The break-before-make operation required to promote or demote a
superpage leaves a window where the KMSAN runtime can trigger a fatal
data abort. More specifically, the code in pmap_update_entry() which
executes after ATTR_DESCR_VALID is cleared may implicitly attempt to
access KMSAN context via curthread, but we may be promoting or demoting
a 2MB page containing the curthread structure.
Reviewed by: imp
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43158
This works identically to amd64. In particular, only the
bus_dma_bounce_impl busdma implementation handles KMSAN at the moment.
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43157
This is mostly a copy of amd64's msan.h, except that we currently do not
avoid shadowing the kernel itself, and we need a more restrictive upper
bound in kmsan_md_unsupported() to avoid probing non-existent shadow
mappings of device mappings.
Reviewed by: imp
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43156
- Call kmsan_intr_enter() when an exception occurs. This ensures that
code running in the exception context does not clobber thread-local
KMSAN state.
- Ensure that stack memory containing trap frames is treated as
initialized.
Co-authored-by: Alexander Stetsenko <alex.stetsenko@klarasystems.com>
Reviewed by: imp
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43155
Both are the same size as the kernel map.
Reviewed by: imp
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43154
This is a backport of upstream commit d1e9f03b89:
ck_pr/aarch64: Specify output operands for ck_pr_md_store_*
As in commit 2f9acab, we want to specify output operand widths so that
MSAN compiler instrumentation correctly updates the shadow map. In
particular, LLVM's implementation depends on having type information for
output operands, even when that's not otherwise necessary. Without it,
KMSAN in FreeBSD generates false positives on aarch64.
Reviewed by: cognet
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
These are needed for arm64 support.
Co-authored-by: Alexander Stetsenko <alex.stetsenko@klarasystems.com>
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
The presence of -fno-sanitize-memory-param-retval without an
accompanying -fsanitize=kernel-memory triggers a compiler error.
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Let Azure use the image directly built by the release engineering team.
Reviewed by: emaste
Approved by: cperciva (re)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41906
libpthread contains the symbols we need when statically linked. This
was a leftover from a prior version of ef9871c620 that I failed to
remove before I pushed.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D43782
CVE-2020-24370 is a security vulnerability in lua. Although the CVE
description in CVE-2020-24370 said that this CVE only affected lua
5.4.0, according to lua this CVE actually existed since lua 5.2. The
root cause of this CVE is the negation overflow that occurs when you
try to take the negative of 0x80000000. Thus, this CVE also exists in
openzfs. Try to backport the fix to the lua in openzfs since the
original fix is for 5.4 and several functions have been changed.
https://github.com/advisories/GHSA-gfr4-c37g-mm3vhttps://nvd.nist.gov/vuln/detail/CVE-2020-24370https://www.lua.org/bugs.html#5.4.0-11https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb1786
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: ChenHao Lu <18302010006@fudan.edu.cn>
Closes#15847
The allows gcc + GNU ld to link programs with -m32 -pthread without
erroring out due to _umtx_op_err being undefined (unless -lsys is added
to the link command.
We now always link _umtx_op_err into libthr (not just when it's static)
and filter it with libsys so we call that implementation. The dynamic
implementations (at least the assembly ones) should likely become stubs
as a further refinement.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43783
When very large pools are present, it can be laborious to find
reasons for why a pool is degraded and/or where an unhealthy vdev
is. This option filters out vdevs that are ONLINE and with no errors
to make it easier to see where the issues are. Root and parents of
unhealthy vdevs will always be printed.
Testing:
ZFS errors and drive failures for multiple vdevs were simulated with
zinject.
Sample vdev listings with '-e' option
- All vdevs healthy
NAME STATE READ WRITE CKSUM
iron5 ONLINE 0 0 0
- ZFS errors
NAME STATE READ WRITE CKSUM
iron5 ONLINE 0 0 0
raidz2-5 ONLINE 1 0 0
L23 ONLINE 1 0 0
L24 ONLINE 1 0 0
L37 ONLINE 1 0 0
- Vdev faulted
NAME STATE READ WRITE CKSUM
iron5 DEGRADED 0 0 0
raidz2-6 DEGRADED 0 0 0
L67 FAULTED 0 0 0 too many errors
- Vdev faults and data errors
NAME STATE READ WRITE CKSUM
iron5 DEGRADED 0 0 0
raidz2-1 DEGRADED 0 0 0
L2 FAULTED 0 0 0 too many errors
raidz2-5 ONLINE 1 0 0
L23 ONLINE 1 0 0
L24 ONLINE 1 0 0
L37 ONLINE 1 0 0
raidz2-6 DEGRADED 0 0 0
L67 FAULTED 0 0 0 too many errors
- Vdev missing
NAME STATE READ WRITE CKSUM
iron5 DEGRADED 0 0 0
raidz2-6 DEGRADED 0 0 0
L67 UNAVAIL 3 1 0
- Slow devices when -s provided with -e
NAME STATE READ WRITE CKSUM SLOW
iron5 DEGRADED 0 0 0 -
raidz2-5 DEGRADED 0 0 0 -
L10 FAULTED 0 0 0 0 external device fault
L51 ONLINE 0 0 0 14
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Cameron Harr <harr1@llnl.gov>
Closes#15769
In a follow-up revision the gdb stub will support sending an XML target
description to gdb, which lets us send additional registers, including
the ones added in this patch.
Reviewed by: jhb
MFC after: 1 month
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D43665
This lets gdb query individual registers. It's easy to implement and is
used by gdb when attaching to a CHERI target, so let's support it.
Sponsored by: Innovate UK
Reviewed by: corvink, jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43664
I merged in the limits.h include. I should have resolved this by
deleting it (since we have no easy way to 'fix' it with compat headers).
GENERIC doesn't bring in the debugger, but LINT does...
Sponsored by: Netflix
We need to use libsys.so.7 so that we can work without /usr and because
we're bound a specific ABI.
Reported by: jtrc27, kib
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43772
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
As a separate commit, now move locore-v6.S to locore.S. This makes git
annotate work, at least back to 2014 when Ian created locore-v6.S. svn
didn't save enough metadata for the converter to allow it to go back
further.
Sponsored by: Netflix
Use locore-v6.S directly, rather than indirectly via including
locore.S. This loses acle-compat.h inclusion, but that's only needed for
gcc 4.8 and earlier. Since we don't support anything that old, there's
no need for it here.
Sponsored by: Netflix
AT91 boot2 loaders have been long gone, and don't support the AT91 parts
that have armv7 cores (since we don't have specific support for
that). Mentioning its interface is OBE, so remove it.
Sponsored by: Netflix
systm.h was included for boothowto here, but it's not used here, so drop
this include. Also sys/cdefs.h isn't needed, drop it too.
Sponsored by: Netflix
Newer versions of archanist have an --ansi option to always include the
ansi colors when doing an arc list (or any command really). Add this to
the arc list that's relevant. Add filter to filter out the 'bolding'
though since that interferes with our parsing. This should restore the
color output after df834e06bb.
Fixes: df834e06bb
Sponsored by: Netflix
Reviewed by: markj, jhb
Differential Revision: https://reviews.freebsd.org/D43459
This reverts commit 407345752d.
No longer needed since helpers are moved to /lib.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D43758
The redirection pool stored in r->rpool.cur is used for loadbalancing
and cur can change whenever loadbalancing happens, which is for every
new connection. Therefore it can't be trusted outside of pf_map_addr()
and the r->rpool->mtx mutex. After evaluating the ruleset, loadbalancing
decission is made in pf_map_addr() called from within pf_create_state()
and stored in the state itself.
This patch modifies BOUND_IFACE() so that it only uses the information
already stored in the state which has been obtained in a way which
respects the r->rpool->mtx mutex.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D43741
The return values of copyin() and copyout() must be checked.
vm_snapshot_buf_cmp() is unused by the kernel and was incorrectly
implemented, so just remove it.
Reviewed by: markj
Sponsored by: vStack
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43754
Allows the development, testing and deployment of netmap(4)-based code
on arm64 without having to recompile the kernel. netmap(4) is already
in the amd64 and powerpc64 default configs, so it does not seem
unreasonable to also provide it on arm64 by default.
Note that netmap(4) is useful even on systems without NIC that fully
support it.
Reviewed by: vmaffione
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43702
The regression affected ACPI-based systems without EFI poweroff support
(including VMs).
The key reason for the regression is that I overlooked that poweroff is
requested by RB_POWEROFF | RB_HALT combination of flags. In my opinion,
that command is a bit bipolar, but since we've been doing that forever,
then so be it. Because of that flag combination, the order of
shutdown_final handlers that check for either flag does matter.
Some additional complexity comes from platform-specific shutdown_final
handlers that aim to handle multiple reboot options at once. E.g.,
acpi_shutdown_final handles both poweroff and reboot / reset. As
explained in 9cdf326b4f, such a handler must run after shutdown_panic to
give it a chance. But as the change revealed, the handler must also run
before shutdown_halt, so that the system can actually power off before
entering the halt limbo.
Previously, shutdown_panic and shutdown_halt had the same priority which
appears to be incompatible with handlers that can do both poweroff and
reset.
The above also applies to power cycle handlers.
PR: 276784
Reported by: many
Tested by: Katsuyuki Miyoshi <katsubsd@gmail.com>,
Masachika ISHIZUKA <ish@amail.plala.or.jp>
Fixes: 9cdf326b4f run acpi_shutdown_final later to give other handlers a chance
MFC after: 1 week
create_qp_handle_resp_common_cleanup should be void
__ibv_cleanup_wq should use wq->cond for cond destroy
both issues were overlooked in:
a687910 ('Cleanup pthread locks in ofed RDMA verbs')
Signed-off-by: Bartosz Sobczak <bartosz.sobczak@intel.com>
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: sean.lim@dell.com, vangyzen@, erj@
MFC after: 1 day
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D43491
On Linux the ioctl_ficlonerange() and ioctl_ficlone() system calls
are expected to either fully clone the specified range or return an
error. The range may be for an entire file. While internally ZFS
supports cloning partial ranges there's no way to return the length
cloned to the caller so we need to make this all or nothing.
As part of this change support for the REMAP_FILE_CAN_SHORTEN flag
has been added. When REMAP_FILE_CAN_SHORTEN is set zfs_clone_range()
will return a shortened range when encountering pending dirty records.
When it's clear zfs_clone_range() will block and wait for the records
to be written out allowing the blocks to be cloned.
Furthermore, the file range lock is held over the region being cloned
to prevent it from being modified while cloning. This doesn't quite
provide an atomic semantics since if an error is encountered only a
portion of the range may be cloned. This will be converted to an
error if REMAP_FILE_CAN_SHORTEN was not provided and returned to the
caller. However, the destination file range is left in an undefined
state.
A test case has been added which exercises this functionality by
verifying that `cp --reflink=never|auto|always` works correctly.
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes#15728Closes#15842
Otherwise, with the default flm_debug_level of LOG_NOTICE, it's rather
easy to trigger debug messages such as:
[fib_algo] inet.0 (bsearch4#18) rebuild_fd_flm: switching algo to
radix4_lockless
Also, the "severity" of these events generally only justifies LOG_INFO
and not LOG_NOTICE.
Reviewed by: melifaro
SDHCI_QUIRK_MISSING_CAPS needs to be set unconditionally so sdhci(4)
adheres to the slot caps and caps2 set by sdhci_fsl_fdt(4). However,
so far this bug didn't have an impact as the front-end only filters
SDHCI_CAN_DO_SUSPEND, which in turn isn't used, yet.
Merge tracking branch 'vendor/acpica' for vendor/acpica/20230628, and
resolve conflicts.
This deletes files that we've deleted since the last merge (during SVN
times it seems) so future merges don't bring them up.
It resolves conflicts in several files that we have modified (but we can
likely fix the build system so we don't have to modify them since it's
almost all headers) and one ifndef kernel that could be solved with an
empty #define.
It also deletes new files in the platform directory that are similar to
prior non-freebsd platform files we've deleted.
The net delta: +1 line.
Sponsored by: Netflix
The redirection pool stored in r->rpool.cur is used for loadbalancing
and cur can change whenever loadbalancing happens, which is for every
new connection. Therefore it can't be trusted outside of pf_map_addr()
and the r->rpool->mtx mutex. After evaluating the ruleset, loadbalancing
decission is made in pf_map_addr() called from within pf_create_state()
and stored in the state itself.
This patch modifies BOUND_IFACE() so that it only uses the information
already stored in the state which has been obtained in a way which
respects the r->rpool->mtx mutex.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D43741