If uverbs_user_mmap_disassociate() is called while the mmap is
concurrently doing exit_mmap then the ordering of the
rdma_user_mmap_entry_put() is not reliable.
The put must be done before uvers_user_mmap_disassociate() returns,
otherwise there can be a use after free on the ucontext, and a left over
entry in the xarray. If the put is not done here then it is done during
rdma_umap_close() later.
Add the missing put to the error exit path.
Linux commit:
39c011a538272589b9eb02ff1228af528522a22c
PR: 264473
MFC after: 3 days
Sponsored by: NVIDIA Networking
The kernel commit cited below restructured ib device management
so that the device kobject is initialized in ib_alloc_device.
As part of the restructuring, the kobject is now initialized in
procedure ib_alloc_device, and is later added to the device hierarchy
in the ib_register_device call stack, in procedure
ib_device_register_sysfs (which calls device_add).
However, in the ib_device_register_sysfs error flow, if an error
occurs following the call to device_add, the cleanup procedure
device_unregister is called. This call results in the device object
being deleted -- which results in various use-after-free crashes.
The correct cleanup call is device_del -- which undoes device_add
without deleting the device object.
The device object will then (correctly) be deleted in the
ib_register_device caller's error cleanup flow, when the caller invokes
ib_dealloc_device.
Linux commit:
b312be3d87e4c80872cbea869e569175c5eb0f9a
PR: 264472
MFC after: 3 days
Sponsored by: NVIDIA Networking
The loop iteration in iommu_gas_lowermatch checks the bound
a->common->lowaddr twice per loop iteration. Rewrite to test only once
per iteration. Do not worry about passing to iommu_gas_match_one a
range wholly beyond lowaddr. Since that function checks the upper end
of the range against lowaddr, it'll get rejected there.
Reviewed by: alc
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D35522
The vfs_flags() macro was used to make the code compatible
with Mac OSX, for the Mac OSX port.
For FreeBSD, this macro just obscured the code, so
remove it to clean up the code.
This commit should not result in a semantics change.
Commit 4b8365d752 introduced the ability to dynamically register
VM object types, for use by tmpfs, which creates swap-backed objects.
As a part of this, checks for such objects changed from
object->type == OBJT_DEFAULT || object->type == OBJT_SWAP
to
object->type == OBJT_DEFAULT || (object->flags & OBJ_SWAP) != 0
In particular, objects of type OBJT_DEFAULT do not have OBJ_SWAP set;
the swap pager sets this flag when converting from OBJT_DEFAULT to
OBJT_SWAP.
A few of these checks are done without the object lock held. It turns
out that this can result in false negatives since the swap pager
converts objects like so:
object->type = OBJT_SWAP;
object->flags |= OBJ_SWAP;
Fix the problem by adding explicit tests for OBJT_SWAP objects in
unlocked checks.
PR: 258932
Fixes: 4b8365d752 ("Add OBJT_SWAP_TMPFS pager")
Reported by: bdrewery
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35470
- Remove the AIO proc zone. This zone gets one allocation per AIO
daemon process, which isn't enough to warrant a dedicated zone. Plus,
unlike other AIO structures, aiops are small (32 bytes with LP64), so
UMA doesn't provide better space efficiency than malloc(9). Change
one of the malloc types in vfs_aio.c to make it more general.
- Don't set the NOFREE flag on the other AIO zones. This flag means
that memory allocated to the AIO subsystem is never freed back to the
VM, so it's always preferable to avoid using it when possible. NOFREE
was set without explanation when AIO was converted to use UMA 20 years
ago, but it does not appear to be required; all of the structures
allocated from UMA (per-process kaioinfo, kaiocb, and aioliojob) keep
track of references and get freed only when none exist. Plus, these
structures will contain dangling pointer after they're freed (e.g.,
the "cred", "fd_file" and "uiop" fields of struct kaiocb), so
use-after-frees are dangerous even when the structures themselves are
type-stable.
Reviewed by: asomers
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35493
BPF headers are word-aligned when copied into the store buffer. Ensure
that pad bytes following the preceding packet are cleared.
Reported by: KMSAN
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Otherwise zone initializers can produce false positives, e.g., when
lock_init() attempts to detect double initialization.
Sponsored by: The FreeBSD Foundation
In December after a failed MFV due to a now understood issue I had with
git -- git aborts with extremely large MFV -- this patch was removed
during the revert. Restore this patch.
PR: 264238
Fixes: 4b72b91a71
MFC after: 1 week
geli_probe_and_attach() does pick geli_devsw structure for
encrypted disks, the implementation depends on device
name "disk" when device type is DEVT_DISK, but geli_devsw is
setting name field "gelidisk".
PR: 264282
Submitted by: yamagi@yamagi.org
Reported by: yamagi@yamagi.org
MFC after: 2 weeks
Add documentation for gethostbyname_r, gethostbyname2_r and gethostbyaddr_r
Create proper MLINKs for the new functions.
PR: 249154
Reported by: asomers@
Approved by: manpages (0mp@), Pau Amma
Differential Revision: https://reviews.freebsd.org/D30469
Document the RB_AUGMENT macro, and provide an example of its use.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D35518
Detect the end of the disk condition. This may happpen when
disk image is truncated and the reads are addressing blocks past
image end.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35432
panic() is using multiple services - attempting to read
keyboard, accessing time functions and finally, exiting the loader.
Protect all the accessed listed above. Note, when BS are off,
we really can not just exit the loader, we only can reboot.
MFC after: 1 week
The definition of "APPLE" was used by the Mac OSX port.
For FreeBSD, this definition is never used, so remove
the references to it to clean up the code.
This commit should not result in a semantics change.
Add kf_pipe_buffer_[in/out/size] fields to kf_pipe, and populate them.
Add a kf_kqueue struct to the kf_un union, to allow querying kqueue state,
and populate it.
Populate the kf_sock_rcv_sb_state and kf_sock_snd_sb_state fields in
kf_sock for INET/INET6 sockets, and populate all other fields for all
transport layer protocols, not just TCP.
Bump __FreeBSD_version.
Differential revision: https://reviews.freebsd.org/D34184
Reviewed by: jhb, kib, se
MFC after: 1 week
The current situation is fairly confusing, where an integer is interpreted
as a percent until you slap a decimal on it and magically it becomes an
absolute value.
Let's have a flag day in 14.0 and remove this shim entirely. Setting with
percent can still be useful, so allow a trailing '%' to indicate as such.
As a side effect, we tighten down the format allowed in the volume a little
bit by ensuring there's no trailing garbage after the value once it's
separated into left and right components.
Reviewed by: christos, hselasky, pauamma_gundo.com (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D35101
The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for assorted functions
defined in nfs_clrpcops.c and called in nfs_clvnops.c and
nfs_clstate.c.
This commit should not result in a semantics change.
The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for assorted functions
defined in nfs_clrpcops.c and called in nfs_clvnops.c and
nfs_clvfsops.c. Future commits will do the same for other functions.
This commit should not result in a semantics change.
This avoids relying on the `includes` target to generate this header
which must be in .OBJDIR for the ncurses library to find it.
With an upcoming change libcompat build won't build a seperate
sysroot and will instead share with the 64-bit target which means the
`includes` target will not be called.
Sponsored by: DARPA, AFRL
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35510
If iommu_gas_find_space() ever called iommu_gas_uppermatch(), and it
succeeded in allocating space, then the subsequent KASSERT would be
triggered. Change that KASSERT to accept either success or ENOMEM.
MFC after: 1 week
Honor -q parameter and do not display any warning messages when -q is
specified.
Approved by: dfr
MFC after: 2 weeks
Sponsored by: Resulta, s.r.o.
Differential Revision: https://reviews.freebsd.org/D35511
It may not be known at compile time so we should detect it at run time.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35118
Add clean up on failure and a detach function to the pci host generic
driver.
Reviewed by: jhb (earlier version)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35291
- Add the missing RANDOM_PURE_QUALCOMM description
- Make RANDOM_PURE_VMGENID consistent with the other pure sources
by including "PURE_" in the description.
Approved by: csprng (cem)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35412
If isc-dhcp44-server is not installed (as is the case the project's CI
servers) we don't create ngctl.shutdown, causing the 'rm' to fail.
That in turn causes the cleanup function to return non-zero, which
causes kyua to consider the test failed.
Use 'rm -f' instead, so we don't error even if the file doesn't exist.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for assorted functions
defined in nfs_clrpcops.c and called in nfs_clvnops.c.
Future commits will do the same for other functions.
This commit should not result in a semantics change.
The "void *stuff" (also called fstuff and dstuff) argument
was used by the Mac OSX port. For FreeBSD, this argument
is always NULL, so remove it to clean up the code.
This commit gets rid of "stuff" for assorted functions
defined in nfs_clrpcops.c and called in nfs_clvnops.c.
Future commits will do the same for other functions.
This commit should not result in a semantics change.