Commit Graph

19398 Commits

Author SHA1 Message Date
Brian Inglis d3110717f0 regtool: allow /proc/registry{,32,64}/ registry path prefix
The user can supply the registry path prefix /proc/registry{,32,64}/ to
use path completion.
2019-11-13 09:39:04 +01:00
Kwok Cheung Yeung d14714c690 Stash reent marker in upper bits of s1 on AMD GCN
s[0:3] contain a descriptor used to set up the initial value of the
stack, but only the lower 48 bits of s[0:1] are currently used.
The reent marker is currently set in s3, but by stashing it in the
upper 16 bits of s[0:1] instead, s3 can be freed up for other purposes.
2019-11-08 10:34:28 +01:00
Mark Geisert 04d85dea57 Cygwin: Doc change to note stackdump limit patch 2019-11-08 10:23:08 +01:00
Mark Geisert 7c9c94b9c8 Cygwin: Raise dumpstack frame limit to 32
Create a #define for the limit and raise it from 16 to 32.
2019-11-08 10:23:08 +01:00
Takashi Yano 3880efb283 Cygwin: console, pty: Prevent error in legacy console mode. 2019-11-08 10:08:45 +01:00
Takashi Yano e5db0d2fe0 Cygwin: pty: Change how to determine if running as service or not. 2019-11-06 15:06:05 +01:00
Corinna Vinschen 44432b93ad Cygwin: document console helper patch
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-11-05 11:57:32 +01:00
Corinna Vinschen 530b866c8e Cygwin: fix quoting when starting invisible console process
fhandler_console::create_invisible_console_workaround() does not use the
lpApplicationName parameter and neglects to quote its command name on
lpCommandLine in the call to CreateProcessW.

Given CreateProcessW's brain-dead method to evaluate the application
path given on the command line, this opens up a security problem if
Cygwin is installed into a path with spaces in it.

Fix this by using the lpApplicationName parameter and quoting of the
application path in the lpCommandLine parameter (used as argv[0] in
the called console helper.

For extended paranoia, make the argument string array big enough to
fit full 64 bit pointer values into it.  Handles usually only use
the lower 32 bit, but better safe than sorry.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-11-05 11:51:55 +01:00
Corinna Vinschen 7a26e19d4f Cygwin: devices: drop MAX_CONSOLES and fix FH_CONS_MAX
FH_CONS_MAX should refelect the fact that we allow 128 consoles, even if
it's unused.

Suggested-by: Achim Gratz <Stromeko@nexgo.de>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-11-04 10:34:59 +01:00
Sebastian Huber 4082e91b59 Move timeval macros to <sys/time.h>
In FreeBSD, NetBSD, and OpenBSD these macros are defined in
<sys/time.h>.
2019-11-04 07:03:15 +01:00
Sebastian Huber aae831b083 Synchronize <sys/time.h> with FreeBSD
This change is based on the FreeBSD commit:

Author: asomers <asomers@FreeBSD.org>
Date:   Mon Jul 30 15:46:40 2018 +0000

    Make timespecadd(3) and friends public

    The timespecadd(3) family of macros were imported from NetBSD back in
    r35029. However, they were initially guarded by #ifdef _KERNEL. In the
    meantime, we have grown at least 28 syscalls that use timespecs in some
    way, leading many programs both inside and outside of the base system to
    redefine those macros. It's better just to make the definitions public.

    Our kernel currently defines two-argument versions of timespecadd and
    timespecsub.  NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
    three-argument versions.  Solaris also defines a three-argument version, but
    only in its kernel.  This revision changes our definition to match the
    common three-argument version.

    Bump _FreeBSD_version due to the breaking KPI change.

    Discussed with: cem, jilles, ian, bde
    Differential Revision:  https://reviews.freebsd.org/D14725
2019-11-04 07:03:15 +01:00
Sebastian Huber 4b3f69e4ac Synchronize <sys/_timespec.h> with FreeBSD 2019-11-04 07:03:15 +01:00
imp 7346e14d44 Fix sbttons for values > 2s
Add test against negative times. Add code to cope with larger values
properly.

Discussed with: bde@ (quite some time ago, for an earlier version)
2019-11-04 07:03:15 +01:00
Corinna Vinschen 57640bee75 Cygwin: fix process parent/child relationship after execve
Commit 5a0f2c00aa "Cygwin: fork/exec: fix child process permissions"
removed the PROCESS_DUP_HANDLE handle permission of the parent process
handle in the child to avoid a security problem.

It turned out that this broke the following scenario: If a process forks
and then the parent execs, the child loses the ability to register the
parent's death.  To wit, after the parent died the child process does
not set its own PPID to 1 anymore.

The current exec mechanism copies required handle values (handles to
keep contact to the child processes) into the child_info for the
about-to-be-exec'ed process.  The exec'ed process is supposed to
duplicate these handles.  This fails, given that we don't allow the
exec'ed process PROCESS_DUP_HANDLE access to the exec'ing process since
commit 5a0f2c00aa.

The fix is to avoid the DuplicateHandle calls in the exec'ed process.

This patch sets the affected handles to "inheritable" in the exec'ing
process at exec time.  The exec'ed process just copies the handle values
and resets handle inheritance to "non-inheritable".  The exec'ing
process doesn't have to reset handle inheritance, it exits after setting
up the exec'ed process anyway.

Testcase: $ ssh-agent /bin/sleep 3

ssh-agent forks and the parent exec's sleep.  After sleep exits, `ps'
should show ssh-agent to have PPID 1, and eventually ssh-agent exits.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2019-11-02 19:55:24 +01:00
Jozef Lawrynowicz fa14f445ba Fix libgloss being built for disabled multilibs
Target libraries are considered to be built for GCC's "host", not GCC's
"target".  The "host" variable must be set by configure scripts using
"config-ml.in" to determine multilib support, otherwise disabled
multilibs (specified as a configure argument with --disable-<multilib>)
will still be built for the subdirectories those configure scripts
reside in.
2019-11-02 16:27:20 +01:00
Anton Lavrentiev via cygwin-patches fe239aef1b Cygwin: getpriority() consistent with process priority
https://cygwin.com/ml/cygwin/2019-08/msg00122.html
2019-10-31 21:40:22 +01:00
Jeff Johnston 235eb63034 Add PRU license to COPYING.NEWLIB and COPYING.LIBGLOSS 2019-10-31 15:09:07 -04:00
Dimitar Dimitrov a1f617466d PRU: Align libmath to PRU ABI
The TI proprietary toolchain uses nonstandard names for some math
library functions. In order to achieve ABI compatibility between
GNU and TI toolchains, add support for the TI function names.

Signed-off-by: Dimitar Dimitrov <dimitar@dinux.eu>
2019-10-31 15:02:33 -04:00
Jeff Johnston 0764a2eab8 Fix some generated files 2019-10-31 14:52:04 -04:00
Dimitar Dimitrov 0c7734673a Initial PRU port for libgloss and newlib
Signed-off-by: Dimitar Dimitrov <dimitar@dinux.eu>
2019-10-31 14:47:19 -04:00
Jozef Lawrynowicz 0574317971 MSP430: Add missing build rule for unlink() to libgloss Makefile 2019-10-25 18:04:46 +02:00
Achim Gratz 25ce0e1213 Cygwin: Provide more COM devices
Provide for 128 COM devices since Windows likes to create lots of these
over time (one per identifiable device and USB port).
2019-10-23 10:05:42 +02:00
Ken Brown b61dc22ada Cygwin: spawnvp, spawnvpe: fail if executable is not in $PATH
Call find_exec with the FE_NNF flag to enforce a NULL return when the
executable isn't found in $PATH.  Convert NULL to "".  This aligns
spawnvp and spawnvpe with execvp and execvpe.
2019-10-18 10:38:52 -04:00
Takashi Yano 43d7f33e2c Cygwin: pty: Change the timing of clear screen. 2019-10-16 15:15:47 -04:00
Takashi Yano 9bedd6807d Cygwin: pty: Avoid detach console in the process running as service. 2019-10-16 15:15:47 -04:00
Joel Sherrill 9e06ba1ac3 riscv/sys/fenv.h: Add missing extern for fe_dfl_env_p 2019-10-09 11:00:45 -05:00
Jeff Johnston cfc4955234 Add patch from Joel Sherrill for i386 and x86_64 fenv support 2019-10-08 16:59:04 -04:00
Ken Brown c561a625af Cygwin: mkdir and rmdir: treat drive names specially
If the directory name has the form 'x:' followed by one or more
slashes or backslashes, and if there's at least one backslash, assume
that the user is referring to 'x:\', the root directory of drive x,
and don't strip the backslash.

Previously all trailing slashes and backslashes were stripped, and the
name was treated as a relative file name containing a literal colon.

Addresses https://cygwin.com/ml/cygwin/2019-08/msg00334.html.
2019-10-07 16:09:41 -04:00
Ken Brown e82a0c959a Cygwin: document recent changes to format_proc_cpuinfo 2019-10-07 16:06:28 -04:00
Brian Inglis 2160c52a49 fhandler_proc.cc(format_proc_cpuinfo): or model extension bits
or model extension bits into model high bits instead of adding
arithmetically like family extension.
2019-10-07 15:50:33 -04:00
Brian Inglis 8cf614a88b fhandler_proc.cc(format_proc_cpuinfo): comment flags not reported
Comment out flags not reported by Linux in cpuinfo, although some
flags may not be used at all by Linux.
2019-10-07 15:50:33 -04:00
Brian Inglis f723e3caae fhandler_proc.cc(format_proc_cpuinfo): add feature flags
Add 99 feature flags including AVX512 extensions, AES, SHA with 20
cpuid calls.
2019-10-07 15:50:33 -04:00
Brian Inglis 08d1ae0543 fhandler_proc.cc(format_proc_cpuinfo): use feature test print macro
Add feature test print macro that makes feature, bit, and flag text
comparison and checking easier.  Handle as common former Intel only
feature flags also supported on AMD.  Change order and some flag names
to agree with current Linux.
2019-10-07 15:50:33 -04:00
Brian Inglis b8ccc22762 fhandler_proc.cc(format_proc_cpuinfo): add microcode
Add microcode from Windows registry Update Revision REG_BINARY.
2019-10-07 15:50:33 -04:00
Brian Inglis 9682c25bb3 fhandler_proc.cc(format_proc_cpuinfo): add bogomips
Add bogomips which has been cpu MHz*2 since Pentium MMX.
2019-10-07 15:50:33 -04:00
Brian Inglis 70e834ea7c fhandler_proc.cc(format_proc_cpuinfo): round cpu MHz
Round cpu MHz to correct Windows and match Linux cpuinfo.
2019-10-07 15:50:32 -04:00
Brian Inglis 7a0496f78f fhandler_proc.cc(format_proc_cpuinfo): fix AMD physical cores count
Fix AMD physical cores count documented as core_info low byte + 1.
2019-10-07 15:50:32 -04:00
Brian Inglis 74aa6e3cdb fhandler_proc.cc(format_proc_cpuinfo): fix cpuid level count
Fix cpuid level count as number of non-zero leafs excluding sub-leafs.
2019-10-07 15:50:32 -04:00
Brian Inglis acc8849f84 fhandler_proc.cc(format_proc_cpuinfo): fix cache size
Fix cache size return code handling and make AMD/Intel code common.
2019-10-07 15:50:32 -04:00
Jeff Johnston e06f2fbde7 Allow verifying _REENT_CHECK macros memory allocation
- change sys/reent.h to replace _REENT_CHECK_DEBUG with
  _REENT_CHECK_VERIFY which when set asserts that any memory
  allocated is non-NULL and calls __assert_func directly
- add new --enable-newlib-reent-check-verify configure option
- add support for configure.host to specify default for
  newlib_reent_check_verify
- add _REENT_CHECK_VERIFY macro support to acconfig.h and newlib.hin
2019-10-07 15:36:03 -04:00
Christos Gentsos 175b215e05 Optimize epilogue sequence for architectures with POP interworking.
ARMv5 and above supports arm/thumb interworking using POP, so we can
improve the exit sequence in this case.
2019-10-07 14:38:14 +01:00
Jeff Johnston f88aece242 Prevent NULL ptr accesses due to Balloc out of memory
- add new eBalloc macro to mprec.h which calls Balloc and
  aborts if Balloc fails due to out of memory
- change mprec.c functions that use Balloc without checking to use eBalloc instead
- fix dtoa.c to use eBalloc
2019-10-04 17:43:49 -04:00
Takashi Yano df5c79f30c Cygwin: Fix signal handling issue introduced by PTY related change.
- After commit 4186409101, there is a
  regression in signal handling reported in
  https://www.cygwin.com/ml/cygwin/2019-10/msg00010.html. This patch
  fixes the issue.
2019-10-03 09:28:10 -04:00
Ken Brown 6061f9c76f Document the last bug fix 2019-09-27 13:36:45 -04:00
Ken Brown 283cb372e4 Cygwin: normalize_win32_path: improve error checking
If the source path starts with the Win32 long path prefix '\\?\' or
the NT object directory prefix '\??\', require the prefix to be
followed by 'UNC\' or '<drive letter>:\'.  Otherwise return EINVAL.

This fixes the assertion failure in symlink_info::check that was
reported here:

  https://cygwin.com/ml/cygwin/2019-09/msg00228.html

That assertion failure was caused by normalize_win32_path returning a
path with no backslashes when the source path was '\\?\DRIVE'.
2019-09-26 08:52:13 -04:00
Takashi Yano e1a0775dc0 Cygwin: pty: Fix PTY so that cygwin setup shows help with -h option.
- After commit 169d65a577, cygwin
  setup fails to show help message when -h option is specified, as
  reported in https://cygwin.com/ml/cygwin/2019-09/msg00248.html.
  This patch fixes the problem.
2019-09-26 08:42:52 -04:00
kib 7e9b1550fd Add SIOCGIFDOWNREASON.
The ioctl(2) is intended to provide more details about the cause of
the down for the link.

Eventually we might define a comprehensive list of codes for the
situations.  But interface also allows the driver to provide free-form
null-terminated ASCII string to provide arbitrary non-formalized
information.  Sample implementation exists for mlx5(4), where the
string is fetched from firmware controlling the port.

Reviewed by:	hselasky, rrs
Sponsored by:	Mellanox Technologies
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21527
2019-09-25 09:01:28 +02:00
jhb 1b35636119 Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets.  KTLS only supports
offload of TLS for transmitted data.  Key negotation must still be
performed in userland.  Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option.  All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.

Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type.  Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.

At present, rekeying is not supported though the in-kernel framework
should support rekeying.

KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer.  Each TLS frame is described by a single
ext_pgs mbuf.  The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.

KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.

Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame().  ktls_enqueue() is then
called to schedule TLS frames for encryption.  In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed.  For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().

A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue().  Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.

(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)

KTLS supports pluggable software encryption backends.  Internally,
Netflix uses proprietary pure-software backends.  This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames.  As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.

Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready().  At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.

ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation.  In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session.  TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted.  The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface.  If so, the packet is tagged
with the TLS send tag and sent to the interface.  The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation.  If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped.  In addition, a task is scheduled to refresh the TLS send
tag for the TLS session.  If a new TLS send tag cannot be allocated,
the connection is dropped.  If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag.  (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another.  As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)

ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8).  ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.

Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option.  They can also use this socket
option to toggle between software and ifnet TLS modes.

In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax.  However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.

Various sysctls and counters are available under the kern.ipc.tls
sysctl node.  The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default).  The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.

KTLS is enabled via the KERN_TLS kernel option.

This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.

Reviewed by:	gallatin, hselasky, rrs
Obtained from:	Netflix
Sponsored by:	Netflix, Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D21277
2019-09-25 09:01:23 +02:00
thj 28a44b1ecd Rename IPPROTO 33 from SEP to DCCP
IPPROTO 33 is DCCP in the IANA Registry:
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

IPPROTO_SEP was added about 20 years ago in r33804. The entries were added
straight from RFC1700, without regard to whether they were used.

The reference in RFC1700 for SEP is '[JC120] <mystery contact>', this is an
indication that the protocol number was probably in use in a private network.

As RFC1700 is no longer the authoritative list of internet numbers and that
IANA assinged 33 to DCCP in RFC4340, change the header to the actual
authoritative source.

Reviewed by:	Richard Scheffenegger, bz
Approved by:	bz (mentor)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D21178
2019-09-25 09:01:19 +02:00
rrs 693ba4025f This commit updates rack to what is basically
being used at NF as well as sets in some of the groundwork for
committing BBR. The hpts system is updated as well as some other needed
utilities for the entrance of BBR. This is actually part 1 of 3 more
needed commits which will finally complete with BBRv1 being added as a
new tcp stack.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D20834
2019-09-25 09:01:19 +02:00