GitLab

PR:		240573
Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33912

It has been reported that on some AWS instances VCPUOP_send_nmi
returns -38 (ENOSYS). The hypercall is only available for HVM guests
in Xen 4.7 and newer. Add a fallback to use the native NMI sending
procedure when VCPUOP_send_nmi is not available, so that the NMI is
not lost.

Reported and Tested by: avg
MFC after: 1 week
Fixes: b2802351 ('xen: fix dispatching of NMIs')
Sponsored by: Citrix Systems R&D

PR:	261136
Reported by:	Daniel O'Connor
MFC after:	2 weeks

Reviewed by:	cem, avg
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D33794

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D33792

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D33790

From a user point of view, this makes ^T work out of the box.

Reviewed By:	debdrup (man page)
Sponsored By:	EPSRC
Differential Revision:	https://reviews.freebsd.org/D33842

Printing %p does not need the 0x prefix and while here mark the
ieee80211_node_table argument unused given we do not need it in the
current incarnation of the function.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days

Since trie configuration remains invariant during each DXR instance
lifetime, instead of shifting and masking lookup keys by values
computed at runtime, compile upfront several dxr_lookup()
configurations with hardcoded shift / mask constants, and choose the
apropriate lookup function version after each DXR instance rebuild.

In synthetic tests this yields small but measurable (5-10%) lookup
throughput improvement, depending on FIB size and  prefix patterns.

MFC after:	3 days

enum ieee80211_channel_flags are used as bit fields and not as 1..n.
Correct the values using BIT(n).

This is also hoped to fix problems with 7260 cards which come up and
panic due to an empty channel list as all channels are set disabled [1].
It will hopefully also fix the one or other oddity.

Reported by:	ambrisko, Mike Tancsa (mike sentex.net) [1]
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days

HBSD: Disable INCLUDE_CONFIG_FILE

See merge request !53

Reported by: Glenn Tam

It was obtained from musl, and is MIT licensed.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation

Obtained from:	musl c53e9b239418

It is better to disable the INCLUDE_CONFIG_FILE option
so as not to include the kernel configuration file.
This allows to redure kernel infoleaks and thus to
complicate the life of the attacker which we have already
deprived of direct access to the kernel [1].

[1] commit 394e5e99

 ("HBSD: prevent kernel reading by non-root users")
Signed-off-by: Loic <loic.f@hardenedbsd.org>
Reported-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Issue: #47

MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")

The new lock introduced in 5f5e32f1 needs to be initialised early so
that it can be safely destroyed if we error out.

Reported-by: syzbot+d76113e9a4ae0c0fcac2@syzkaller.appspotmail.com
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")

If only one file is passed, this reads the terminating NULL and so
prints (null). If multiple files are passed then this always prints the
second file, which may or may not exist (and will be particularly
confusing if it does exist since the output will include the dump of the
second file).

MFC after:	1 week

Before commit 3cec5c77 buf_daemon() went to longer 1s sleep if
numdirtybuffers <= lodirtybuffers.  After that commit new condition
!BIT_EMPTY(BUF_DOMAINS, &bdlodirty) got opposite -- true when one
or more more domains is above lodirtybuffers.  As result, on freshly
booted system with no dirty buffers buf_daemon() wakes up 10 times
per second and probably only 1 time per second when there is actual
work to do.

MFC after:	1 week
Reviewed by:	kib, markj
Tested by:	pho
Differential revision:	https://reviews.freebsd.org/D33890

A case of undefined behavior in __fread() has been detected by UBSAN
and reported by Mark Millard:

/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying
zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior in
/usr/main-src/lib/libc/stdio/fread.c:133:10

While being benign (the NULL pointer is later passed to memcpy() with
a length argument of 0), this issue causes in the order of 600 Kyua
test cases to fail on systems running a world built with WITH_UBSAN
and WITH_ASAN.

The undefined behavior can be prevented by skipping operations that
have no effect for r == 0. Mark Millard has suggested to only skip
this code segment if fp->_p == NULL, but I have verified that for the
case of r == 0 no further argument checking is performed on the
addresses passed to memcpy() and thus no bugs are hidden from the
sanitizers due to the simpler condition chosen.

Reported by:	Mark Millard (marklmi@yahoo.com)
Tested by:	Mark Millard (marklmi@yahoo.com)
Differential Revision:	https://reviews.freebsd.org/D33903
MFC after:	2 weeks

Correct data types related to delivery traffic indication map (DTIM)/
timing synchronization function (TSF) and implement/refine their
handling.  This information is used/needed by iwlwifi to set a station
as associated.  This will hopefully avoid more "no beacon heard"
time event failures.

The recording of the Linux specific sync_device_ts is done in the
receive path for now in case we do have the right information
available.  I need to investigate as to how-much it may make sense
to also migrate it into net80211 in the future depending on the
usage in other drivers (or how we did handle this in the past in
natively ported versions, e.g. iwm).

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days

Rather than just bouncing back to SCAN bounce to INIT on connection
loss.  This is should be refined in the future as the comment already
indicates but we need to tie two different worlds together.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days

We do not include sys/rman.h and so machine/resource.h ends up not being
included by the time pci_private.h is included. This means PCI_RES_BUS
is never defined, and so the sc_bus member of pci_softc is not present
when compiling ofw_pci, resulting in the wrong softc size being passed
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member
are out-of-bounds reads or writes.

This is pretty fragile; arguably pci_private.h should be including
sys/rman.h, but this is the minimal needed change to fix the bug whilst
maintaining the status quo.

Found by:	CHERI
Reported by:	andrew

Some VM systems announce the frequency of the local APIC via the
CPUID leaf 0x40000010.  Using this allows us to boot slightly
faster by avoiding the need for timer calibration.

Reviewed by:	markj
Sponsored by:	https://www.patreon.com/cperciva

While this CPUID leaf was originally only used by VMWare, other
hypervisors now also use it to announce the TSC frequency to guests.

This speeds up the boot process by 100 ms in EC2 and other systems,
by allowing the early calibration DELAY to be skipped.

Reviewed by:	markj
Sponsored by:	https://www.patreon.com/cperciva

This allows us to set tsc_is_invariant and select appropriately
fenced versions of RDTSC based on the CPU type.

Reviewed by:	markj
Sponsored by:	https://www.patreon.com/cperciva

The default sysctl context setup by newbus for a device is eventually
freed by device_sysctl_fini, which runs after the device driver's detach
routine.  sysctl nodes associated with this context must not use any
resources (like driver locks, hardware access, counters, etc.) that are
released by driver detach.

There are a lot of sysctl nodes like this in cxgbe(4) and the fix is to
hang them off a context that is explicitly freed by the driver before it
releases any resource that might be used by a sysctl.

This fixes panics when running "sysctl dev.t6nex dev.cc" in a tight loop
and loading/unloading the driver in parallel.

Reported by:	Suhas Lokesha
MFC after:	1 week
Sponsored by:	Chelsio Communications