FreeBSD/src 354665head/usr.sbin/sesutil sesutil.c

sesutil: fix some memory leaks

Reported by:    Coverity
Coverity CID:   1331665
MFC after:      2 weeks
Sponsored by:   Axcient

FreeBSD/src 354664head/usr.sbin/sesutil sesutil.c

sesutil: fix an out-of-bounds array access

sesutil would allow the user to toggle an LED that was one past the maximum
element.  If he tried, ENCIOC_GETELMSTAT would return EINVAL.

Reported by:    Coverity
Coverity CID:   1398940
MFC after:      2 weeks
Sponsored by:   Axcient

FreeBSD/src 354663head/libexec/rtld-elf Makefile, head/libexec/rtld-elf32 Makefile

libcompat: Correct rtld MLINKS

Don't install duplicate ld-elf.so.1.1 and ld.so.1 links in rtld-elf32.
Do install lib-elf32.so.1.1 and ldd32.1 links.

Reported by:    madpilot

FreeBSD/src 354662head/lib/clang llvm.build.mk

Sync target triple generation with the version in Makefile.inc1.

Reviewed by:    dim
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22333

FreeBSD/src 354661head Makefile.inc1

Force MK_CLANG_IS_CC on in XMAKE.

This ensures that a bootstrap clang compiler is always installed as cc
in WORLDTMP.  If it is only installed as 'clang' then /usr/bin/cc is
used during the build instead of the bootstrap compiler.

Reviewed by:    imp
MFC after:      1 month
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22332
DeltaFile
+1-0head/Makefile.inc1
+1-01 files

FreeBSD/src 354660head/share/mk src.opts.mk

Enable the RISC-V LLVM backend by default.

Reviewed by:    dim, mhorne, emaste
MFC after:      1 month
Sponsored by:   DARPA
Differential Revision:  https://reviews.freebsd.org/D22284

FreeBSD/src 354659head/usr.sbin/bhyve mevent.c

bhyve: rework mevent processing to fix a race condition

At the end of both mevent_add() and mevent_update(), mevent_notify()
is called to wakeup the I/O thread, that will call kevent(changelist)
to update the kernel.
A race condition is possible where the client calls mevent_add() and
mevent_update(EV_ENABLE) before the I/O thread has the chance to wake
up and call mevent_build()+kevent(changelist) in response to mevent_add().
The mevent_add() is therefore ignored by the I/O thread, and
kevent(fd, EV_ENABLE) is called before kevent(fd, EV_ADD), resuliting
in a failure of the kevent(fd, EV_ENABLE) call.

PR:     241808
Reviewed by:    jhb, markj
MFC with:       r354288
Differential Revision:  https://reviews.freebsd.org/D22286

FreeBSD/src 354658stable 11, stable/11/sys/x86/include specialreg.h

MFC: Add new bit definitions for TSX, related to the TAA issue.  The actual
mitigation will follow in a future commit.

Obtained from:  Intel

FreeBSD/src 354657stable 12, stable/12/sys/x86/include specialreg.h

MFC: Add new bit definitions for TSX, related to the TAA issue.  The actual
mitigation will follow in a future commit.

Sponsored by:   Intel

FreeBSD/src 354656stable/11/release/doc/share/xml security.xml errata.xml

Document EN-19:18, EN-19:19, SA-19:25, SA-19:26.

Sponsored by:   Rubicon Communications, LLC (netgate.com)

FreeBSD/src 354655head/sys/x86/include specialreg.h, head/sys/x86/x86 identcpu.c

Add new bit definitions for TSX, related to the TAA issue.  The actual
mitigation will follow in a future commit.

Sponsored by:   Intel

FreeBSD/src 354654releng/11.3 UPDATING, releng/11.3/sys/conf newvers.sh

Add UPDATING entries and bump version numbers.

Approved by:    so

FreeBSD/src 354653releng/11.3/sys/amd64/amd64 pmap.c, releng/11.3/sys/dev/cpuctl cpuctl.c

Fix Machine Check Exception on Page Size Change.

Approved by:    so
Security:       FreeBSD-SA-19:25.mcepsc
Security:       CVE-2018-12207

FreeBSD/src 354652releng/12.0/stand/efi/loader bootinfo.c copy.c, releng/12.1/stand/efi/loader bootinfo.c copy.c

Fix UEFI Loader Memory Fragmentation.

Approved by:    so
Security:       FreeBSD-EN-19:19.loader

FreeBSD/src 354651stable 11, stable/11/sys/amd64/amd64 pmap.c

MFC r354649:
Workaround for Intel SKL002/SKL012S errata.

Security: CVE-2018-12207

FreeBSD/src 354650stable 12, stable/12/sys/amd64/amd64 pmap.c

MFC r354649:
Workaround for Intel SKL002/SKL012S errata.

Security: CVE-2018-12207

FreeBSD/src 354649head/share/man/man7 security.7, head/sys/amd64/amd64 pmap.c

Workaround for Intel SKL002/SKL012S errata.

Disable the use of executable 2M page mappings in EPT-format page
tables on affected CPUs.  For bhyve virtual machines, this effectively
disables all use of superpage mappings on affected CPUs.  The
vm.pmap.allow_2m_x_ept sysctl can be set to override the default and
enable mappings on affected CPUs.

Alternate approaches have been suggested, but at present we do not
believe the complexity is warranted for typical bhyve's use cases.

Reviewed by:    alc, emaste, markj, scottl
Security:       CVE-2018-12207
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D21884

FreeBSD/src 354648head/sys/dev/nvdimm nvdimm.c

nvdimm(4): Fix various problems when the using the second label index block

struct nvdimm_label_index is dynamically sized, with the `free`
bitfield expanding to hold `slot_cnt` entries. Fix a few places
where we were treating the struct as though it had a fixed sized.

Reviewed by:    cem
Approved by:    scottl (mentor)
MFC after:      1 week
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D22253

FreeBSD/src 354647head/sys/i386/i386 db_trace.c, head/sys/i386/include asmacros.h

i386: stop guessing the address of the trap frame in ddb backtrace.

Save the address of the trap frame in %ebp on kernel entry.  This
automatically provides it in struct i386_frame.f_frame to unwinder.

While there, more accurately handle the terminating frames,

Reviewed by:    avg, markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D22321

FreeBSD/src 354646head/sys/amd64/amd64 mp_machdep.c pmap.c, head/sys/amd64/include pcpu.h

amd64: move GDT into PCPU area.

Reviewed by:    jhb, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D22302

FreeBSD/src 354645head/sys/dev/nvdimm nvdimm_spa.c nvdimm_acpi.c

nvdimm(4): Only expose namespaces for accessible data SPAs

Apply the same user accessible filter to namespaces as is applied
to full-SPA devices. Also, explicitly filter out control region
SPAs which don't expose the nvdimm data area.

Reviewed by:    cem
Approved by:    scottl (mentor)
MFC after:      1 week
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D21987

FreeBSD/src 354644head/sys/amd64/amd64 machdep.c

amd64: assert that size of the software prototype table for gdt is equal
to the size of hardware gdt.

Reviewed by:    jhb, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D22302

FreeBSD/src 354643head/sys/netinet6 icmp6.c udp6_usrreq.c

netinet*: update *mp to pass the proper value back

In ip6_[direct_]input() we are looping over the extension headers
to deal with the next header.  We pass a pointer to an mbuf pointer
to the handling functions.  In certain cases the mbuf can be updated
there and we need to pass the new one back.  That missing in
dest6_input() and route6_input().  In tcp6_input() we should also
update it before we call tcp_input().

In addition to that mark the mbuf NULL all the times when we return
that we are done with handling the packet and no next header should
be checked (IPPROTO_DONE).  This will eventually allow us to assert
proper behaviour and catch the above kind of errors more easily,
expecting *mp to always be set.

This change is extracted from a larger patch and not an exhaustive
change across the entire stack yet.

PR:                   240135
Reported by:           prabhakar.lakhera gmail.com
MFC after:             3 weeks
Sponsored by:          Netflix

FreeBSD/src 354642stable 11, stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs spa.c

MFC r354360: Add vfs.zfs.zio.taskq_batch_pct tunable.

FreeBSD/src 354641stable 12, stable/12/sys/cddl/contrib/opensolaris/uts/common/fs/zfs spa.c

MFC r354360: Add vfs.zfs.zio.taskq_batch_pct tunable.

FreeBSD/src 354640stable 12, stable/12/cddl/contrib/opensolaris/cmd/zpool zpool.8

MFC r354437: fix zpool list property names

FreeBSD/src 354639head/usr.bin/netstat inet.c

netstat: igmp stats, error on unexpected information, not only warn

The igmp stats tend to print two lines of warning for an unexpected
version and length.  Despite an invalid version and struct size it
continues to try to do something with the data.  Do not try to parse
the remainder of the struct and error on warning.

Note the underlying issue of the data not being available properly
is still there and needs to be fixed seperately.

Reported by:    test cases, lwhsu
MFC after:      3 weeks

FreeBSD/src 354638head/sys/amd64/amd64 db_trace.c, head/sys/i386/i386 db_trace.c

teach db_nextframe/x86 about [X]xen_intr_upcall interrupt handler

Discussed with: kib, royger
MFC after:      3 weeks
Sponsored by:   Panzura

FreeBSD/src 354637head/sys/x86/xen xen_apic.c

xen: fix dispatching of NMIs

Currently NMIs are sent over event channels, but that defeats the
purpose of NMIs since event channels can be masked. Fix this by
issuing NMIs using a hypercall, which injects a NMI (vector #2) to the
desired vCPU.

Note that NMIs could also be triggered using the emulated local APIC,
but using a hypercall is better from a performance point of view
since it doesn't involve instruction decoding when not using x2APIC
mode.

Reported and Tested by: avg
Sponsored by:          Citrix Systems R&D

FreeBSD/src 354636stable/12 Makefile.inc1

allow NO_CLEAN builds to work after opensolaris_atomic.S removal in r354634

This is a direct commit modelled after r353408 in head.

FreeBSD/src 354635head/stand/libsa/zfs zfsimpl.c

reverting r354594

In our case the structure is more complex and simple static initializer
will upset compiler diagnostics - using memset is still better than building
more complext initializer.

FreeBSD/src 354634stable/12/sys/cddl/compat/opensolaris/kern opensolaris_atomic.c, stable/12/sys/cddl/contrib/opensolaris/common/atomic/aarch64 opensolaris_atomic.S

MFC r353381: emulate illumos membar_producer with atomic_thread_fence_rel

FreeBSD/src 354633head/usr.bin/netstat mroute.c

Fix netstat -gs with ip_mroute module and/or vnet

The code for "netstat -gs -f inet" failed if the kernel namelist did not
include the _mrtstat symbol. However, that symbol is not in a standard
kernel even with the ip_mroute module loaded, where the functionality is
available. It is also not in a kernel with MROUTING but also VIMAGE, as
there can be multiple sets of stats. However, when running the command
on a live system, the symbol is not used; a sysctl is used. Go ahead
and try the sysctl in any case, and complain that IPv4 MROUTING is not
present only if the sysctl fails with ENOENT. Also fail if _mrtstat is
not defined when running on a core file; netstat doesn't know about vnets,
so can only work if MROUTING was included, and VIMAGE was not.

Reviewed by:    bz
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D22311

FreeBSD/src 354632head/sys/ufs/ufs ufs_lookup.c

In ufs_dir_dd_ino(), always initialize *dd_vp since the caller expects it.

Reviewed by:    kib, mckusick
Approved by:    imp (mentor)
Sponsored by:   Netflix

FreeBSD/src 354631head/sys/x86/x86 identcpu.c

Add the text attribute for MDS_NO in the IA32_ARCH_CAP MSR.

FreeBSD/src 354630head/sys/amd64/amd64 pmap.c

amd64: Issue MFENCE on context switch on AMD CPUs when reusing address space.

On some AMD CPUs, in particular, machines that do not implement
CLFLUSHOPT but do provide CLFLUSH, the CLFLUSH instruction is only
synchronized with MFENCE.

Code using CLFLUSH typicall needs to brace it with MFENCE both before
and after flush, see for instance pmap_invalidate_cache_range().  If
context switch occurs while inside the protected region, we need to
ensure visibility of flushes done on the old CPU, to new CPU.

For all other machines, locked operation done to lock switched thread,
should be enough.  For case of different address spaces, reload of
%cr3 is serializing.

Reviewed by:    cem, jhb, scottph
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D22007

FreeBSD/src 354629head/sys/kern sys_pipe.c

Fix handling of PIPE_EOF in the direct write path.

Suppose a writing thread has pinned its pages and gone to sleep with
pipe_map.cnt > 0.  Suppose that the thread is woken up by a signal (so
error != 0) and the other end of the pipe has simultaneously been
closed.  In this case, to satisfy the assertion about pipe_map.cnt in
pipe_destroy_write_buffer(), we must mark the buffer as empty.

Reported by:    syzbot+5cce271bf2cb1b1e1876 at syzkaller.appspotmail.com
Reviewed by:    kib
Tested by:      pho
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D22261

FreeBSD/src 354628stable/11/contrib/netbsd-tests/usr.bin/grep t_grep.sh, stable/11/usr.bin/grep util.c file.c

MFC bsdgrep(1) fixes: r320414, r328559, r332805-r332806, r332809, r332832,
r332850-r332852, r332856, r332858, r332876, r333351, r334803,
r334806-r334809, r334821, r334837, r334889, r335188, r351769, r352691

r320414:
Expect :mmap_eof_not_eol to fail

It relies on a jemalloc feature (opt.redzone) no longer available after
r319971.

r328559:
Remove t_grep:mmap_eof_not_eol test

The test was marked as an expected failure in r320414 after r319971's import
of a newer jemalloc removed an essential feature (opt.redzone) for
reproducing the behavior it was testing. Since then, no way has been found
or demonstrated to reliably test the behavior, so remove the test.

r332805:
bsdgrep: Split match processing out of procfile

procfile is getting kind of hairy, and it's not going to get better as we
correct some more bits that assume we process one line at a time.

r332806:

    [166 lines not shown]

FreeBSD/src 354627head/sys/i386/i386 db_trace.c

db_nextframe/i386: reduce the number of special frame types

This change removes TRAP_INTERRUPT and TRAP_TIMERINT frame types.

Their names are a bit confusing: trap + interrupt, what is that?
The TRAP_TIMERINT name is too specific -- can it only be used for timer
"trap-interrupts"?  What is so special about them?

My understanding of the code is that INTERRUPT, TRAP_INTERRUPT and
TRAP_TIMERINT differ only in how an offset from callee's frame pointer to a
trap frame on the stack is calculated.  And that depends on a number of
arguments that a special handler passes to a callee (a function with a
normal C calling convention).

So, this change makes that logic explicit and collapses all interrupt frame
types into the INTERRUPT type.

Reviewed by:    markj
Discussed with: kib, jhb
MFC after:      3 weeks
Differential Revision: https://reviews.freebsd.org/D22303

FreeBSD/src 354626stable 11 12, stable/11/contrib/libc++/include cmath

MFC r354625:

Merge commit 371ea70bb from llvm git (by Louis Dionne):

  [libc++] Harden usage of static_assert against C++03

  In C++03, we emulate static_assert with a macro, and we must
  parenthesize multiple arguments.

  llvm-svn: 373328

This is a follow-up to r354460, which causes errors for pre-C++11
programs using <cmath>, similar to:

/usr/include/c++/v1/cmath:622:68: error: too many arguments provided to
function-like macro invocation

Reported by:    antoine

FreeBSD/src 354625head/contrib/libc++/include cmath

Merge commit 371ea70bb from llvm git (by Louis Dionne):

  [libc++] Harden usage of static_assert against C++03

  In C++03, we emulate static_assert with a macro, and we must
  parenthesize multiple arguments.

  llvm-svn: 373328

This is a follow-up to r354460, which causes errors for pre-C++11
programs using <cmath>, similar to:

/usr/include/c++/v1/cmath:622:68: error: too many arguments provided to
function-like macro invocation

Reported by:    antoine
MFC after:      immediately (because of ports breakage)

FreeBSD/src 354624head/usr.bin/tip/tip tip.c

tip/cu: check for EOF on input on the local side

If cu reads an EOF on the input side, it goes into a tight loop
sending a garbage byte to the remote.  With this change, it exits
gracefully, along with its child.

MFC after:      2 weeks
Sponsored by:   Dell EMC Isilon

FreeBSD/src 354623head/sys/cam/scsi scsi_da.c

Add asserts for some state transitions

For the PROBEWP and PROBERC* states, add assertiosn that both the da device
state is in the right state, as well as the ccb state is the right one when we
enter dadone_probe{wp,rc}. This will ensure that we don't sneak through when
we're re-probing the size and write protection status of the device and thereby
leak a reference which can later lead to an invalidated peripheral going away
before all references are released (and resulting panic).

Reviewed by: scottl, ken
Differential Revision: https://reviews.freebsd.org/D22295

FreeBSD/src 354622head/sys/cam/scsi scsi_da.c

Update the softc state of the da driver before releasing the CCB.

There are contexts where releasing the ccb triggers dastart() to be run
inline. When da was written, there was always a deferral, so it didn't matter
much. Now, with direct dispatch, we can call dastart from the dadone*
routines. If the probe state isn't updated, then dastart will redo things with
stale information. This normally isn't a problem, because we run the probe state
machine once at boot... Except that we also run it for each open of the device,
which means we can have multiple threads racing each other to try to kick off
the probe. However, if we update the state before we release the CCB, we can
avoid the race. While it's needed only for the probewp and proberc* states, do
it everywhere because it won't hurt the other places.

The race here happens because we reprobe dozens of times on boot when drives
have lots of partitions.  We should consider caching this info for 1-2 seconds
to avoid this thundering hurd.

Reviewed by: scottl, ken
Differential Revision: https://reviews.freebsd.org/D22295

FreeBSD/src 354621head/sys/cam/scsi scsi_da.c

Require and enforce that dareprobe() has to be called with the periph lock held.

Reviewed by: scottl, ken
Differential Revision: https://reviews.freebsd.org/D22295

FreeBSD/src 354620head/sys/cam/scsi scsi_da.c

Fix panic message to indicate right action that was improper.

Reviewed by: scottl, ken
Differential Revision: https://reviews.freebsd.org/D22295

FreeBSD/src 354619head/sys/amd64/amd64 db_trace.c

db_nextframe/amd64: remove TRAP_INTERRUPT frame type

Besides the confusing name, this type is effectively unused.
In all cases where it could be set, the INTERRUPT type is set by the
earlier code.  The conditions for TRAP_INTERRUPT are a subset of the
conditions for INTERRUPT.

Reviewed by:    kib, markj
MFC after:      2 weeks
Differential Revision: https://reviews.freebsd.org/D22305

FreeBSD/src 354618head/sys/vm swap_pager.c

swap_pager_meta_free() frees allocated blocks in a way that
exploits the sparsity of allocated blocks in a range, without
issuing an "are you there?" query for every block in the range.
swap_pager_copy() is not so smart.  Modify the implementation
of swap_pager_meta_free() slightly so that swap_pager_copy()
can use that smarter implementation too.

Based on an observation of: Yoshihiro Ota (ota_j.email.ne.jp)
Reviewed by: kib,alc
Tested by: pho
Differential Revision: https://reviews.freebsd.org/D22280
DeltaFile
+63-47head/sys/vm/swap_pager.c
+63-471 files

FreeBSD/src 354617svnadmin/conf approvers

Turn releng/12.1 over to so@.

Approved by:    re (implicit)
Sponsored by:   Rubicon Communications, LLC (netgate.com)

FreeBSD/src 354616stable 11, stable/11/sys/compat/linuxkpi/common/include/linux sysfs.h device.h

MFC r354335:
Enable device class group attributes in the LinuxKPI.

Bump the __FreeBSD_version to force recompilation of
external kernel modules due to structure change.

Differential Revision:  https://reviews.freebsd.org/D21564
Submitted by:   Greg V <greg at unrelenting.technology>
Sponsored by:   Mellanox Technologies