Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize. Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.
Submitted by: emaste
Reported by: Dr. Silvio Cesare of InfoSect
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
TLB1 can handle ranges up to 4GB (through e5500, larger in e6500), but
ilog2() took a unsigned int, which maxes out at 4GB-1, but truncates
silently. Increase the input range to the largest supported, at least for
64-bit targets. This lets the DMAP be completely mapped, instead of only
1GB blocks with it assuming being fully mapped.
These have been found to be practically useless. We were actually
following the Android bionic library and had some interest in replicating
the same warnings and behaviour but Android has since removed them.
We are still keeping some uses of nullability attributes in other headers,
somewhat in line with Apple's libc.
MFC after: 1 week
Hinted by: bionic (git 3f66e74b903905e763e104396aff52a81718cfde)
Make kdb_trap in breakpoint exception handler conditional. If "options KDB"
is not present just panic with message that debugger is not enabled.
PR: 224653
Two modules with the same name cannot be loaded, so Marvell specific drivers
cannot have the same name as the generic drivers.
Files with the same name, even in different folders overlaps their .o files,
so in order to prepare for supporting Marvell platforms in GENERIC armv7
config, modify conflicting names.
Submitted by: Rafal Kozik <rk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14743
The PLATFORM code will perform the software loop in the early boot,
so extract the actual delay code to handle situation, when
the timers are already initialized.
Obtained from: Semihalf
Sponsored by: Stormshield
Store pointers to SoC specific functions in mv_timer_config structure
and determine proper config in runtime based on compatible string from FDT.
Compatible string for ArmadaXP timers is changed to match Linux FDT.
Armada 38x uses generic Cortex-A9 timer and separate watchdog drivers, so
it does not need to be supported by timer driver.
Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14741
Introduced in r331639 by removing an instance of undefined behavior.
While we're here, the variable scope can be entirely moved inside the loop.
Reported by: Coverity
CID: 1387985
Sponsored by: Dell EMC Isilon
In GENERIC kernel choosing proper get_tclk and get_cpu_freq implementation must
be done in runtime. Kernel for both SoC need to have implementation of each
other functions, so common file list mv/files.arm7 is added.
Marvell armv5 SoC have their own non-generic implementation of those function.
Submitted by: Rafal Kozik <rk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14739
Preparation for adding Armada38X and ArmadaXP SoC to GENERIC config.
Supported platform are listed in soc_family enum.
struct decode_win_spec contains platform specific functions and constants.
Function mv_check_soc_family checks SoC type and chooses proper structure
in runtime, as well as platform-dependent functions.
Unnecessary dummy functions are removed.
Because of changing registers name to more generic new definition of
FDT_DEVMAP_MAX in mv_machdep is added.
Submitted by: Rafal Kozik <rk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14738
Validate only drivers used by given platform.
Pointers to validation function
are added to soc_node_spec structure.
Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: andrew
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14737
get_sar_value is implemented only for ArmadaXP and Armada38X. Splitting it for
two different functions and change registers names result in more generic code.
Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: andrew
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14736
PCI ports differ between Marvell SoCs, but have the same compatible in FDT.
Identification is made based on parent compatible during attach.
For ArmadaXP skipping enable procedure is necessary. To achieve it
sc_skip_enable_procedure flag is used.
For Armada38x find root procedure is necessary. For other SoCs root link is
always at slot 0. sc_enable_find_root_slot flag is used to select proper
behaviour.
Marvell armv5 platforms does not support msi.
Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: andrew
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14735
Defining INTRNG remove some necessary registers and declarations of
pic_init_secondary, pic_ipi_send, pic_ipi_read and pic_ipi_clear.
Because Marvell ArmadaXP and Armada38X always use INTRNG, include all
INTRNG code and remove code that does not use it.
Separate pic registers declarations for Armada38X are unnecessary, it
works properly with ArmadaXP config.
Submitted by: Rafal Kozik <rk@semihalf.com>
Reviewed by: andrew
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D14734
Device removal code does not set spa_indirect_vdevs_loaded for pools
that never experienced device removal. At least one visual consequence
of it is completely blocked speculative prefetcher. This patch sets
the variable in such situations.
This can be used to check existing images but will be used in the future to
find EFI ESP images placed in El Torito catalogs so they can be used for
hybrid boot purposes.
Reviewed by: imp (code), sbruno (man page), bcr (man page)
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D14952
In my attempt to limit the commit in r331936 to only the gets_s()
commit and not include unrelated patches in my tree, this patch
was missed.
Reported by: pfg
MFC after: 2 weeks
X-MFC with: r331936
Differential Revision: https://reviews.freebsd.org/D12785
While I'm at it correct the update date in the man page.
Reported by: ed@
MFC after: 2 weeks
X-MFC with: r331936
Differential Revision: https://reviews.freebsd.org/D12785
x86/cpu_machdep.c now needs to include elan_mmcr.h when CPU_ELAN is set.
While here, also remove the now unneeded inclusion of isareg.h in i386
and amd64 vm_machdep.c.
Reported by: lwhsu
MFC after: 14 days
X-MFC with: r331878
captured and reported the highest window advertisement with the same
SEQ/ACK. However, the window comparison uses modulo 2**16 math, rather
than directly comparing the absolute values. Because windows use
absolute values and not modulo 2**16 math (i.e. they don't wrap), we
need to compare the absolute values.
Reviewed by: gallatin
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D14937
When I moved these functions from i386 and amd64 to x86 I dropped their
prototype declarations (that were correct) and left only their definitions
that became incorrect.
Reported by: bde
MFC after: 15 days
X-MFC with: r331878
The Zynq/Zedboard GPIO driver attempts to tri-state all GPIO pins on
boot up but the order in which I reset the hardware can cause the pins
to be briefly held low before being tri-stated. This is a problem on
boards that use GPIO pins to reset devices.
In particular, the Zybo and ZC-706 boards use a GPIO pin as a USB PHY
reset. If U-boot enables the USB port before booting the kernel, the
GPIO driver attach causes a glitch on the USB PHY reset and the USB
port loses power. My fix is to have the GPIO driver leave the pins in
whatever configuration U-boot placed them.
PR: 225713
Submitted by: Thomas Skibo <thoma555-bsd@yahoo.com>
MFC after: 1 week
Effectively disabling the mode changing bits in the loader. No matter which
way we go with it, it seems to be wrong- either the firmware doesn't change
the resolution and reports the resolution we requested, or the firmware
changes the resolution and doesn't report the resolution we requested. It
some cases, it does the right thing, but the bad cases outweight those.
Interested individuals can still set efi_max_resolution to 1080p or whatnot
in loader.conf(5) to restore the new behavior, but the new behavior does not
work out well for many cases.
Discussed with: imp
The TCB is read using a memory window right now. A better alternate to
get self-consistent, uncached information would be to use a GET_TCB
request but waiting for a reply from hw while holding non-sleepable
locks is quite inconvenient.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D14817
As with AIM64, map the DMAP at the beginning of the fourth "quadrant" of
memory, and move the KERNBASE to the the start of KVA.
Eventually we may run the kernel out of the DMAP, but for now, continue
booting as it has been.
It should fix ck_pr_[load|store]_ptr on mips and riscv, make sure no
*fence instructions are used on i386, as older cpus don't support it, and
make sure we don't rely on gcc builtins that can lead to calls to
libatomic when linked with -O0.
MFC after: 1 week
It should fix ck_pr_[load|store]_ptr on mips and riscv, make sure no
*fence instructions are used on i386, as older cpus don't support it, and
make sure we don't rely on gcc builtins that can lead to calls to
libatomic when linked with -O0.
The division added in r331732 meant that we wouldn't attempt a
background laundering until at least v_free_target - v_free_min clean
pages had been freed by the page daemon since the last laundering. If
the inactive queue is depleted but not completely empty (e.g., because
it contains busy pages), it can thus take a long time to meet this
threshold. Restore the pre-r331732 behaviour of using a non-zero
background laundering threshold if at least one inactive queue scan has
elapsed since the last attempt at background laundering.
Submitted by: tijl (original version)
Because I didn't see any reason not too.
I've been making some changes to the code and couldn't help but notice
that the i386 and am64 code was nearly identical.
MFC after: 17 days
If cpu_reset() is called on an AP and if it somehow fails to wake the
BSP, then it's better to attempt the reset on the AP than just sit there
spinning on an unusable and undebuggable system.
MFC after: 16 days
The processor is "parked" in a spin-loop already and that's sufficient
for the reset. There is nothing that stop_cpus() would add here, only
extra complexity and fragility.
The original processor does not need to enable interrupts now, in fact,
it must not do that.
MFC after: 2 weeks