memory_model(7): create and document pointer provenance
Add a skeleton manpage intended to describe the FreeBSD memory model.
To start out, add documentation of pointer provenance and a cross link
to atomic(9).
Provide some advice on preserving provenance in CHERI and reference
more detailed discussions elsewere.
Effort: CHERI upstreaming
Reviewed by: kib, adrian, markj, emaste
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D57812
rtld: Check for -1 as an-end-of-section marker
rtld calls functions in the .init_array section one at a time, until
it finds a distinguished sentinel value. The C runtime does the same
thing (in crtend.c). However, that checks for the sentinel -1 and not
1. If one is using a linker that unifies .ctors and .init_array, then
rtld will miss the sentinel value. I believe the author of this code
intended to write -1 instead of 1. Indeed, changing the code to also
check for -1 prevents rtld from attempting to call a non-existent
function. The same is true of .dtors and .fini_array.
Signed-off-by: Daniel Levin <daniellevin2607 at gmail.com>
Reviewed by: kib
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/2270
(cherry picked from commit 45a0cb52d3d62f8caae420b93e4b8c76ae3bc766)
sched_ule: Fix off by one in preempt_thresh definition
Since 'preempt_thresh' is set to PRI_MIN_KERN by default, and comparison
of the considered thread's priority with that threshold is done with
'<=', PRI_MIN_KERN threads actually can preempt other threads, contrary
to other non-interrupt kernel ones (between PRI_MIN_KERN + 1 and
PRI_MAX_KERN).
So, replace the comparison operator '<=' by '<'. The alternative would
be to change the default value, but changing the comparison instead has
the benefit to be consistent with the 0 setting (which forbids
preemption entirely), since allowing only threads with priority 0 to
preempt becomes possible.
Consequently, we also change the default value for the FULL_PREEMPTION
option by adding 1 to PRI_MAX_IDLE (in practice, that does not make any
difference in the current setting, since no preemption will happen if
the new priority value is not strictly lower than the current one, and
PRI_MAX_IDLE is PRI_MAX, the highest possible priority).
[8 lines not shown]
nfs_commonkrpc.c: Improve handling of NFSv4.1/4.2 recovery
Commit 4d80d4913e79 fixed a long standing bug in the recovery
code. However. glebius@ reported seeing multiple
recovery cycles with this patch during an NFSv4.1/4.2
server reboot.
This commit should minimize the risk of multiple
recovery cycles.
PR: 294925
(cherry picked from commit ea4886f2829bf33866c8c0c60b14a9641fc54b40)
nfs_commonkrpc.c: Improve handling of NFSv4.1/4.2 recovery
Commit 4d80d4913e79 fixed a long standing bug in the recovery
code. However. glebius@ reported seeing multiple
recovery cycles with this patch during an NFSv4.1/4.2
server reboot.
This commit should minimize the risk of multiple
recovery cycles.
PR: 294925
(cherry picked from commit ea4886f2829bf33866c8c0c60b14a9641fc54b40)
nfs: Fix argument typo to avoid a crash
A typo resulted in the wrong argument for a bytewise
comparison that could result in a crash if
the incorrect argument was not a valid pointer.
This patch fixes the argument.
While investigating this, I noticed that the
correct argument was not being filled in as
required, so this patch fixes that, as well.
Somehow, recovery from a NFSv4.1/4.2 server
crash worked during testing, so this was not
detected. The bug/patch only affects NFS
client mounts using NFSv4.1/4.2.
PR: 294925
(cherry picked from commit 4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4)
nfs: Fix argument typo to avoid a crash
A typo resulted in the wrong argument for a bytewise
comparison that could result in a crash if
the incorrect argument was not a valid pointer.
This patch fixes the argument.
While investigating this, I noticed that the
correct argument was not being filled in as
required, so this patch fixes that, as well.
Somehow, recovery from a NFSv4.1/4.2 server
crash worked during testing, so this was not
detected. The bug/patch only affects NFS
client mounts using NFSv4.1/4.2.
PR: 294925
(cherry picked from commit 4d80d4913e79c8b5918b1f04c1c7b38e6c76b9b4)
build.7: explain how to build KBI-compatible standalone module
Reviewed by: imp, kevans
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D57859
libusb: don't treat EINVAL from USB_FS_COMPLETE as device detach
ugen20_process() treats any non-EBUSY errno returned by USB_FS_COMPLETE
as device detach and returns LIBUSB20_ERROR_OTHER. This causes libusb10
to set device_is_gone and fail all subsequent transfer with
LIBUSB_ERROR_NO_DEVICE.
However, USB_FS_COMPLETE can also return EINVAL when a completion
references an endpoint that no longer exists, for example after
SET_INTERFACE or SET_CONFIG removes and recreates endpoints. This is a
transient condition and does not indicate device detach.
Treat EINVAL the same as EBUSY and stop draining completions. This
prevents a guest selecting an isochronous streaming altsetting from
permanently breaking the passed-through device.
Reviewed by: bapt
Event: Halifax Hackathon 202606
Location: Peggy's Cove Rock
[2 lines not shown]
netinet6: refactor in6_pcbconnect()
If the inpcb is already bound to a local address, there is no reason to
call in6_pcbladdr(). If the inpcb is already bound to a local port, there
is no reason to call in_pcb_lport_dest(). In the opposite case, if the
inpcb is not bound, and we are about to choose a non-conflicting local
addr:port, then there is no reason to call in6_pcblookup_internal().
This change makes in6_pcbconnect() to look much more alike the IPv4
in_pcbconnect(). I tracked this strange logic all the way down to initial
KAME import and failed to find any reasoning for it.
Reviewed by: pouria
Differential Revision: https://reviews.freebsd.org/D57534
zfsd: Improve spare selection
Port OpenZFS PRs #18597 and #18578 from zed to zfsd.
When activating a spare, sort candidates before trying them:
1. Distributed dRAID spare matching the failed vdev's group (fastest
rebuild via sequential resilver)
2. Regular spares
3. Non-matching distributed spares (kernel will reject anyway)
4. Within each tier: prefer rotational match, then smallest
sufficient size
Also try all healthy spares in order rather than stopping at the
first one, and use sequential rebuild for distributed spares.
bhyve: Use a blocking socket in the helper process
The send_packet callback does not handle EAGAIN, and on the recv side we
already use poll() and MSG_DONTWAIT to implement a non-blocking loop.
PR: 291616
Tested by: novel
Fixes: 0e62ebd20172 ("bhyve: Move the slirp backend out into a separate process")
Differential Revision: https://reviews.freebsd.org/D54340
(cherry picked from commit daef625cf884dea33d50ad7a0e2da0879a442495)
bhyve/slirp: Drop privileges before entering capability mode
When in restricted mode, the slirp-helper process enters a capsicum
sandbox, after which we cannot look up the uid for the "nobody" user.
Reverse the order.
Reported by: kp
Fixes: 0e62ebd20172 ("bhyve: Move the slirp backend out into a separate process")
(cherry picked from commit b0c7eaf83d21bbc333e247ab9e136965b3ca54ed)
divert: Avoid using atomic_(load|store)_(acq|rel)_16
It's not implemented on some arches. Use a plain int to count the
number of sockets in a divert lbgroup.
Reported by: Jenkins
Fixes: 895a0ae67fe2 ("divert: Define semantics for SO_REUSEPORT_LB on divert sockets")
(cherry picked from commit c564074c9aaa8a3f9273de3cb802edcb3e2e2a40)
divert: Define semantics for SO_REUSEPORT_LB on divert sockets
Allow SO_REUSEPORT_LB to be set on divert sockets. If set, then bind()
will add the socket to a "load-balancing group". When a divert-to rule
matches a port with an associated group, the corresponding state ID is
used to select a specific socket from the group. Packets without an
associated state are simply forwarded to the first socket in the group.
For now I only pass a state ID from pf, as I couldn't see a useful
identifier on the ipfw side.
This implementation is simple but has a caveat, that being that if
sockets are added to the group while flows are being processed, the size
of the group will change and this changes the mapping of state IDs to
sockets. So, to get a consistent mapping, the divert socket application
must bind all of its sockets before any traffic is diverted by the
firewall.
Reviewed by: glebius
MFC after: 1 month
[5 lines not shown]
arch.7: used title case for .Ss headings
Do capitalize "size". Don't gratutiously capitalize "char" any more
than we do "make" further down.
Reviewed by: emaste
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D57820
Add kernel manpages for bcopy, memcpy, and memmove
We will add variants of memcpy and memmove to support CHERI so
bootstrap the manpages from section 3.
Mark bcopy as deprecated.
Reviewed by: imp, kib, emaste
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D57661
jail: clean up locking around do_jail_attach
jail_attach_jd passed PD_DEREF to do_jail_attach, assuming it would take
care of freeing the held prison. This is not true, as do_jail_attach
immediately cleared that flag, leaving the jail stock in dying state
when it is later removed.
Reported by: markj
Reviewed by: markj
MFC after: 3 days
Differential Revision: <https://reviews.freebsd.org/D57674>
kern: osd: trash a slot's methods upon deregistration
This both lets us quickly identify a slot that's been deallocated while
debugging, and forces us to take a fault if something tries to call one
of the methods anyways somehow with osd_destructors[slot - 1] == NULL.
Reviewed by: imp, jamie
Differential Revision: https://reviews.freebsd.org/D48075
kern: osd: abstract away the math for locating a slot method
It's relatively simple, but we'll do it a couple of times; pull it
out into a macro.
Reviewed by: imp (previous version), jamie
Differential Revision: https://reviews.freebsd.org/D48074
adduser: Normalize supplemental groups
Rather than insist on a space-separated list, normalize the input so
that any number of spaces, commas, colons, or semicolons are accepted.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D57774
fwcam: add IIDC 1394 FireWire camera driver
Add fwcam(4), a driver for IIDC v1.30 (TA Document 1999023) digital
cameras over IEEE 1394.
Supports Format_0 (VGA) video modes with isochronous receive DMA,
feature control (brightness, exposure, gain, shutter, white balance,
focus, etc.), poll/kqueue, and hot-plug via bus reset handling.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57685
firewire: add shared helpers for ISO receive drivers
Add fw_helpers.h with common static inline helpers for FireWire ISO
receive drivers: async xfer wait with timeout and tlabel cleanup,
quadlet read/write, and ISO mbuf management.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57684
