This is not the best location, but works for now.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56003
The pmap layer requires writeable superpage mappings to be dirty.
Otherwise, during demotion, we may miss a hw update of the PDE which
sets the dirty bit.
When creating a managed superpage mapping without promotion, i.e., with
pmap_enter(psind == 1), we must therefore ensure that a writeable
mapping is created with the dirty bit pre-set. To that end,
vm_fault_soft_fast(), when handling a map entry with write permissions,
checks whether all constituent pages are dirty, and if so, converts the
fault to a write fault, so that pmap_enter() does the right thing. If
one or more pages is not dirty, we simply create a 4K mapping.
vm_fault_populate(), which may also create superpage mappings, did not
do this, and thus could create mappings which violate the invariant
described above. Modify it to instead check whether all constituent
pages are already dirty, and if so, convert the fault to a write fault.
Otherwise the mapping is downgraded to read-only.
Reported by: ashafer
Reviewed by: alc, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55536
When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered. If not, and KN_ADD is
specified, we add the knote to the kqueue.
closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote. But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.
Fix the problem by double-checking before registering a knote. Add a
new fget_noref_unlocked() helper for this purpose. It is a clone of
fget_noref(). We could simply use fget_noref(), but I like having an
explicit unlocked variant.
PR: 293382
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55852
Besides setting the value in the array of the values, rtld sometimes
needs to recalculate some internal control variable for the change to
take effect. Allow the variable description to supply a method called
on the update. Lock the function with the bind lock for safe operation.
Mark several variables as allowed for update, since the on_update method
is provided for them. The list is LD_BIND_NOW, LD_BIND_NOT,
LD_LIBMAP_DISABLE, LD_LOADFLTR.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56055
The function is already exported from libm. We only need to stop
declare it extern inline, and instead provide a macro which uses the
internal inline function __feclearexcept_int() instead.
PR: 277958
Reviewed by: dim (x86)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D55975
For performance and/or correct reasons some hypervisors allow
MPERF/APERF MSRs to be read but not written to. This change
modifies the handling of these MSRs to not rely on writes.
This patch is part of Google Cloud Engine (GCE) C4-LSSD turnup.
Sponsored by: Google
Tested by: NetApp (previous)
PR: 292808
MFC after: 3 days
Co-authored-by: Jim Mattson <jmattson@google.com>
Reviewed by: jrtc27, imp, kib, markj, olce, obiwac
Differential Revision: https://reviews.freebsd.org/D55996
We may be running in a Virtual Machine which may not fully support
hardware performance counters. If the MPERF counter somehow ends up
at zero, return an error and fail gracefully instead of panicking.
This patch is part of Google Cloud Engine (GCE) C4-LSSD turnup.
Sponsored by: Google
Tested by: NetApp (previous)
PR: 292808
MFC after: 3 days
Co-authored-by: Aymeric Wibo <obiwac@google.com>
Co-authored-by: Jim Mattson <jmattson@google.com>
Suggested by: jrtc27 (split out this part)
Reviewed by: imp, obiwac, olce
Differential Revision: https://reviews.freebsd.org/D56056
During the timerfd__periodic_timer_performance test, only expect
failures when the expiration count is less than 400000000. This
prevents the test from being reported as a true failure in environments
where scheduling latency is high enough to delay timerfd wakeups.
Fixes: cb692380f1 ("timerfd: Expect periodic timer ...")
MFC after: 1 week
Wordsmith mentions throughout the manual of syslog and dmesg, to clearly
differentiate them in an externally consisteny way, increasing operator
onboarding speed and elegance.
The daemon that handles general system messages, syslog, describes them
as "system messages", and "messages" is the standard filename. Rewrite
syslog related manual titles to align search results with this, and hier
entries to align the index. Use care to maintain keywords and not add
extra lines. Newsyslog trades "maintain" with "rotate" for visibility.
MFC after: 3 days
Reviewed by: markj
Closes: https://github.com/freebsd/freebsd-src/pull/2067
The original scalar implementation of strrchr() had incorrect
logic that failed if the character searched for was the NUL
character. It was also possibly affected by the issue fixed
in 3d8ef251a for strchrnul().
Rewrite the function with logic that actually works. We defer
checking for the character until after we have checked for NUL.
When we encounter the final NUL byte, we mask out the characters
beyond the tail before checking for a match.
This bug only affects users running on amd64 with ARCHLEVEL=scalar
(cf. simd(7)). The default configuration is not affected.
The bug was unfortunately not caught by the unit test inherited
from NetBSD. An extended unit test catching the issue is proposed
in D56037.
PR: 293915
Reported by: safonov.paul@gmail.com
Tested by: safonov.paul@gmail.com
Fixes: 2ed514a220
See also: https://reviews.freebsd.org/D56037
MFC after: 1 week
svc_rpc_gss_validate() copies the input message into a stack buffer
without ensuring that the buffer is large enough. Sure enough,
oa_length may be up to 400 bytes, much larger than the provided space.
This enables an unauthenticated user to trigger an overflow and obtain
remote code execution.
Add a runtime check which verifies that the copy won't overflow.
Approved by: so
Security: FreeBSD-SA-26:08.rpcsec_gss
Security: CVE-2026-4747
Reported by: Nicholas Carlini <npc@anthropic.com>
Reviewed by: rmacklem
Fixes: a9148abd9d
When a challenge ACK should be sent via tcp_send_challenge_ack(),
but the rate limiter suppresses the sending, free the mbuf chain.
The caller of tcp_send_challenge_ack() expects this similar to the
callers of tcp_respond().
Approved by: so
Security: FreeBSD-SA-26:06.tcp
Security: CVE-2026-4247
Reviewed by: lstewart
Tested by: lstewart
Sponsored by: Netflix, Inc.
The current timerfd implementation fails to correctly count events on a
nanosecond callout interval. The timerfd__periodic_timer_performance
test detects this and reports failure.
Mark this test as an expected failure so it isn't flagged by CI. A link
to the bug report is attached to the test for reference.
While we're here, clean up some minor style and Make issues.
Fixes: 834c1ba793 ("timerfd: Add tests")
MFC after: 1 week
There were two debug printf()s that were left in the
code while debugging the handling of callbacks over
a NFSv4.1/4.2 backchannel was being done.
This patch removes them, since they are no longer
of benefit and cause "noise".
Requested by: wollman
MFC after: 2 weeks
Fix the copyright attribution to Netflix and the date and missing SPDX
line in pmc.ibs man page.
Sponsored by: Netflix
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2094
Since this is a configuration prerequisite rather than a test failure, use
atf_skip instead.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D56069
Supports UFS host controller attachment via ACPI. Tested on the
Samsung Galaxy Book 4 Edge using Qualcomm Snapdragon X Elite.
Additionally, a quirk related to power mode change has been added.
For reference, it doesn't reach maximum speed yet. I plan to improve
it later.
Sponsored by: Samsung Electronics
Reviewed by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D55986
Adds parameters related to the performance of the UFS device.
Also update man page for the missing sysctl entries.
Sponsored by: Samsung Electronics
Reviewed by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D55985
When enabling the request queue, safely reset the list base address.
This was added due to a quirk in the Qualcomm UFS controller during
the process of activating it.
Sponsored by: Samsung Electronics
Reviewed by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D55984
Boot loaders do not require speculative execution protection, and may be
too large if enabled.
Reported by: Shawn Webb
Reviewed by: dim, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56068
GENERIC-KASAN kernel failed to boot on a Dell PowerEdge C6615 with
an AMD EPYC 8224P CPU; UEFI BIOS caught a #GP exception with %RIP
in kasan_memset where %GS relative pointer (curthread->td_pflags2)
was dereferenced. Investigation led to wrmsr_early_safe_end which
calls memset to clear early #GP IDT entry. Replacing memset with
__builtin_memset_inline still resulted in the compiler emitting a
call to the memset resolver in GENERIC-KASAN build and the kernel
stil faulted during boot. This version which has been successfully
tested with both GENERIC and GENERIC-KASAN kernels uses memset_early.
Signed-off-by: Kristofer Peterson <kris@tranception.com>
Reviewed-by: kib
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2069
The number of packets processed per interrupt was hardcoded to 16.
Add a per-interface sysctl dev.rge.%d.rx_process_limit tunable so
users can adjust this value at runtime.
Signed-off-by: Christos Longros <chris.longros@gmail.com>
Reviewed by: ziaee, adrian
Differential Revision: https://reviews.freebsd.org/D56014
The HARDWARE section stated "PCIe 1GB to 1GB Ethernet devices"
which is incorrect. The RTL8125/8126/8127 chips support speeds
from 1Gbps to 10Gbps. Correct the range.
Signed-off-by: Christos Longros <chris.longros@gmail.com>
rge.4: note that the driver manages PHY directly
The rge(4) driver does not use the miibus(4) interface for PHY
management. Instead, it accesses PHY registers directly via the
chip's OCP (On-Chip Peripheral) bus. Document this in the
DESCRIPTION section.
Signed-off-by: Christos Longros <chris.longros@gmail.com>
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D55995
* Stop abbreviating macro names half-randomly to 8 chars, this is no
longer 1990.
* Likewise for function names (in particular use doindex for a function
that is notably different from the classic index function).
* Rename a few things for more fidelity: eval is the builtin name, not
expr and your maketemp/mkstemp conform to mkstemp semantics for better
security.
* Rewrap a few comments that were ludicrously short.
No functional changes except improved accuracy of some error messages.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55793
During tcp_usr_listen(), only allocate TFO counter when required.
Reviewed by: tuexen, glebius
Differential Revision: https://reviews.freebsd.org/D56067
This patch reduces the number of witness warnings during ifmcstat(8) calls.
Reviewed by: glebius, zlei
Differential Revision: https://reviews.freebsd.org/D56052
This mostly just fixes indentation and continuations and adds spaces
after commas and around binary operators and parentheses around return
values, but cd9660_rrip_extref() was so egregiously unreadable I
rewrote it. Note that this was done manually, so I may have missed a
few spots, and I made no attempt to fix over-long lines.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55865
This allows libmagic to recognize the FS_DOSOFTDEP, FS_SUJ, FS_GJOURNAL,
FS_ACLS, and FS_NFS4ACLS flags on a UFS2 file system.
Accepted upstream as 482259e5e952.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56010
Normally, syslogd reacts only to SIGTERM, and ignores SIGINT and SIGQUIT
unless in debug mode. Extend that to also apply when running in the
foreground. Take this opportunity to comment the event loop.
MFC after: 1 week
Reviewed by: jfree
Differential Revision: https://reviews.freebsd.org/D55886
ac97_uninitmixer() does not exist also.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56045