pci: bcm2838: cleanup on attach failure to fix devmatch panic
Specifically on the RPi CM4, we currently don't set the controller up
right and it never moves into the ready state (we don't observe the link
active bit). Failure to cleanup here actually results in a panic not
long after, due to a use-after-free in the rman bits. Further down in
pci_host_generic, we have some rman stashed in the softc that are
initialized and placed onto the rman tailq, then the softc is later
freed without an rman_fini() to pull them off of the tailq properly.
Note that PCIe on this board won't come up at boot without something
plugged in, so it currently can't be booted with an empty slot with the
intent to hotplug a supported card. Some issues with controller startup
have been observed with Broadcom NICs in the wild, but no problems have
been observed with other NICs and a variety of different PCIe cards.
Shout-out to Vince <git at darkain.com> for the extensive debugging and
analysis to arrive at this conclusion.
[3 lines not shown]
lualoader: add be-list and be-switch commands
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
(cherry picked from commit c7ff706b31c22f10c2403869c46b443448da3e08)
pci: pci_host_generic: provide cleanup methods outside of detach
If device_attach() fails, we're expected to actually cleanup after
ourselves because device_detach() will not be called. Factor out the
cleanup bits that don't rely on attach having actually succeeded so
that we can cleanup properly in bcm2838_pci.
Reviewed by: andrew, imp
(cherry picked from commit 31a94ec32b53ebf6227bc868ce4f7aa07650680d)
kern: ofw: provide ofw_bus_destroy_iinfo to teardown interrupt-map
For symmetry with ofw_bus_setup_iinfo, the next commits will use it to
properly cleanup on failure in bcm2838_pci.
Reviewed by: andrew
(cherry picked from commit b230a7b9a52c0fc948f4f1dcd1225a94674073f6)
linuxkpi: work with numpages > 1 in the set_pages_*() KPIs
These calls are used for buddy pages at least in drm's ttm_pool, which
leads to a panic when we invoke lowmem handlers and drm tries to shrink
the pool.
Cope with numpages > 1 by traversing the contiguous pages and executing
the adjustment there, as well, as suggested by markj@. Previous
versions have tried to use the corresponding `set_memory_*()` functions,
but it is believed that not updating `md.pat_mode` breaks subsequent
userspace mappings in ways that may result in things like screen tearing
or other artifacts when running i915kms.
This stabilized my amdgpu laptop running two VMs, chromium and a
concurrent buildworld.
Reviewed by: bz, markj
(cherry picked from commit 67f7f2781daa9bd398b424ffe2bd0be67f37f03d)
(cherry picked from commit 8dad29555a5807bf21941807752e1589e20312de)
devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.
PR: 295045
Reviewed by: kevans
(cherry picked from commit b2e4da0b53ad082768b8f6f83766e030fd00d02a)
jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.
PR: 295052
Reviewed by: kevans
(cherry picked from commit 58811b0ae096c134af372bcf475aea1d8d0e3c08)
fexecve(2): call out a scenario where you want !O_EXEC
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
(cherry picked from commit 9c18d55a768a3e60ecaba1325e9a3e00a25dee26)
cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: bcr, kevans
(cherry picked from commit 91bfba010bcda665cc24a76af631cc85fcb0c688)
ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.
As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).
Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist. It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.
[3 lines not shown]
lualoader: add be-list and be-switch commands
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
(cherry picked from commit c7ff706b31c22f10c2403869c46b443448da3e08)
pci: bcm2838: cleanup on attach failure to fix devmatch panic
Specifically on the RPi CM4, we currently don't set the controller up
right and it never moves into the ready state (we don't observe the link
active bit). Failure to cleanup here actually results in a panic not
long after, due to a use-after-free in the rman bits. Further down in
pci_host_generic, we have some rman stashed in the softc that are
initialized and placed onto the rman tailq, then the softc is later
freed without an rman_fini() to pull them off of the tailq properly.
Note that PCIe on this board won't come up at boot without something
plugged in, so it currently can't be booted with an empty slot with the
intent to hotplug a supported card. Some issues with controller startup
have been observed with Broadcom NICs in the wild, but no problems have
been observed with other NICs and a variety of different PCIe cards.
Shout-out to Vince <git at darkain.com> for the extensive debugging and
analysis to arrive at this conclusion.
[3 lines not shown]
pci: pci_host_generic: provide cleanup methods outside of detach
If device_attach() fails, we're expected to actually cleanup after
ourselves because device_detach() will not be called. Factor out the
cleanup bits that don't rely on attach having actually succeeded so
that we can cleanup properly in bcm2838_pci.
Reviewed by: andrew, imp
(cherry picked from commit 31a94ec32b53ebf6227bc868ce4f7aa07650680d)
linuxkpi: work with numpages > 1 in the set_pages_*() KPIs
These calls are used for buddy pages at least in drm's ttm_pool, which
leads to a panic when we invoke lowmem handlers and drm tries to shrink
the pool.
Cope with numpages > 1 by traversing the contiguous pages and executing
the adjustment there, as well, as suggested by markj@. Previous
versions have tried to use the corresponding `set_memory_*()` functions,
but it is believed that not updating `md.pat_mode` breaks subsequent
userspace mappings in ways that may result in things like screen tearing
or other artifacts when running i915kms.
This stabilized my amdgpu laptop running two VMs, chromium and a
concurrent buildworld.
Reviewed by: bz, markj
(cherry picked from commit 67f7f2781daa9bd398b424ffe2bd0be67f37f03d)
(cherry picked from commit 8dad29555a5807bf21941807752e1589e20312de)
kern: ofw: provide ofw_bus_destroy_iinfo to teardown interrupt-map
For symmetry with ofw_bus_setup_iinfo, the next commits will use it to
properly cleanup on failure in bcm2838_pci.
Reviewed by: andrew
(cherry picked from commit b230a7b9a52c0fc948f4f1dcd1225a94674073f6)
devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.
PR: 295045
Reviewed by: kevans
(cherry picked from commit b2e4da0b53ad082768b8f6f83766e030fd00d02a)
fexecve(2): call out a scenario where you want !O_EXEC
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
(cherry picked from commit 9c18d55a768a3e60ecaba1325e9a3e00a25dee26)
jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.
PR: 295052
Reviewed by: kevans
(cherry picked from commit 58811b0ae096c134af372bcf475aea1d8d0e3c08)
ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.
As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).
Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist. It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.
[3 lines not shown]
ssp: fix our gets_s implementation under _FORTIFY_SOURCE
Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.
Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.
PR: 294881
Reviewed by: markj
(cherry picked from commit d98f4f0698ef0c5178882c544b4c38542d4780f0)
cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: bcr, kevans
(cherry picked from commit 91bfba010bcda665cc24a76af631cc85fcb0c688)
compat32 wait4/6(2): only copy out when there is a pid to report
PR: 295965
Reported and tested by: mandree
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57513
GCE: Apply public-image label on GCE images
Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.
MFC after: 3 days
linux: Add TCP_INFO support
Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.
MFC after: 1 month
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55882
loader.efi: Search boot device before foreign ZFS pools
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
jail: Don't double-free the current prison in kern_jail_set/get
Reported by: Yuxiang Yang, et al <yangyx22 at mails.tsinghua.edu.cn>
Discussed with: markj
MFC after: 3 days
Avoid incorrect UFS1 timestamp corrections when system clock fails at boot.
Git 1111a44301da - main - Defer the January 19, 2038 date limit in
UFS1 file systems to February 7, 2106 - did so by changing the UFS1
32-bit signed timestamps to unsigned. With this change, time stamps
from before January 1, 1970 went from being negative numbers to
large positive numbers implying times in the future. When such a
time stamp is encountered when an inode is read into memory or when
it is encountered by fsck, its timestamp is replaced with the
kernel's current time.
Andre Albsmeier reported that he had a machine reboot after a power
failure and the battery that maintained its real-time clock had
died. The result was that the system booted with the time set to
five years earlier (absent a real-time clock value, the boot ROM
used the time that the boot ROM had last been updated). The net
result was that fsck reset the time stamps of all files newer than
five years old to the five year old time.
[31 lines not shown]
reap_kill_subtree_once: when proctree_lock is dropped, reaper might change
Recalculate it to iterate over the right set of processes.
Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away. The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
proc: add tree ref count
Owning the reference prevents reuse of the struct proc.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
connectat(2): do not enable EMPTYPATH for AT_FDCWD
This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.
Reported by: eduardo
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57509
