drivers request wildcard allocations.
PR: 272507
Reported by: Justin Tocci <justin@tocci.org>
Reported by: john@feith.com, many others
Tested by: Oleg Sidorkin <osidorkin@gmail.com>, dch
All other architectures set NEW_PCIB in DEFAULTS, with arm being the one
remaining straggler that only sets it for GENERIC and TEGRA124.
ARMADA38X and ARMADAXP contain device pci but don't set NEW_PCIB,
however GENERIC claims to support them and as part of that NEW_PCIB
support was added to mv_pci, so these configs are most likely just
stale. Other than NOTES that just leaves ALPINE as the one kernel with
PCI support not covered by GENERIC, but al_pci is supported by arm64
which enables NEW_PCIB, and it's just a generic_pcie_fdt_driver with
some fixup code to deal with quirks so should support PCI_RES_BUS just
fine. Therefore it is believed that all in-tree kernel configs support
NEW_PCIB in reality, and so let's take a step towards removing all the
non-NEW_PCIB code by having it always-on everywhere.
Reviewed by: emaste, jhb, manu
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43806
When BEARSSL is enabled, we pull in libsecureboot, which has EFI
dependencies which don't exist on powerpc. This needs to be detangled,
but until then mark it as broken.
Sponsored by: Netflix
vdev_write_bootenv_impl can only return success. Instead, return the
last error. This will make any write errors more visible. The old code
masked kboot's inability to write bootenv.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44018
Don't assume that strategy is only called for read. Check the passed
flag for F_READ or F_WRITE and fail if it is neither. Open the disks for
writing and call host_read/host_write depending on that flag.
Sponsored by: Netflix
Reviewed by: kevans, gallatin
Differential Revision: https://reviews.freebsd.org/D44016
Enable BTI in binaries loaded by the kernel. When the ELF file contains
the needed note indicating BTI is supported set the guarded page flag
for all segments.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42441
This is used to enable the guard page when an elf binary is built with
BTI instructions.
Reviewed by: markj
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39453
Add a rangeset to the arm64 pmap to describe which address space needs
the Branch Target Identification (BTI) Guard Page flag set in the page
table.
On hardware that supports BTI the Guard Page flag tells the hardware
to raise an exception if the target of a BR* and BLR* instruction is
not an appropriate landing pad instruction.
To support this in userspace we need to know which address space
should be guarded. For this add a rangeset to the arm64 pmap when the
hardware supports BTI. The kernel can then use pmap_bti_set and
pmap_bti_clear mark and unmark which address space is guarded.
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42328
Use %p instead of wrongly casting to uintptr_t and printing with %lx.
Reported by: bapt
Fixes: 9a687d1fe3 ('x86/xen: introduce a Xen early init function')
Sponsored by: Cloud Software Group
Unify the HVM and PVH early setup, byt making both rely on the hypervisor
initialization hook part of identify_hypervisor().
The current initialization takes care of the hypercall page, the sahred info
page and does any fixup necessary to metadata video console information if
FreeBSD is booted as the initial domain (so the video console is handed from
Xen into FreeBSD).
Note this has the nice side effect of also allowing to use the Xen console on
HVM guests, which allows to get rid of the QEMU emulated uart and still get
a nice text console.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43764
Hypervisor detection is done very early on x86, and so can be used to also do
some very early hypervisor related initialization. Such initialization is
required when running as a Xen PVH guest, as for example the PIT needs to be
replaced with an hypervisor based timecounter.
Introduce an optional hook that gets called as part of the early hypervisor
detection.
No functional change intended.
Sponsored by: Cloud Software Group
Reviewed by: markj kib
Differential revision: https://reviews.freebsd.org/D43763
Where possible, replace the usage of xen_cpuid_base for hv_base in preparation
for removing xen_cpuid_base.
No functional change intended.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43935
When FreeBSD is running as dom0 the video console metadata provided by the
bootloader might not be accurate, as Xen has very likely taken over the console
and possibly changed the mode.
Adjust the video console information in the kernel metadata as part of early
Xen initialization.
Sponsored by: Cloud Software Group
Reviewed by: imp
Differential revision: https://reviews.freebsd.org/D43934
As done with the hypercall page, move the setup fo the shared info page into
the newly introduced helper, which the aim of having a single helper and call
site used by both HVM and PV in order to setup the basic Xen environment.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43933
Start by moving the hyeprcall setup to such function.
The aim is to have a function that does all the required Xen early
initialization for both HVM and PVH, instead of having it scattered across
different paths.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43932
And instead fetch the metadata inside of the function.
This is done in preparation for changing the call site of fixup_console(),
which will no longer have the kernel metedata pointer in context.
No functional change intended.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43931
Filling the hypercall page with nops is not helpful from a debugging point of
view, as for example attempting to execute an hypercall before the page is
initialized will result in the execution flow falling through into
xen_start32, making the mistake less obvious to spot.
Instead fill the page with int3 (0xcc) which will result in a #BP trap.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43930
Some hypervisors can expose multiple signatures, for example Xen will expose
both the Xen and the HyperV signatures if Viridian extensions are enabled for
the guest. Presence of multiple signatures is currently not handled by
FreeBSD, that will exit once a known signature is found in cpuid output.
Exposing the HyperV signature on hypervisors different than HyperV is not
uncommon, this is done so that such hypervisor can expose a (subset) of the
Viridian extensions to Windows guests for performance reasons. Likely for
compatibility purposes the HyperV signature is always exposed on the first
leaf, and the Xen signature is exposed in the secondary leaf.
Fix the specific case of HyperV by not exiting from the scan if the HyperV
signature is found, and prefer a second signature if one is found.
Note that long term we might wish to convert vm_guest into a bitmap, so that it
can signal detection of multiple hypervisor interfaces.
Fixes: b0165dc453 ('x86/xen: fix HVM guest hypercall page setup')
PR: 276421
Sponsored by: Cloud Software Group
Reviewed by: markj kib
Differential revision: https://reviews.freebsd.org/D43508
The current xc_printf() function uses an hypercall in order to send character
buffers to the hypervisor for it to print on the hypervisor console (if the
hypervisor is configured to print such messages).
This requires the hypercall page to be initialized, which is extra work and can
go wrong.
On x86 instead of using the console IO hypercall use the debug console IO port,
also called "port E9 hack". This allows sending characters to Xen using an
outb instruction, without any initialization required.
Keep the previous hypervisor based implementation by using the weak attribute,
which allows each architecture to provide an alternate (arch-specific)
implementation.
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43929
When resuming from migration or suspension all regular event channels ports are
reset to the INVALID_EVTCHN value, and drivers should re-initialize them
according to the new value provided by the other end of the connection.
However, the driver would first attempt to unbind the event channel handler
before attempting to bind it using the newly provided port. This unbind uses
the stale event channel port that has been set to INVALID_EVTCHN for some
operations (notably as a result of the handler removal the interrupt subsystem
ends up calling disable intr and source PIC hooks).
This was fine when INVALID_EVTCHN was 0, as then the operation would just
result in pointless setting of the 0 bit in the different event channel related
control arrays (evtchn_{pending,mask} for example). However with the change to
define INVALID_EVTCHN as ~0 the write is no longer pointless, and we end up
triggering a page-fault, or corrupting random data that happens to be mapped at
the array position + ~0 bits.
In hindsight the change of INVALID_EVTCHN from 0 to ~0 was way more risky than
initially assessed, and I believe has end up resulting in more fragile code for
no real benefit.
Fix the disable intr and source wrappers to check whether the event channel is
valid before attempting to use it.
Also introduce some extra KASSERTs in several array accesses in order to avoid
out of bounds accesses if INVALID_EVTCHN ever reaches those functions.
Fixes: 1797ff9627 ('xen/intr: cleanup event channel number use')
MFC after: 1 week
Sponsored by: Cloud Software Group
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D43928
Emulate rm -f from the nextboot.sh script: Report all errors, except
ENOENT. This problems show through, except the expected one when
nextboot.conf isn't there.
Sponsored by: Netflix
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D44013
This is expected behavior for both dlopen(3) and fdlopen(3).
PR: 277169
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44019
Assign multi-touch slot number based on internal evdev MT state and
reported tracking ID of contact rather than on sequentional number of
contact in report.
Sponsored by: Serenity Cyber Security
Fixes: ef8397c28e ("add Magic Trackpad 2 (USB only) support")
MFC after: 1 month