PR for diffing #11
Draft
PR for diffing #11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sponsored by: Rubicon Communications, LLC ("Netgate")
Set & retrieve the debug level.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Allow slightly more bandwidth, but cause ping to give up sooner.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Give them more time to hit the expected loss numbers.
We see occasional failures during CI runs. This makes that less likely.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
batch side doesn't make sense, but batch size does. Fix. Sponsored by: Netflix
LLVM 17 was the first version we shipped asan_static for.
The timeout array in struct pf_rule has PFTM_OLD_MAX entries, the one in struct pf_krule has PFTM_MAX entries (and PFTM_MAX > PFTM_OLD_MAX). Use the smaller of the sizes when copying. Reported by: CheriBSD MFC after: 1 week Event: Kitchener-Waterloo Hackathon 202406
We only want to copy the labels array, we don't want to copy the counter as well. Reported by: CheriBSD Event: Kitchener-Waterloo Hackathon 202406
Reviewed by: mhorne MFC after: 3 days Fixes: 760be44 ("git-arc: document "create" command options") Pull Request: freebsd/freebsd-src#1272
A function called mask_width in one place and log2 in the other calculates its value in a more complex way than necessary. A simpler implementation offered here saves a few bytes in the functions that call it. Reviewed by: alc, avg Differential Revision: https://reviews.freebsd.org/D45483
One of these changes saves two instructions on an amd64 GENERIC-NODEBUG build. The rest are entirely cosmetic, because the compiler can deduce that x is nonzero, and avoid the needless test. Reviewed by: alc Differential Revision: https://reviews.freebsd.org/D45331
Reviewed by: mhorne MFC after: 3 days Pull Request: freebsd/freebsd-src#1273
Reviewed by: mhorne MFC after: 3 days Pull Request: freebsd/freebsd-src#1273
Replace armv6 with the more-relevant arm64. MFC after: 3 days
A number of tests create a bridge, but did not check if if_bridge.ko is loaded. We usually get away with that, because `ifconfig bridge create` autoloads the module, but if we run the tests in a jail (e.g. because of kyua's upcoming execenv.jail.params feature) we can't load the module and these tests can fail. Check if the module is loaded, skip the test if it is not. Reviewed by: markj MFC after: 1 week Event: Kitchener-Waterloo Hackathon 202406 Differential Revision: https://reviews.freebsd.org/D45487
As a convenience to callers, who might allocate the array on the stack. An empty/zero-valued range indicates the end of the physmap entries. Remove the now-redundant calls to bzero() at the call site. Reviewed by: andrew Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45318
The optional 'table' pointer is a legacy part of the interface, which has been replaced by devmap_register_table()/devmap_add_entry(). The few in-tree callers have already adapted to this, so it can be removed. The 'l1pt' argument is already entirely unused within the function. Reviewed by: andrew, markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45319
It really doesn't fit here anymore as locore is all about early startup code. Thus, move it to its own file. Reviewed by: br MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45320
With 4-level paging enabled, the layout of KVA is identical, but we need to step through an extra level to find the L1 table. Reviewed by: markj MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45473
Some bus drivers use rmans to suballocate resources to child devices. When the driver for a child device requests a mapping for a suballocated resource, the bus driver translates this into a mapping request for a suitable subrange of the original resource the bus driver allocated from its parent. This nested mapping request should look like any other resource mapping request being made by the bus device (i.e. as if the bus device had called bus_map_resource() or bus_alloc_resource() with RF_ACTIVE). I had slightly flubbed this last bit though since the direct use of bus_generic_map/unmap_resource passed up the original child device (second argument to the underlying kobj interface). While this is currently harmless, it is not strictly correct as the resource being mapped is owned by the bus device, not the child and can break for other bus drivers in the future. Instead, use bus_map/unmap_resource for the nested request where the requesting device is now the bus device that owns the parent resource. Reviewed by: imp Fixes: 0e1246e acpi: Cleanup handling of suballocated resources Fixes: b377ff8 pcib: Refine handling of resources allocated from bridge windows Fixes: d79b6b8 pci_host_generic: Don't rewrite resource start address for translation Fixes: d714e73 vmd: Use bus_generic_rman_* for PCI bus and memory resources Differential Revision: https://reviews.freebsd.org/D45433
Some of the bus resource methods were passing these up to the parent which triggered rman mismatch assertions in INVARIANTS kernels. Reported by: kp Reviewed by: imp Tested by: kp (earlier version) Differential Revision: https://reviews.freebsd.org/D45406
For NFSv4.1/4.2, an atomic upgrade of a delegation from a read delegation to a write delegation is allowed and can result in signoficantly improved performance. This patch adds support for this atomic upgrade, plus fixes a couple of other delegation related bugs. Since there were three cases where delegations were being issued, the patch factors this out into a separate function called nfsrv_issuedelegations(). This patch should only affect the NFSv4.1/4.2 behaviour when delegations are enabled, which is not the default. MFC after: 1 month
MFC after: 1 month
Call `HMAC_CTX_free` if returning early from `is_valid_request` when processing `Message-Authenticator` tags. Reported by: Coverity MFC after: 1 week Fixes: 8d5c781 ("libradius: Fix input validation bugs") Differential Revision: https://reviews.freebsd.org/D45488
More precisely, implement L3C (64KB/2MB, depending on base page size) promotion in pmap_enter_quick()'s helper function, pmap_enter_quick_locked(). At the same time, use the recently introduced flag VM_PROT_NO_PROMOTE from pmap_enter_object() to pmap_enter_quick_locked() to avoid L3C promotion attempts that will fail. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D45445
pw(8) allows to seek for users in a custom rootdir, which makes it easier for a testsuite MFC After: 3 days
This hardens against provoked use-after-free occurences should there be reference counting leaks in the future (which is currently not the case). At the deepest level, umtx_shm_find_reg_unlocked() now returns EOVERFLOW when it cannot grant an additional reference to the registry object, and so will umtx_shm_find_reg(). umtx_shm_create_reg() will fail if calling umtx_shm_find_reg() returns EOVERFLOW (meaning a SHM object for the passed key already exists, but we can't acquire another reference on it), avoiding the creation of a duplicate registry entry for a given key (this wouldn't pose problem for the rest of the code in its current form, but is expressly avoided for intelligibility and hardening purposes). Since umtx_shm_find_reg*(), and consequently the whole _umtx_op() system call, can only return EOVERFLOW on such a bug manifesting, we don't document that return value. Reviewed by: kib, emaste Approved by: emaste (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46126 (cherry picked from commit c3e6dfe)
'ushm_refcnt' is unsigned. Don't leave the impression it isn't. No functional change (intended). Reviewed by: kib Approved by: emaste (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46126 (cherry picked from commit c75a189)
Previously, -DCHERI_LIB_C18N was omitted for libsys. This commit also fixes that.
Previously, lib/c18n/libsys's sigaction calls a libc function which in turn calls the RTLD hook. This is broken but was undetected because c18n was accidentally always disabled in the c18n-version of libsys.
sys/types32.h: Remove struct timeval32 from libspl's header (#16491) macOS Sequoia's sys/sockio.h, as included by various bootstrap tools whilst building FreeBSD, has started to include net/if.h, which then includes sys/_types/_timeval32.h and provide a conflicting definition for struct timeval32. Since this type is entirely unused within OpenZFS, simply delete the type rather than adding in some kind of OS detection. This fixes building FreeBSD on macOS Sequoia (Beta). Signed-off-by: Jessica Clarke <[email protected]> Reviewed-by: Rob Norris <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Reviewed-by: Tony Hutter <[email protected]> MFC after: 1 week (cherry picked from commit 796c603)
Use _PROT_ALL instead of ORing all the flags.
Refactor VM_PROT_ADD_CAP() macro to use a statement expression and if statements. Eliminates multiple expansion of the prot argument and prepares for future changes allowing explicit capablity permission selection.
Introduce two new PROT_ values PROT_CAP and PROT_NO_CAP. They combine to allow capability permissions to be implied in unmodified code using PROT_READ and PROT_WRITE which allowing capability permissions to be set or unset explicity. If either of PROT_CAP or PROT_NO_CAP are set, then the value of the PROT_CAP flag bit defines the page protections and capability permissions for a given mapping. In the underlying implementation, PROT_CAP maps to VM_PROT_READ_CAP and VM_PROT_WRITE_CAP depending on the values of PROT_READ and PROT_WRITE. PROT_NO_CAP maps to a new VM_PROT_NO_IMPLY_CAP. VM_PROT_NO_IMPLY_CAP is used transiently in fo_mmap implementations to avoid accidently adding capability permission and is also added to vm_entry's max_protection to allow superset tests to succeed when reducing capability permissions on a mapping via mmap or mprotect.
There are no differences in alignment between regular and sealed capabilities on current architectures and even if there were there is little value in putting this support in the kernel where callers who need to seal values returned by mmap() will be highly CHERI-aware.
Kernel reservation managment code takes care of alignment (and size) rounding for CheriABI binaries. Hybrid binaries that need CHERI alignment can, and for length must, do their own rounding in code that will already be CHERI-aware.
Reported-by: YiChenChai <[email protected]> Co-authored-by: YiChenChai <[email protected]>
Disable sanitization flags that overlap with CHERI (eg. dynamic allocas can be caught by capability bounds set by CheriBoundsAlloca module pass in CHERI LLVM).
This is necessary for CheriBSD as the compiler generates code to derive a pointer to KASAN shadow from a shadow base, hence the shadow base must be a valid capability.
…o macros
This requires collaboration with the compiler in that the
compiler ASan intrumentation pass inserts a function call
to the interceptor function but doesn't erase the original
function call. The rationale behind this commit is that in
Morello LLVM __builtin_{memset,memcpy,memmove} have
different subobject-bounds semantics to a function wrapper
to these builtins. The bounds are assumed to be of the
container, as in:
```c
bcopy(&src->cr_startcopy, &dest->cr_startcopy,
(unsigned)((caddr_t)&src->cr_endcopy -
(caddr_t)&src->cr_startcopy));
```
cr_startcopy to cr_endcopy span many object fields, but
a call to builtin memcpy will not trigger subobject bounds
SIGPROT. But a call to a wrapper will crash due to
cr_startcopy having the bounds of the first field.
```c
void *wrapper_memcpy(void *dst, void *src, size_t len)
{ return __builtin_memcpy(dst, src, len); }
```
A future commit could mark such code patterns in the
kernel to relax subobject bounds checking.
This reduces false positives.
When KASAN isn't set, kasan_mark is defined to be nothing, so this commit makes no functional changes.
In some cases, for example, in KASAN, the compiler will make `stxr_status` and `cutp` share the same register, hence causing a fault.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.