FreshBSD

Skip VDEV_IO_DONE stage only for ZIO_TYPE_FREE.

Device removal code uses zio_vdev_child_io() with ZIO_TYPE_NULL parent,
that never happened before.  It confused FreeBSD-specific TRIM code,
which does not use VDEV_IO_DONE for logical ZIO_TYPE_FREE ZIOs.  As
result of that stage being skipped device removal ZIOs leaked references
and memory that supposed to be freed by VDEV_IO_DONE, making it stuck.

It is a quick patch rather then a nice fix, but hopefully we'll be able
to drop it all together when alternative TRIM implementation finally get
landed.

PR:                228750, 229007
Discussed with:        allanjude, avg, smh
Approved by:        re (delphij)
MFC after:        5 days
Sponsored by:        iXsystems, Inc.

Correct COMPAT* macro names in syscalls.master

Both ^/sys/compat/freebsd32/syscalls.master and ^/sys/kern/syscalls.master
cited "COMPAT[n] #ifdef" instead of "COMPAT_FREEBSD[n] #ifdef" in places.

Approved by:        re (glebius)

Avoid OOB reads in memmem(3).

commit 51bdcdc424bd7169c8cccdc2de7cad17f5ea0f70
Author: Alexander Monakov <amonakov at ispras.ru>
Date:   Fri Jun 30 00:35:33 2017 +0300

    fix OOB reads in Xbyte_memmem

    Reported by Leah Neukirchen.

Reviewed by:        emaste
Approved by:        re (kib)

pw: respect path specified using -V when writing pw.conf, and -C is not
explicitly specified.  -V path is already used to determine which file
to read default values from, so it's only logical to write them to the
same file.

PR:                231653
Reviewed by:        eugen, bapt
Approved by:        re (gjb), kib (mentor)
Differential Revision:        https://reviews.freebsd.org/D17566

Prevent flex(1) from generating calls to isatty(3) - and, in turn,
TIOCGETA ioctls - when parsing nsswitch.conf(5).

Reviewed by:        imp, markj
Approved by:        re (gjb)
MFC after:        2 weeks
Sponsored by:        DARPA, AFRL
Differential Revision:        https://reviews.freebsd.org/D17564

Various fixes for TLB management on RISC-V.

- Remove the arm64-specific cpu_*cache* and cpu_tlb_flush* functions.
  Instead, add RISC-V specific inline functions in cpufunc.h for the
  fence.i and sfence.vma instructions.
- Catch up to changes in the arm64 pmap and remove all the cpu_dcache_*
  calls, pmap_is_current, pmap_l3_valid_cacheable, and PTE_NEXT bits from
  pmap.
- Remove references to the unimplemented riscv_setttb().
- Remove unused cpu_nullop.
- Add a link to the SBI doc to sbi.h.
- Add support for a 4th argument in SBI calls.  It's not documented but
  it seems implied for the asid argument to SBI_REMOVE_SFENCE_VMA_ASID.
- Pass the arguments from sbi_remote_sfence*() to the SEE.  BBL ignores
  them so this is just cosmetic.
- Flush icaches on other CPUs when they resume from kdb in case the
  debugger wrote any breakpoints while the CPUs were paused in the IPI_STOP
  handler.
- Add SMP vs UP versions of pmap_invalidate_* similar to amd64.  The
  UP versions just use simple fences.  The SMP versions use the
  sbi_remove_sfence*() functions to perform TLB shootdowns.  Since we
  don't have a valid pm_active field in the riscv pmap, just IPI all
  CPUs for all invalidations for now.
- Remove an extraneous TLB flush from the end of pmap_bootstrap().
- Don't do a TLB flush when writing new mappings in pmap_enter(), only if

    [12 lines not shown]

Add support for Error Recovery

Submitted by:Vaishali.Kulkarni at cavium.com
Approved by:re(kib)
MFC after:5 days

Typo.

Submitted by:        Fred Schlechter <freds at vailsys.com>
Approved by:        re (gjb)
MFC after:        3 days

Reload the LDT selector after an AMD-v #VMEXIT.

cpu_switch() always reloads the LDT, so this can only affect the
hypervisor process itself.  Fix this by explicitly reloading the host
LDT selector after each #VMEXIT.  The stock bhyve process on FreeBSD
never uses a custom LDT, so this change is cosmetic.

Reviewed by:        kib
Tested by:        Mike Tancsa <mike at sentex.net>
Approved by:        re (gjb)
MFC after:        2 weeks

Don't call dlopen(3) for built-in NSS types - "cache", "compat",
"dns", "files", "db", and "nis". It saves some path lookups during
binary startup.

Reviewed by:        markj
Approved by:        re (gjb, kib)
MFC after:        2 weeks
Sponsored by:        DARPA, AFRL
Differential Revision:        https://reviews.freebsd.org/D17557

iavf(4): Finish rename/rebrand internally

Rename functions and variables from ixlv to iavf to match the
user-facing name change. There shouldn't be any functional changes
with this change, but this may help with browsing the source code
and reducing diffs in the future.

Submitted by:   kbowling@
Reviewed by:    erj@, sbruno@
Approved by:        re (gjb@)
Differential Revision:  https://reviews.freebsd.org/D17544

Remove stale libcasper(3) shared libraries following the
OpenSSL 1.1.1 update.

Reported by:        des
Approved by:        re (kib)
Sponsored by:        The FreeBSD Foundation

Initialize SPRG0 before its first possible use

At early boot, PCPU_GET(), that obtains a pointer from SPRG0, was being
used with SPRG0 not yet initialized. If it pointed to an invalid
address, the machine would hang.

Approved by:        re(gjb), jhibbits(mentor)

MFC r339241:
Disallow zero day of month from strptime("%d").

PR:        232072

Add .Xrs to kqueue(2) from pdfork(2) and procdesc(4), to make EVFILT_PROCDESC
easier to find.

Approved by:        re (rgrimes)
MFC after:        2 weeks
Sponsored by:        DARPA, AFRL

zfs: fix a panic after failed mount

r338927("zfs: depessimize zfs_root with rmlocks") failed to error check
the mount before caching root vnode.

Results in crashes in rrw_enter_read_impl tracing back to zfs_mount.

Reported by:        Mike Tancsa
Tested by:        allanjude
Approved by:        re (kib)

em/igb/ix(4): Port two Tx/Rx fixes made to ixl in r339338

- Fix assert/panic on receive when Jumbo Frames are enabled.

From the commit I made to ixl:
"It turns out that *_isc_rxd_available is supposed to return how many
packets are available to be cleaned on the rx ring. This patch removes
a section of code where if the budget argument is 1, the function would return
one if there was a descriptor available, not necessarily a packet.

This is okay in regular mtu 1500 traffic since the max frame size is less
than the configured receive buffer size (2048), but this doesn't work when
received packets can span more than one  descriptor, as is the case when the
mtu is 9000 and the receive buffer size is 4096."

- Fix possible Tx hang because *_isc_txd_credits_update returns incorrect result

From the commit by Krzysztof Galazka to ixl: "Function isc_txd_update_credits
called with clear set to false should return 1 if there are TX descriptors
already handled by HW. It was always returning 0 causing troubles with UDP TX
traffic."

PR:             231659
Reported by:    lev@
Approved by:        re (gjb@)
Sponsored by:   Intel Corporation

MFC r336027 (andrew): Teach binutils that arm64 is a 64bit architecture.

This is needed to cross build from arm64 to other architectures that
use binutils.

elfcopy: delete filter_reloc, it is broken and unnecessary

elfcopy contained logic to filter individual relocations in STRIP_ALL
mode.  However, this is not valid; relocations emitted by the linker are
required, unless they apply to an entire section being removed (which is
handled by other logic in elfcopy).

Note that filter_reloc was also buggy: for RELA relocation sections it
operated on uninitialized rel.r_info resulting in invalid operation.

The logic most likely needs to be inverted: instead of removing
relocations because their associated symbols are being removed, we must
keep symbols referenced by relocations.  That said, in practice we do
not encounter this code path today: objects being stripped are either
dynamically linked binaries which retain .dynsym, or static binaries
with no relocations.

Just remove filter_reloc.  This fixes certain cases including statically
linked binaries containing ifuncs.  Stripping binaries with relocations
referencing removed symbols was already broken, and after this change
may still be broken in a different way.

PR:                232176
Reviewed by:        kaiw, kib, markj
Approved by:        re (rgrimes)

    [3 lines not shown]

amd64: partially depessimize cpu_fetch_syscall_args and cpu_set_syscall_retval

Vast majority of syscalls take 6 or less arguments. Move handling of other
cases to a fallback function. Similarly, special casing for _syscall
and __syscall
magic syscalls is moved away.

Return is almost always 0. The change replaces 3 branches with 1 in the common
case. Also the 'frame' variable convinces clang not to reload it on each access.

Reviewed by:        kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17542

amd64: convert libc bcopy to a C func to avoid future bloat

The function is of limited use and is an almost a direct clone of
memmove/memcpy (with arguments swapped). Introduction of ERMS variants
of string routines would mean avoidable growth of libc.

bcopy will get redefined to a __builtin_memmove later on with this
symbol only left for compatibility.

Reviewed by:        kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17539

amd64: import updated kernel memmove to libc

bcopy is left alone as it is expected to be converted to a C func.

Due to header mess ALIGN_TEXT is temporarily defined explicitly in memmove.S

Reviewed by:        kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17538

strptime: disallow zero hour for %I (defined by POSIX as [01,12]) and %l
(extension, defined in strftime(3) as 1-12).

Approved by:        re (gjb), kib (mentor)
Differential Revision:        https://reviews.freebsd.org/D17543

MFC r339288: Remove extra thread_exit() call left after r329802.

spa_condense_indirect_thread() is no longer a thread function, but just
a callback for new zthr KPI.

Make `mfiutil show progress` print out the elapsed time estimate in a
more humanized way

PR:                225993
Submitted by:        Enji Cooper <yaneurabeya at gmail.com>
Reviewed by:        jhb (previous version)
Approved by:        re (rgrimes)

Document that sendfile(2) can return ENOTCAPABLE

PR:                232207
Submitted by:        Enji Cooper <yaneurabeya at gmail.com>
Approved by:        re (rgrimes)

cxgbe(4): Fix a divide-by-zero that occurs when hw.cxgbe.toecaps_allowed
is set to 0 with a kernel that has both TCP_OFFLOAD and RATELIMIT.

Approved by:        re@ (gjb@)
Sponsored by:        Chelsio Communications

capsicum: provide cap_rights_fde_inline

Reading caps is in the hot path (on each successful fd lookup), but
completely unnecessarily requires a function call.

Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation

ixl/iavf: Update ixl(4) and iavf(4) [previously ixlv] man pages

Since there have been major updates to both drivers in r339338,
refresh the man pages with new and updated information.

Reviewed by:    sbruno@, 0mp@, jeffrey.e.pieper at intel.com, manpages
Approved by:        re (gjb@, kib@)
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D15927

In udp_input() when walking the pcblist we can come across
an inp marked FREED after the epoch(9) changes.
Check once we hold the lock and skip the inp if it is the case.

Contrary to IPv6 the locking of the inp is outside the multicast
section and hence a single check seems to suffice.

PR:                232192
Reviewed by:        mmacy, markj
Approved by:        re (kib)
Differential Revision:        https://reviews.freebsd.org/D17540

ixl/iavf(4): Change ixlv to iavf and update it to use iflib(9)

Finishes the conversion of the 40Gb Intel Ethernet drivers to iflib(9) for
FreeBSD 12.0, and fixes numerous bugs in both ixl(4) and iavf(4).

This commit also re-adds the VF driver to GENERIC since it now compiles and
functions.

The VF driver name was changed from ixlv(4) to iavf(4) because the VF driver is
now intended to be used with future products, not just with Fortville/Fort Park
VFs.

A man page update that documents these drivers is forthcoming in a separate
commit.

Reviewed by:    sbruno@, kbowling@
Tested by:      jeffrey.e.pieper at intel.com
Approved by:        re (gjb@)
Relnotes:       yes
Sponsored by:   Intel Corporation
Differential Revision: https://reviews.freebsd.org/D16429

amd64: employ MEMMOVE in copyin/copyout

See r339205 for justification.

Reviewed by:        kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17526

MFC r339076

This has been edited slightly from the version in head.  In head, the probe
sections of dadone() were split out into separate functions.  In stable/11,
dadone() is still a single function.

So, for stable/11, this describes the change:

sys/cam/scsi/scsi_da.c:
        In the DA_CCB_PROBE_DONE case in dadone(), free the data pointer
        before returning.

  ------------------------------------------------------------------------
  r339076 | ken | 2018-10-01 13:00:46 -0600 (Mon, 01 Oct 2018) | 12 lines

  Fix a da(4) driver memory leak for SCSI SMR devices.

  In the probe case for SCSI SMR Host Aware or Most Managed drives, be sure
  to free allocated memory.

  sys/cam/scsi/scsi_da.c:
          In dadone_probezone(), free the data pointer before returning.

  Sponsored by:        Spectra Logic


    [3 lines not shown]

Call initializecpucache() before ifuncs are resolved.

The function tweaks CPU capabilities based on the VM platform and
tunables, which affected selection of the cache flush method before
ifuncs were used, and should affect the cache flush in the same way
after ifunc.

PR:        232081
Reported by:        phk
Analyzed by:        avg
Sponsored by:        The FreeBSD Foundation
Approved by:        re (gjb)

Initialize interrupt priority to 0 on all sources.

Without this hardware raises an interrupt regardless of any
pending bits set.

This fixes operation on RocketChip and derivatives (e.g. lowRISC).

Approved by:        re (kib)
Sponsored by:        DARPA, AFRL

bhyve: emulate CLFLUSH and CLFLUSHOPT.

Apparently CLFLUSH on mmio can cause VM exit, as reported in the PR.
I do not see that anything useful can be done except emulating page
faults on invalid addresses.

Due to the instruction encoding pecularity, also emulate SFENCE.

PR:        232081
Reported by:        phk
Reviewed by:        araujo, avg, jhb (all: previous version)
Sponsored by:        The FreeBSD Foundation
Approved by:        re (gjb)
MFC after:        1 week
Differential revision:        https://reviews.freebsd.org/D17482

Add support for the UART device found in lowRISC system-on-a-chip.

The only source of documentation for this device is verilog,
so driver is minimalistic.

Reviewed by:        Dr Jonathan Kimmitt <jrrk2 at cam.ac.uk>
Approved by:        re (kib)
Sponsored by:        DARPA, AFRL

Add ZIO_TYPE_FREE support for indirect vdevs.

Upstream code expects only ZIO_TYPE_READ and some ZIO_TYPE_WRITE
requests to removed (indirect) vdevs, while on FreeBSD there is also
ZIO_TYPE_FREE (TRIM).  ZIO_TYPE_FREE requests do not have the data
buffers, so don't need the pointer adjustment.

PR:                228750, 229007
Reviewed by:        allanjude, sef
Approved by:        re (kib)
MFC after:        1 week
Differential Revision:        https://reviews.freebsd.org/D17523

Replace libldns's bootstrap dependency on libcrypto with one on libssl
(which in turn has a bootstrap dependency on libcrypto).

Submitted by:        jkim
Approved by:        re (gjb)

r217592 moved the check for imo in udp_input() into the conditional block
but leaving the variable assignment outside the block, where it is no longer
used. Move both the variable and the assignment one block further in.

This should result in no functional changes. It will however make upcoming
changes slightly easier to apply.

Reviewed by:                markj, jtl, tuexen
Approved by:                re (kib)
Differential Revision:        https://reviews.freebsd.org/D17525

Move libssl up in the bootstrap order.

Submitted by:        jkim
Approved by:        re (gjb)

Add libssl to libldns for DANE.

Approved by:        re (gjb)

MFC r339197: Add sysctls for dbuf metadata cache variables added in r336959.

MODULE_PNP_INFO(9): catch up with r338948, and remove the element size
parameter from the man page.

Reviewed by:        cem, imp
Approved by:        re (gjb), kib (mentor)
Differential Revision:        https://reviews.freebsd.org/D17436

MFC 338055: Remove some vestiges of IPI_LAZYPMAP on i386.

The support for lazy pmap invalidations on i386 was removed in r281707.
This removes the constant for the IPI and stops accounting for it when
sizing the interrupt count arrays.

MFC r339237: Fix r336951 mismerge -- use of uninitialized variable.

MFC r339235:
Add missing steering rules for virtual function, VF, in mlx4en(4) driver.

When acting as a VF it is required to add steering rules for all unicast
addresses. Even if promiscious mode is selected. Else incoming data packets
will be dropped.

Sponsored by:                Mellanox Technologies

Loader GELI support, like lua loader, seems to be broken on PowerPC as
well as on SPARC64 and can cause boot failures even when no encrypted
disks are present. Presumably, the reasons, while unknown, are the same
and most-likely are the result of some endian-unsafe code. Pending
finding the actual problem, extend the blacklist entry for these parts
of loader on SPARC to also cover all PowerPC platforms.

Approved by:        re (kib)

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX