CVS commit: src/sys/dev/usb
Module Name:src Committed By: jym Date: Sat Dec 26 22:15:37 UTC 2020 Modified Files: src/sys/dev/usb: usb_quirks.c Log Message: Add WayTech USB to Serial device to quirks routines, in order to prevent uhid(4) from attaching and leave it to ugen(4) so libusb can query it. It is used by some UPS peripherals for their management, especially the ones from Infosec and Megatec. Tested with Infosec E3 UPS through ups-nut-usb and `blazer_usb' driver using the following configuration (ups.conf): [infosec] driver = blazer_usb port = auto vendorid = 0665 productid = 5161 Make sure the associated /dev/ugenXXX is accessible to `nut' user if you use ups-nut. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/sys/dev/usb/usb_quirks.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usb_quirks.c diff -u src/sys/dev/usb/usb_quirks.c:1.95 src/sys/dev/usb/usb_quirks.c:1.96 --- src/sys/dev/usb/usb_quirks.c:1.95 Sat Mar 14 03:01:36 2020 +++ src/sys/dev/usb/usb_quirks.c Sat Dec 26 22:15:37 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: usb_quirks.c,v 1.95 2020/03/14 03:01:36 christos Exp $ */ +/* $NetBSD: usb_quirks.c,v 1.96 2020/12/26 22:15:37 jym Exp $ */ /* $FreeBSD: src/sys/dev/usb/usb_quirks.c,v 1.30 2003/01/02 04:15:55 imp Exp $ */ /* @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: usb_quirks.c,v 1.95 2020/03/14 03:01:36 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: usb_quirks.c,v 1.96 2020/12/26 22:15:37 jym Exp $"); #ifdef _KERNEL_OPT #include "opt_usb.h" @@ -206,6 +206,8 @@ Static const struct usbd_quirk_entry { { UQ_HID_IGNORE, NULL }}, { USB_VENDOR_XRITE, ANY, ANY, { UQ_HID_IGNORE, NULL }}, + { USB_VENDOR_WAYTECH, USB_PRODUCT_WAYTECH_USB2SERIAL, ANY, + { UQ_HID_IGNORE, NULL }}, { USB_VENDOR_KYE, USB_PRODUCT_KYE_NICHE, 0x100, { UQ_NO_SET_PROTO, NULL }}, { USB_VENDOR_INSIDEOUT, USB_PRODUCT_INSIDEOUT_EDGEPORT4, 0x094,
CVS commit: src/sys/dev/usb
Module Name:src Committed By: jym Date: Sat Dec 26 22:15:37 UTC 2020 Modified Files: src/sys/dev/usb: usb_quirks.c Log Message: Add WayTech USB to Serial device to quirks routines, in order to prevent uhid(4) from attaching and leave it to ugen(4) so libusb can query it. It is used by some UPS peripherals for their management, especially the ones from Infosec and Megatec. Tested with Infosec E3 UPS through ups-nut-usb and `blazer_usb' driver using the following configuration (ups.conf): [infosec] driver = blazer_usb port = auto vendorid = 0665 productid = 5161 Make sure the associated /dev/ugenXXX is accessible to `nut' user if you use ups-nut. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/sys/dev/usb/usb_quirks.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: jym Date: Sat Dec 26 22:11:20 UTC 2020 Modified Files: src/sys/dev/usb: usbdevs.h usbdevs_data.h Log Message: Regen. To generate a diff of this commit: cvs rdiff -u -r1.776 -r1.777 src/sys/dev/usb/usbdevs.h \ src/sys/dev/usb/usbdevs_data.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/usb
Module Name:src Committed By: jym Date: Sat Dec 26 22:09:18 UTC 2020 Modified Files: src/sys/dev/usb: usbdevs Log Message: Add WayTech Development USB to Serial product. It is used by some UPS devices, notably Infosec and Megatec. The vendor ID (0x0665) is known differently from various mainstream OSes; but it is officially registered by USB-IF as `WayTech Development, Inc.'. So be it. To generate a diff of this commit: cvs rdiff -u -r1.786 -r1.787 src/sys/dev/usb/usbdevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/usb/usbdevs diff -u src/sys/dev/usb/usbdevs:1.786 src/sys/dev/usb/usbdevs:1.787 --- src/sys/dev/usb/usbdevs:1.786 Mon Sep 7 06:32:13 2020 +++ src/sys/dev/usb/usbdevs Sat Dec 26 22:09:18 2020 @@ -1,4 +1,4 @@ -$NetBSD: usbdevs,v 1.786 2020/09/07 06:32:13 ryoon Exp $ +$NetBSD: usbdevs,v 1.787 2020/12/26 22:09:18 jym Exp $ /*- * Copyright (c) 1998-2004 The NetBSD Foundation, Inc. @@ -250,6 +250,7 @@ vendor AVISION 0x0638 Avision vendor TEAC 0x0644 TEAC vendor SGI 0x065e Silicon Graphics vendor SANWASUPPLY 0x0663 Sanwa Supply +vendor WAYTECH 0x0665 WayTech Development, Inc. vendor LINKSYS 0x066b Linksys vendor ACERSA 0x066e Acer Semiconductor America vendor SIGMATEL 0x066f Sigmatel @@ -2231,6 +2232,9 @@ product MCT ML_4500 0x0302 ML-4500 /* MediaGear products */ product MEDIAGEAR READER9IN1 0x5003 USB2.0 9 in 1 Reader +/* WayTech Development, Inc. products */ +product WAYTECH USB2SERIAL 0x5161 USB to Serial + /* Meinberg Funkuhren products */ product MEINBERG USB5131 0x0301 USB 5131 DCF77 - Radio Clock
CVS commit: src/sys/dev/usb
Module Name:src Committed By: jym Date: Sat Dec 26 22:09:18 UTC 2020 Modified Files: src/sys/dev/usb: usbdevs Log Message: Add WayTech Development USB to Serial product. It is used by some UPS devices, notably Infosec and Megatec. The vendor ID (0x0665) is known differently from various mainstream OSes; but it is officially registered by USB-IF as `WayTech Development, Inc.'. So be it. To generate a diff of this commit: cvs rdiff -u -r1.786 -r1.787 src/sys/dev/usb/usbdevs Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sys/arch/x86/x86
Le 09/10/2015 06:49, Masanobu SAITOH a écrit : > On 2015/10/06 6:10, Jean-Yves Migeon wrote: >>> Log Message: >>> kmem_free() the address returned by kmem_alloc(). found by Brainy. >>> use the newly aligned location if we needed it. found by kre. >>> >>> >>> To generate a diff of this commit: >>> cvs rdiff -u -r1.8 -r1.9 src/sys/arch/x86/x86/cpu_ucode_intel.c >> >> IMHO this should be pulled-up to -6 and -7. >> >> Any argument against? If the old code worked, it's pure luck. > > netbsd-6 doesn't support the microcode update function for Intel > CPU. That bug should be pulled up to netbsd-7 (and netbsd-7-1) branch. Makes sense. I'll check and ask for this pullup. -- Jean-Yves Migeon
Re: CVS commit: src/sys/arch/x86/x86
Le 04/10/2015 19:52, matthew green a écrit : > Module Name: src > Committed By: mrg > Date: Sun Oct 4 17:52:50 UTC 2015 > > Modified Files: > src/sys/arch/x86/x86: cpu_ucode_intel.c > > Log Message: > kmem_free() the address returned by kmem_alloc(). found by Brainy. > use the newly aligned location if we needed it. found by kre. > > > To generate a diff of this commit: > cvs rdiff -u -r1.8 -r1.9 src/sys/arch/x86/x86/cpu_ucode_intel.c IMHO this should be pulled-up to -6 and -7. Any argument against? If the old code worked, it's pure luck. -- Jean-Yves Migeon
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: jym Date: Sun Oct 4 21:08:30 UTC 2015 Modified Files: src/sys/arch/x86/x86: cpu_ucode_intel.c Log Message: Cache CPU index in the non-preemptible part otherwise it can be unreliable (and report a CPU as patched while it was not). To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/sys/arch/x86/x86/cpu_ucode_intel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/x86/cpu_ucode_intel.c diff -u src/sys/arch/x86/x86/cpu_ucode_intel.c:1.9 src/sys/arch/x86/x86/cpu_ucode_intel.c:1.10 --- src/sys/arch/x86/x86/cpu_ucode_intel.c:1.9 Sun Oct 4 17:52:50 2015 +++ src/sys/arch/x86/x86/cpu_ucode_intel.c Sun Oct 4 21:08:30 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu_ucode_intel.c,v 1.9 2015/10/04 17:52:50 mrg Exp $ */ +/* $NetBSD: cpu_ucode_intel.c,v 1.10 2015/10/04 21:08:30 jym Exp $ */ /* * Copyright (c) 2012 The NetBSD Foundation, Inc. * All rights reserved. @@ -29,7 +29,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: cpu_ucode_intel.c,v 1.9 2015/10/04 17:52:50 mrg Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cpu_ucode_intel.c,v 1.10 2015/10/04 21:08:30 jym Exp $"); #include "opt_xen.h" #include "opt_cpu_ucode.h" @@ -109,7 +109,7 @@ int cpu_ucode_intel_apply(struct cpu_ucode_softc *sc, int cpuno) { uint32_t ucodetarget, oucodeversion, nucodeversion; - int platformid; + int platformid, cpuid; struct intel1_ucode_header *uh; void *uha; size_t newbufsize = 0; @@ -147,6 +147,7 @@ cpu_ucode_intel_apply(struct cpu_ucode_s } wrmsr(MSR_BIOS_UPDT_TRIG, (uintptr_t)uh + 48); intel_getcurrentucode(, ); + cpuid = curcpu()->ci_index; kpreempt_enable(); @@ -155,7 +156,7 @@ cpu_ucode_intel_apply(struct cpu_ucode_s goto out; } - printf("cpu %d: ucode 0x%x->0x%x\n", curcpu()->ci_index, + printf("cpu %d: ucode 0x%x->0x%x\n", cpuid, oucodeversion, nucodeversion); out: if (newbufsize != 0)
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: jym Date: Sun Oct 4 21:08:30 UTC 2015 Modified Files: src/sys/arch/x86/x86: cpu_ucode_intel.c Log Message: Cache CPU index in the non-preemptible part otherwise it can be unreliable (and report a CPU as patched while it was not). To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/sys/arch/x86/x86/cpu_ucode_intel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: jym Date: Sun Oct 6 17:25:34 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: ssh_config Log Message: Enable VerifyHostKeyDNS (SSHFP records verification) from DNS for hosts under NetBSD.org domain. Multiple TNF hosts have an up-to-date SSHFP record inside the DNS. This offers a second channel verification for host key fingerprints (weaker than known_hosts, but spoofing a host on first connect would also require DNS forgery). This can provide a trusted second channel (like DANE TLSA records) once DNSSEC gets more widely used, but for now it is purely informational. No regression expected, except that the ssh client will print a message upon first connect to confirm/infirm that it got a correct SSHFP record from DNS. Only done for NetBSD.org domain, SSHFP are sadly more an exception than the rule. Notified on netbsd-users@, no objection after a week -- committed. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/ssh_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh_config diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.4 src/crypto/external/bsd/openssh/dist/ssh_config:1.5 --- src/crypto/external/bsd/openssh/dist/ssh_config:1.4 Sun Nov 21 18:29:49 2010 +++ src/crypto/external/bsd/openssh/dist/ssh_config Sun Oct 6 17:25:34 2013 @@ -1,4 +1,4 @@ -# $NetBSD: ssh_config,v 1.4 2010/11/21 18:29:49 adam Exp $ +# $NetBSD: ssh_config,v 1.5 2013/10/06 17:25:34 jym Exp $ # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ # This is the ssh client system-wide configuration file. See @@ -48,3 +48,7 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com # If you use xorg from pkgsrc then uncomment the following line. # XAuthLocation /usr/pkg/bin/xauth + +# NetBSD.org DNS provides SSHFP records - use them when possible +Host *.netbsd.org *.NetBSD.org +VerifyHostKeyDNS ask
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: jym Date: Sun Oct 6 17:25:34 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: ssh_config Log Message: Enable VerifyHostKeyDNS (SSHFP records verification) from DNS for hosts under NetBSD.org domain. Multiple TNF hosts have an up-to-date SSHFP record inside the DNS. This offers a second channel verification for host key fingerprints (weaker than known_hosts, but spoofing a host on first connect would also require DNS forgery). This can provide a trusted second channel (like DANE TLSA records) once DNSSEC gets more widely used, but for now it is purely informational. No regression expected, except that the ssh client will print a message upon first connect to confirm/infirm that it got a correct SSHFP record from DNS. Only done for NetBSD.org domain, SSHFP are sadly more an exception than the rule. Notified on netbsd-users@, no objection after a week -- committed. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/ssh_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel
Module Name:src Committed By: jym Date: Mon Jan 28 00:51:30 UTC 2013 Modified Files: src/sys/secmodel/extensions: secmodel_extensions.c src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Re-instate backwards compatible security.models.bsd44.{curtain,securelevel}. They were mistakenly removed when curtain and securelevel moved to secmodel_extensions(9). Reported by tls@ on tech-security@. XXX will ask for pull-up for -6. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/extensions/secmodel_extensions.c cvs rdiff -u -r1.28 -r1.29 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/extensions/secmodel_extensions.c diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.3 src/sys/secmodel/extensions/secmodel_extensions.c:1.4 --- src/sys/secmodel/extensions/secmodel_extensions.c:1.3 Tue Mar 13 18:41:01 2012 +++ src/sys/secmodel/extensions/secmodel_extensions.c Mon Jan 28 00:51:29 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $ */ +/* $NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $ */ /*- * Copyright (c) 2011 Elad Efrat e...@netbsd.org * All rights reserved. @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_extensions.c,v 1.3 2012/03/13 18:41:01 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_extensions.c,v 1.4 2013/01/28 00:51:29 jym Exp $); #include sys/types.h #include sys/param.h @@ -73,7 +73,7 @@ static int secmodel_extensions_network_c static void sysctl_security_extensions_setup(struct sysctllog **clog) { - const struct sysctlnode *rnode; + const struct sysctlnode *rnode, *rnode2; sysctl_createv(clog, 0, NULL, rnode, CTLFLAG_PERMANENT, @@ -87,6 +87,23 @@ sysctl_security_extensions_setup(struct NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL); + /* Compatibility: security.models.bsd44 */ + rnode2 = rnode; + sysctl_createv(clog, 0, rnode2, rnode2, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, bsd44, NULL, + NULL, 0, NULL, 0, + CTL_CREATE, CTL_EOL); + +/* Compatibility: security.models.bsd44.curtain */ + sysctl_createv(clog, 0, rnode2, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, curtain, + SYSCTL_DESCR(Curtain information about objects to \ + users not owning them.), + sysctl_extensions_curtain_handler, 0, curtain, 0, + CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, rnode, rnode, CTLFLAG_PERMANENT, CTLTYPE_NODE, extensions, NULL, Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.28 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.29 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.28 Wed Jun 27 10:15:25 2012 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Mon Jan 28 00:51:30 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -35,7 +35,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.28 2012/06/27 10:15:25 cheusov Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.29 2013/01/28 00:51:30 jym Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -95,7 +95,7 @@ secmodel_securelevel_sysctl(SYSCTLFN_ARG void sysctl_security_securelevel_setup(struct sysctllog **clog) { - const struct sysctlnode *rnode; + const struct sysctlnode *rnode, *rnode2; sysctl_createv(clog, 0, NULL, rnode, CTLFLAG_PERMANENT, @@ -109,6 +109,22 @@ sysctl_security_securelevel_setup(struct NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL); + /* Compatibility: security.models.bsd44 */ + rnode2 = rnode; + sysctl_createv(clog, 0, rnode2, rnode2, + CTLFLAG_PERMANENT, + CTLTYPE_NODE, bsd44, NULL, + NULL, 0, NULL, 0, + CTL_CREATE, CTL_EOL); + +/* Compatibility: security.models.bsd44.securelevel */ + sysctl_createv(clog, 0, rnode2, NULL, + CTLFLAG_PERMANENT|CTLFLAG_READWRITE, + CTLTYPE_INT, securelevel, + SYSCTL_DESCR(System security level), + secmodel_securelevel_sysctl, 0, NULL, 0, + CTL_CREATE, CTL_EOL); + sysctl_createv(clog, 0, rnode, rnode, CTLFLAG_PERMANENT, CTLTYPE_NODE, securelevel, NULL,
CVS commit: src/sys/secmodel
Module Name:src Committed By: jym Date: Mon Jan 28 00:51:30 UTC 2013 Modified Files: src/sys/secmodel/extensions: secmodel_extensions.c src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Re-instate backwards compatible security.models.bsd44.{curtain,securelevel}. They were mistakenly removed when curtain and securelevel moved to secmodel_extensions(9). Reported by tls@ on tech-security@. XXX will ask for pull-up for -6. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/extensions/secmodel_extensions.c cvs rdiff -u -r1.28 -r1.29 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: jym Date: Wed Aug 8 23:24:40 UTC 2012 Modified Files: src/doc: CHANGES.prev Log Message: Document virtio(4) addition in CHANGES. Noticed by Emmanuel Kasper on tech-kern@. virtio(4) is the VirtIO protocol used by KVM to drastically improve the performance of virtualized peripherals. virtio(4) originally written by minoura@; imported in src by hannken@ around 2011-10-30. To generate a diff of this commit: cvs rdiff -u -r1.109 -r1.110 src/doc/CHANGES.prev Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES.prev diff -u src/doc/CHANGES.prev:1.109 src/doc/CHANGES.prev:1.110 --- src/doc/CHANGES.prev:1.109 Wed Jun 20 07:42:27 2012 +++ src/doc/CHANGES.prev Wed Aug 8 23:24:40 2012 @@ -1,4 +1,4 @@ -LIST OF CHANGES FROM PREVIOUS RELEASES: $Revision: 1.109 $ +LIST OF CHANGES FROM PREVIOUS RELEASES: $Revision: 1.110 $ Changes from 386bsd 0.1 + patchkit 0.2.2 to NetBSD 0.8: @@ -11062,6 +11062,8 @@ Changes from NetBSD 5.0 to NetBSD 6.0: powerpc: Switch to GDB 7.3.1. [mrg 20111024] efa(4): Add driver for ELBOX FastATA 1200. [rkujawa 20111028] postfix(1): Import version 2.8.6 [tron 20111028] + virtio(4): Add virtio driver. Speeds up I/O under KVM platform. + [hannken 20111030] zoneinfo: Import tzdata2011n. [apb 2002] tre: Incorporate library. Adds agrep. This library provides regcomp/regexec/regerror/regfree as a binary compatible
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Sun Jul 22 19:30:19 UTC 2012 Modified Files: src/sys/arch/xen/xen: xen_machdep.c Log Message: Don't leak stack content when reading the Xen suspend value. XXX pull-up to -6. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/sys/arch/xen/xen/xen_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/xen_machdep.c diff -u src/sys/arch/xen/xen/xen_machdep.c:1.11 src/sys/arch/xen/xen/xen_machdep.c:1.12 --- src/sys/arch/xen/xen/xen_machdep.c:1.11 Sat Jun 30 22:50:37 2012 +++ src/sys/arch/xen/xen/xen_machdep.c Sun Jul 22 19:30:19 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xen_machdep.c,v 1.11 2012/06/30 22:50:37 jym Exp $ */ +/* $NetBSD: xen_machdep.c,v 1.12 2012/07/22 19:30:19 jym Exp $ */ /* * Copyright (c) 2006 Manuel Bouyer. @@ -53,7 +53,7 @@ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: xen_machdep.c,v 1.11 2012/06/30 22:50:37 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: xen_machdep.c,v 1.12 2012/07/22 19:30:19 jym Exp $); #include opt_xen.h @@ -247,7 +247,7 @@ sysctl_xen_suspend_setup(void) CTL_CREATE, CTL_EOL); sysctl_createv(NULL, 0, node, node, - CTLFLAG_PERMANENT | CTLFLAG_READWRITE, + CTLFLAG_PERMANENT | CTLFLAG_READWRITE | CTLFLAG_IMMEDIATE, CTLTYPE_INT, suspend, SYSCTL_DESCR(Suspend/save current Xen domain), sysctl_xen_suspend, 0, NULL, 0, @@ -257,11 +257,10 @@ sysctl_xen_suspend_setup(void) static int sysctl_xen_suspend(SYSCTLFN_ARGS) { - int error, t; + int error; struct sysctlnode node; node = *rnode; - node.sysctl_data = t; error = sysctl_lookup(SYSCTLFN_CALL(node)); if (error || newp == NULL)
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Mon Jul 23 01:31:02 UTC 2012 Modified Files: src/sys/arch/xen/xen: xbdback_xenbus.c Log Message: Add more ratechecks to avoid console spam when the backend gets a stream of errors. Remove the unused xbdi_errps (error per second) variable. Errors should rather be tracked in absolute, with a threshold that forces a time penalty to the xbdback thread when frontend goes nuts. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sys/arch/xen/xen/xbdback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/xbdback_xenbus.c diff -u src/sys/arch/xen/xen/xbdback_xenbus.c:1.56 src/sys/arch/xen/xen/xbdback_xenbus.c:1.57 --- src/sys/arch/xen/xen/xbdback_xenbus.c:1.56 Wed May 23 10:01:51 2012 +++ src/sys/arch/xen/xen/xbdback_xenbus.c Mon Jul 23 01:31:01 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xbdback_xenbus.c,v 1.56 2012/05/23 10:01:51 cegger Exp $ */ +/* $NetBSD: xbdback_xenbus.c,v 1.57 2012/07/23 01:31:01 jym Exp $ */ /* * Copyright (c) 2006 Manuel Bouyer. @@ -26,7 +26,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: xbdback_xenbus.c,v 1.56 2012/05/23 10:01:51 cegger Exp $); +__KERNEL_RCSID(0, $NetBSD: xbdback_xenbus.c,v 1.57 2012/07/23 01:31:01 jym Exp $); #include sys/atomic.h #include sys/buf.h @@ -198,7 +198,6 @@ struct xbdback_instance { /* other state */ int xbdi_same_page; /* are we merging two segments on the same page? */ uint xbdi_pendingreqs; /* number of I/O in fly */ - int xbdi_errps; /* errors per second */ struct timeval xbdi_lasterr_time;/* error time tracking */ #ifdef DEBUG struct timeval xbdi_lastfragio_time; /* fragmented I/O tracking */ @@ -1460,8 +1459,11 @@ xbdback_co_io_gotfrag2(struct xbdback_in seg_size = this_ls - this_fs + 1; if (seg_size 0) { - printf(xbdback_io domain %d: negative-size request (%d %d)\n, - xbdi-xbdi_domid, this_ls, this_fs); + if (ratecheck(xbdi-xbdi_lasterr_time, xbdback_err_intvl)) { + printf(xbdback_io domain %d: negative-size request + (%d %d)\n, + xbdi-xbdi_domid, this_ls, this_fs); + } xbdback_io_error(xbdi-xbdi_io, EINVAL); xbdi-xbdi_io = NULL; xbdi-xbdi_cont = xbdback_co_main_incr; @@ -1775,7 +1777,9 @@ xbdback_map_shm(struct xbdback_io *xbd_i xbdi-xbdi_cont = xbdback_co_wait_shm_callback; return NULL; default: - printf(xbdback_map_shm: xen_shm error %d , error); + if (ratecheck(xbdi-xbdi_lasterr_time, xbdback_err_intvl)) { + printf(xbdback_map_shm: xen_shm error %d , error); + } xbdback_io_error(xbdi-xbdi_io, error); xbdi-xbdi_io = NULL; xbdi-xbdi_cont = xbdi-xbdi_cont_aux;
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Sun Jul 22 19:30:19 UTC 2012 Modified Files: src/sys/arch/xen/xen: xen_machdep.c Log Message: Don't leak stack content when reading the Xen suspend value. XXX pull-up to -6. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/sys/arch/xen/xen/xen_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Mon Jul 23 01:31:02 UTC 2012 Modified Files: src/sys/arch/xen/xen: xbdback_xenbus.c Log Message: Add more ratechecks to avoid console spam when the backend gets a stream of errors. Remove the unused xbdi_errps (error per second) variable. Errors should rather be tracked in absolute, with a threshold that forces a time penalty to the xbdback thread when frontend goes nuts. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sys/arch/xen/xen/xbdback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jym Date: Mon Jul 2 21:10:31 UTC 2012 Modified Files: src/distrib/sets/lists/comp: mi src/share/man/man9: Makefile uvm.9 Log Message: Document atop(9), ptoa(9), round_page(9) and trunc_page(9). To generate a diff of this commit: cvs rdiff -u -r1.1767 -r1.1768 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.365 -r1.366 src/share/man/man9/Makefile cvs rdiff -u -r1.106 -r1.107 src/share/man/man9/uvm.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/comp/mi diff -u src/distrib/sets/lists/comp/mi:1.1767 src/distrib/sets/lists/comp/mi:1.1768 --- src/distrib/sets/lists/comp/mi:1.1767 Wed Jun 27 22:18:06 2012 +++ src/distrib/sets/lists/comp/mi Mon Jul 2 21:10:30 2012 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.1767 2012/06/27 22:18:06 jdf Exp $ +# $NetBSD: mi,v 1.1768 2012/07/02 21:10:30 jym Exp $ # # Note: don't delete entries from here - mark them as obsolete instead. # @@ -9709,6 +9709,7 @@ ./usr/share/man/cat9/VOP_WHITEOUT.0 comp-sys-catman .cat ./usr/share/man/cat9/VOP_WRITE.0 comp-sys-catman .cat ./usr/share/man/cat9/VREF.0 comp-obsolete obsolete +./usr/share/man/cat9/atop.0 comp-sys-catman .cat ./usr/share/man/cat9/accept_filt_add.0 comp-sys-catman .cat ./usr/share/man/cat9/accept_filt_del.0 comp-sys-catman .cat ./usr/share/man/cat9/accept_filt_generic_mod_event.0 comp-sys-catman .cat @@ -10617,6 +10618,7 @@ ./usr/share/man/cat9/pserialize_read_enter.0 comp-sys-catman .cat ./usr/share/man/cat9/pserialize_read_exit.0 comp-sys-catman .cat ./usr/share/man/cat9/psignal.0 comp-sys-catman .cat +./usr/share/man/cat9/ptoa.0 comp-sys-catman .cat ./usr/share/man/cat9/putiobuf.0 comp-sys-catman .cat ./usr/share/man/cat9/putter.0 comp-sys-catman .cat ./usr/share/man/cat9/radio.0 comp-sys-catman .cat @@ -10639,6 +10641,7 @@ ./usr/share/man/cat9/rnd_attach_source.0 comp-sys-catman .cat ./usr/share/man/cat9/rnd_detach_source.0 comp-sys-catman .cat ./usr/share/man/cat9/rnd_extract_data.0 comp-sys-catman .cat +./usr/share/man/cat9/round_page.0 comp-sys-catman .cat ./usr/share/man/cat9/rounddown.0 comp-sys-catman .cat ./usr/share/man/cat9/roundup.0 comp-sys-catman .cat ./usr/share/man/cat9/roundup2.0 comp-sys-catman .cat @@ -10833,6 +10836,7 @@ ./usr/share/man/cat9/tprintf_open.0 comp-sys-catman .cat ./usr/share/man/cat9/transferlockers.0 comp-sys-catman .cat ./usr/share/man/cat9/trapsignal.0 comp-sys-catman .cat +./usr/share/man/cat9/trunc_page.0 comp-sys-catman .cat ./usr/share/man/cat9/tsleep.0 comp-sys-catman .cat ./usr/share/man/cat9/ttyldisc_add.0 comp-sys-catman .cat ./usr/share/man/cat9/ttyldisc_lookup.0 comp-sys-catman .cat @@ -15983,6 +15987,7 @@ ./usr/share/man/html9/VOP_WHITEOUT.html comp-sys-htmlman html ./usr/share/man/html9/VOP_WRITE.html comp-sys-htmlman html ./usr/share/man/html9/VREF.html comp-obsolete obsolete +./usr/share/man/html9/atop.html comp-sys-htmlman html ./usr/share/man/html9/accept_filt_add.html comp-sys-htmlman html ./usr/share/man/html9/accept_filt_del.html comp-sys-htmlman html ./usr/share/man/html9/accept_filt_generic_mod_event.html comp-sys-htmlman html @@ -16852,6 +16857,7 @@ ./usr/share/man/html9/pserialize_read_enter.html comp-sys-htmlman html ./usr/share/man/html9/pserialize_read_exit.html comp-sys-htmlman html ./usr/share/man/html9/psignal.html comp-sys-htmlman html +./usr/share/man/html9/ptoa.html comp-sys-htmlman html ./usr/share/man/html9/putiobuf.html comp-sys-htmlman html ./usr/share/man/html9/putter.html comp-sys-htmlman html ./usr/share/man/html9/radio.html comp-sys-htmlman html @@ -16873,6 +16879,7 @@ ./usr/share/man/html9/rnd_attach_source.html comp-sys-htmlman html ./usr/share/man/html9/rnd_detach_source.html comp-sys-htmlman html ./usr/share/man/html9/rnd_extract_data.html comp-sys-htmlman html +./usr/share/man/html9/round_page.html comp-sys-htmlman html ./usr/share/man/html9/rounddown.html comp-sys-htmlman html ./usr/share/man/html9/roundup.html comp-sys-htmlman html ./usr/share/man/html9/roundup2.html comp-sys-htmlman html @@ -17054,6 +17061,7 @@ ./usr/share/man/html9/tprintf_open.html comp-sys-htmlman html ./usr/share/man/html9/transferlockers.html comp-sys-htmlman html ./usr/share/man/html9/trapsignal.html comp-sys-htmlman html +./usr/share/man/html9/trunc_page.html comp-sys-htmlman html ./usr/share/man/html9/tsleep.html comp-sys-htmlman html ./usr/share/man/html9/ttyldisc_add.html comp-sys-htmlman html ./usr/share/man/html9/ttyldisc_lookup.html comp-sys-htmlman html @@ -22364,6 +22372,7 @@ ./usr/share/man/man9/VOP_WHITEOUT.9 comp-sys-man .man ./usr/share/man/man9/VOP_WRITE.9 comp-sys-man .man ./usr/share/man/man9/VREF.9 comp-obsolete obsolete +./usr/share/man/man9/atop.9 comp-sys-man .man ./usr/share/man/man9/accept_filt_add.9 comp-sys-man .man
CVS commit: src
Module Name:src Committed By: jym Date: Mon Jul 2 21:10:31 UTC 2012 Modified Files: src/distrib/sets/lists/comp: mi src/share/man/man9: Makefile uvm.9 Log Message: Document atop(9), ptoa(9), round_page(9) and trunc_page(9). To generate a diff of this commit: cvs rdiff -u -r1.1767 -r1.1768 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.365 -r1.366 src/share/man/man9/Makefile cvs rdiff -u -r1.106 -r1.107 src/share/man/man9/uvm.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Sat Jun 30 22:50:37 UTC 2012 Modified Files: src/sys/arch/amd64/include: pmap.h src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/x86: x86_xpmap.c xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c xen_machdep.c xennetback_xenbus.c Log Message: Extend the xpmap API, as described in [1]. This change is mechanical and avoids exposing the MD phys_to_machine/machine_to_phys tables directly. Added: - xpmap_ptom handles PFN (pseudo physical) to MFN (machine frame number) translations, and is under control of the domain. - xpmap_mtop is its counterpart (MFN to PFN), and is under control of hypervisor. xpmap_ptom_map() map a pseudo-phys address to a machine address xpmap_ptom_unmap()unmap a pseudo-phys address (invalidation) xpmap_ptom_isvalid() check for pseudo-phys address validity The parameters are physical/machine addresses, like bus_dma/bus_space(9). As x86 MFNs are tracked by u_long (Xen's choice) while machine addresses can be 64 bits entities (PAE), use ptoa() to avoid truncation when bit shifting by PAGE_SHIFT. I kept the same namespace (xpmap_) to avoid code churn. [1] http://mail-index.netbsd.org/port-xen/2009/05/09/msg004951.html XXX will document ptoa/atop/trunc_page separately. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/sys/arch/amd64/include/pmap.h cvs rdiff -u -r1.36 -r1.37 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.45 -r1.46 src/sys/arch/xen/x86/x86_xpmap.c cvs rdiff -u -r1.24 -r1.25 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.14 -r1.15 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.60 -r1.61 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.10 -r1.11 src/sys/arch/xen/xen/xen_machdep.c cvs rdiff -u -r1.48 -r1.49 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/include/pmap.h diff -u src/sys/arch/amd64/include/pmap.h:1.33 src/sys/arch/amd64/include/pmap.h:1.34 --- src/sys/arch/amd64/include/pmap.h:1.33 Mon Jun 11 15:18:26 2012 +++ src/sys/arch/amd64/include/pmap.h Sat Jun 30 22:50:36 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: pmap.h,v 1.33 2012/06/11 15:18:26 chs Exp $ */ +/* $NetBSD: pmap.h,v 1.34 2012/06/30 22:50:36 jym Exp $ */ /* * Copyright (c) 1997 Charles D. Cranor and Washington University. @@ -258,6 +258,7 @@ pmap_pte2pa(pt_entry_t pte) { return xpmap_mtop_masked(pte PG_FRAME); } + static __inline void pmap_pte_set(pt_entry_t *pte, pt_entry_t npte) { Index: src/sys/arch/xen/include/xenpmap.h diff -u src/sys/arch/xen/include/xenpmap.h:1.36 src/sys/arch/xen/include/xenpmap.h:1.37 --- src/sys/arch/xen/include/xenpmap.h:1.36 Wed Jun 27 00:37:09 2012 +++ src/sys/arch/xen/include/xenpmap.h Sat Jun 30 22:50:36 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xenpmap.h,v 1.36 2012/06/27 00:37:09 jym Exp $ */ +/* $NetBSD: xenpmap.h,v 1.37 2012/06/30 22:50:36 jym Exp $ */ /* * @@ -76,9 +76,6 @@ void xen_kpm_sync(struct pmap *, int); extern unsigned long *xpmap_phys_to_machine_mapping; -#define mfn_to_pfn(mfn) (machine_to_phys_mapping[(mfn)]) -#define pfn_to_mfn(pfn) (xpmap_phys_to_machine_mapping[(pfn)]) - static __inline paddr_t xpmap_mtop_masked(paddr_t mpa) { @@ -95,7 +92,8 @@ xpmap_mtop(paddr_t mpa) static __inline paddr_t xpmap_ptom_masked(paddr_t ppa) { - return (((paddr_t)xpmap_phys_to_machine_mapping[(ppa) PAGE_SHIFT]) + return ( + (paddr_t)xpmap_phys_to_machine_mapping[ppa PAGE_SHIFT] PAGE_SHIFT); } @@ -105,6 +103,26 @@ xpmap_ptom(paddr_t ppa) return (xpmap_ptom_masked(ppa) | (ppa ~PG_FRAME)); } +static __inline void +xpmap_ptom_map(paddr_t ppa, paddr_t mpa) +{ + xpmap_phys_to_machine_mapping[ppa PAGE_SHIFT] = mpa PAGE_SHIFT; +} + +static __inline void +xpmap_ptom_unmap(paddr_t ppa) +{ + xpmap_phys_to_machine_mapping[ppa PAGE_SHIFT] = INVALID_P2M_ENTRY; +} + +static __inline bool +xpmap_ptom_isvalid(paddr_t ppa) +{ + return ( + xpmap_phys_to_machine_mapping[ppa PAGE_SHIFT] + != INVALID_P2M_ENTRY); +} + static inline void MULTI_update_va_mapping( multicall_entry_t *mcl, vaddr_t va, Index: src/sys/arch/xen/x86/x86_xpmap.c diff -u src/sys/arch/xen/x86/x86_xpmap.c:1.45 src/sys/arch/xen/x86/x86_xpmap.c:1.46 --- src/sys/arch/xen/x86/x86_xpmap.c:1.45 Wed Jun 27 00:37:10 2012 +++ src/sys/arch/xen/x86/x86_xpmap.c Sat Jun 30 22:50:37 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: x86_xpmap.c,v 1.45 2012/06/27 00:37:10 jym Exp $ */ +/* $NetBSD: x86_xpmap.c,v 1.46 2012/06/30 22:50:37 jym Exp $ */ /* * Copyright (c) 2006 Mathieu Ropert m...@adviseo.fr @@ -69,7 +69,7 @@ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: x86_xpmap.c,v 1.45 2012/06/27 00:37:10 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: x86_xpmap.c,v 1.46 2012/06/30 22:50:37 jym Exp $); #include opt_xen.h #include opt_ddb.h @@ -1092,7 +1092,7 @@ xen_set_user_pgd(paddr_t
CVS commit: src/sys/arch/xen
Module Name:src Committed By: jym Date: Sat Jun 30 23:36:20 UTC 2012 Modified Files: src/sys/arch/xen/x86: xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c xengnt.c xennetback_xenbus.c Log Message: Use setter to set xenguest_handles. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.15 -r1.16 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.61 -r1.62 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.23 -r1.24 src/sys/arch/xen/xen/xengnt.c cvs rdiff -u -r1.49 -r1.50 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/x86/xen_bus_dma.c diff -u src/sys/arch/xen/x86/xen_bus_dma.c:1.25 src/sys/arch/xen/x86/xen_bus_dma.c:1.26 --- src/sys/arch/xen/x86/xen_bus_dma.c:1.25 Sat Jun 30 22:50:37 2012 +++ src/sys/arch/xen/x86/xen_bus_dma.c Sat Jun 30 23:36:20 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xen_bus_dma.c,v 1.25 2012/06/30 22:50:37 jym Exp $ */ +/* $NetBSD: xen_bus_dma.c,v 1.26 2012/06/30 23:36:20 jym Exp $ */ /* NetBSD bus_dma.c,v 1.21 2005/04/16 07:53:35 yamt Exp */ /*- @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: xen_bus_dma.c,v 1.25 2012/06/30 22:50:37 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: xen_bus_dma.c,v 1.26 2012/06/30 23:36:20 jym Exp $); #include sys/param.h #include sys/systm.h @@ -91,7 +91,7 @@ _xen_alloc_contig(bus_size_t size, bus_s pa = VM_PAGE_TO_PHYS(pg); mfn = xpmap_ptom(pa) PAGE_SHIFT; xpmap_ptom_unmap(pa); - xenguest_handle(res.extent_start) = mfn; + set_xen_guest_handle(res.extent_start, mfn); res.nr_extents = 1; res.extent_order = 0; res.address_bits = 0; @@ -110,7 +110,7 @@ _xen_alloc_contig(bus_size_t size, bus_s } } /* Get the new contiguous memory extent */ - xenguest_handle(res.extent_start) = mfn; + set_xen_guest_handle(res.extent_start, mfn); res.nr_extents = 1; res.extent_order = order; res.address_bits = get_order(high) + PAGE_SHIFT; @@ -163,7 +163,7 @@ failed: s = splvm(); for (pg = mlistp-tqh_first; pg != NULL; pg = pgnext) { pgnext = pg-pageq.queue.tqe_next; - xenguest_handle(res.extent_start) = mfn; + set_xen_guest_handle(res.extent_start, mfn); res.nr_extents = 1; res.extent_order = 0; res.address_bits = 32; Index: src/sys/arch/xen/xen/balloon.c diff -u src/sys/arch/xen/xen/balloon.c:1.15 src/sys/arch/xen/xen/balloon.c:1.16 --- src/sys/arch/xen/xen/balloon.c:1.15 Sat Jun 30 22:50:37 2012 +++ src/sys/arch/xen/xen/balloon.c Sat Jun 30 23:36:20 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: balloon.c,v 1.15 2012/06/30 22:50:37 jym Exp $ */ +/* $NetBSD: balloon.c,v 1.16 2012/06/30 23:36:20 jym Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ #define BALLOONDEBUG 0 #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.15 2012/06/30 22:50:37 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.16 2012/06/30 23:36:20 jym Exp $); #include sys/inttypes.h #include sys/device.h @@ -407,7 +407,7 @@ balloon_inflate(struct balloon_xenbus_so } /* Hand over pages to Hypervisor */ - xenguest_handle(reservation.extent_start) = mfn_list; + set_xen_guest_handle(reservation.extent_start, mfn_list); reservation.nr_extents = rpages; s = splvm(); @@ -471,7 +471,7 @@ balloon_deflate(struct balloon_xenbus_so } /* reclaim pages from balloon */ - xenguest_handle(reservation.extent_start) = mfn_list; + set_xen_guest_handle(reservation.extent_start, mfn_list); reservation.nr_extents = tpages; s = splvm(); Index: src/sys/arch/xen/xen/if_xennet_xenbus.c diff -u src/sys/arch/xen/xen/if_xennet_xenbus.c:1.61 src/sys/arch/xen/xen/if_xennet_xenbus.c:1.62 --- src/sys/arch/xen/xen/if_xennet_xenbus.c:1.61 Sat Jun 30 22:50:37 2012 +++ src/sys/arch/xen/xen/if_xennet_xenbus.c Sat Jun 30 23:36:20 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: if_xennet_xenbus.c,v 1.61 2012/06/30 22:50:37 jym Exp $ */ +/* $NetBSD: if_xennet_xenbus.c,v 1.62 2012/06/30 23:36:20 jym Exp $ */ /* * Copyright (c) 2006 Manuel Bouyer. @@ -85,7 +85,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: if_xennet_xenbus.c,v 1.61 2012/06/30 22:50:37 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: if_xennet_xenbus.c,v 1.62 2012/06/30 23:36:20 jym Exp $); #include opt_xen.h #include opt_nfs_boot.h @@ -754,7 +754,7 @@ out_loop: xpq_flush_queue(); splx(s); /* now decrease reservation */ - xenguest_handle(reservation.extent_start) = xennet_pages; + set_xen_guest_handle(reservation.extent_start, xennet_pages); reservation.nr_extents = i; reservation.extent_order = 0; reservation.address_bits = 0; @@ -820,7 +820,8 @@ xennet_free_rx_buffer(struct xennet_xenb * transfer not complete, we lost the page. * Get one from hypervisor */ - xenguest_handle(xenres.extent_start) = pfn; +
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Sat Jun 30 22:50:37 UTC 2012 Modified Files: src/sys/arch/amd64/include: pmap.h src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/x86: x86_xpmap.c xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c xen_machdep.c xennetback_xenbus.c Log Message: Extend the xpmap API, as described in [1]. This change is mechanical and avoids exposing the MD phys_to_machine/machine_to_phys tables directly. Added: - xpmap_ptom handles PFN (pseudo physical) to MFN (machine frame number) translations, and is under control of the domain. - xpmap_mtop is its counterpart (MFN to PFN), and is under control of hypervisor. xpmap_ptom_map() map a pseudo-phys address to a machine address xpmap_ptom_unmap()unmap a pseudo-phys address (invalidation) xpmap_ptom_isvalid() check for pseudo-phys address validity The parameters are physical/machine addresses, like bus_dma/bus_space(9). As x86 MFNs are tracked by u_long (Xen's choice) while machine addresses can be 64 bits entities (PAE), use ptoa() to avoid truncation when bit shifting by PAGE_SHIFT. I kept the same namespace (xpmap_) to avoid code churn. [1] http://mail-index.netbsd.org/port-xen/2009/05/09/msg004951.html XXX will document ptoa/atop/trunc_page separately. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/sys/arch/amd64/include/pmap.h cvs rdiff -u -r1.36 -r1.37 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.45 -r1.46 src/sys/arch/xen/x86/x86_xpmap.c cvs rdiff -u -r1.24 -r1.25 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.14 -r1.15 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.60 -r1.61 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.10 -r1.11 src/sys/arch/xen/xen/xen_machdep.c cvs rdiff -u -r1.48 -r1.49 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen
Module Name:src Committed By: jym Date: Sat Jun 30 23:36:20 UTC 2012 Modified Files: src/sys/arch/xen/x86: xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c xengnt.c xennetback_xenbus.c Log Message: Use setter to set xenguest_handles. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.15 -r1.16 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.61 -r1.62 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.23 -r1.24 src/sys/arch/xen/xen/xengnt.c cvs rdiff -u -r1.49 -r1.50 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Wed Jun 27 00:37:10 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: machdep.c src/sys/arch/i386/conf: XEN3_DOMU src/sys/arch/i386/i386: locore.S machdep.c src/sys/arch/xen/conf: files.xen src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/include/i386: hypercalls.h src/sys/arch/xen/x86: x86_xpmap.c xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c privcmd.c xennetback_xenbus.c Log Message: Retire XEN_COMPAT_030001 as detailed on port-xen@: http://mail-index.netbsd.org/port-xen/2012/06/25/msg007431.html The xen_p2m API comes next. ok bouyer@. Tested on i386 PAE and amd64 (Xen 3.3 on private test bed, and Xen 3.4 for Amazon EC2). FWIW, Amazon always reported: hypervisor0 at mainbus0: Xen version 3.4.3-kaos_t1micro multiple times for Europe and US West-1, so I guess they are now at 3.4 (32 and 64 bits). To generate a diff of this commit: cvs rdiff -u -r1.186 -r1.187 src/sys/arch/amd64/amd64/machdep.c cvs rdiff -u -r1.43 -r1.44 src/sys/arch/i386/conf/XEN3_DOMU cvs rdiff -u -r1.100 -r1.101 src/sys/arch/i386/i386/locore.S cvs rdiff -u -r1.728 -r1.729 src/sys/arch/i386/i386/machdep.c cvs rdiff -u -r1.126 -r1.127 src/sys/arch/xen/conf/files.xen cvs rdiff -u -r1.35 -r1.36 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.14 -r1.15 src/sys/arch/xen/include/i386/hypercalls.h cvs rdiff -u -r1.44 -r1.45 src/sys/arch/xen/x86/x86_xpmap.c cvs rdiff -u -r1.23 -r1.24 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.13 -r1.14 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.59 -r1.60 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.43 -r1.44 src/sys/arch/xen/xen/privcmd.c cvs rdiff -u -r1.47 -r1.48 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/machdep.c diff -u src/sys/arch/amd64/amd64/machdep.c:1.186 src/sys/arch/amd64/amd64/machdep.c:1.187 --- src/sys/arch/amd64/amd64/machdep.c:1.186 Sat Jun 16 20:47:04 2012 +++ src/sys/arch/amd64/amd64/machdep.c Wed Jun 27 00:37:07 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: machdep.c,v 1.186 2012/06/16 20:47:04 dsl Exp $ */ +/* $NetBSD: machdep.c,v 1.187 2012/06/27 00:37:07 jym Exp $ */ /*- * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011 @@ -111,7 +111,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: machdep.c,v 1.186 2012/06/16 20:47:04 dsl Exp $); +__KERNEL_RCSID(0, $NetBSD: machdep.c,v 1.187 2012/06/27 00:37:07 jym Exp $); /* #define XENDEBUG_LOW */ @@ -1723,7 +1723,7 @@ init_x86_64(paddr_t first_avail) /* Determine physical address space */ avail_start = first_avail; avail_end = ctob(xen_start_info.nr_pages); - pmap_pa_start = XPMAP_OFFSET; + pmap_pa_start = 0; pmap_pa_end = pmap_pa_start + ctob(xen_start_info.nr_pages); __PRINTK((pmap_pa_start 0x%lx avail_start 0x%lx avail_end 0x%lx\n, pmap_pa_start, avail_start, avail_end)); Index: src/sys/arch/i386/conf/XEN3_DOMU diff -u src/sys/arch/i386/conf/XEN3_DOMU:1.43 src/sys/arch/i386/conf/XEN3_DOMU:1.44 --- src/sys/arch/i386/conf/XEN3_DOMU:1.43 Sat Mar 10 21:51:53 2012 +++ src/sys/arch/i386/conf/XEN3_DOMU Wed Jun 27 00:37:08 2012 @@ -1,4 +1,4 @@ -# $NetBSD: XEN3_DOMU,v 1.43 2012/03/10 21:51:53 joerg Exp $ +# $NetBSD: XEN3_DOMU,v 1.44 2012/06/27 00:37:08 jym Exp $ include arch/xen/conf/std.xen @@ -166,7 +166,6 @@ options NFS_BOOT_DHCP,NFS_BOOT_BOOTPARA #options NFS_BOOTSTATIC_SERVER=\server:/path/to/root\ #options __XEN_INTERFACE_VERSION__=0x00030205 # Xen 3.1 interface -options XEN_COMPAT_030001 #compatible with Xen3 before 3.0.2 options MAXPHYS=32768 #xbd doesn't handle 64k transfers config netbsd root on ? type ? Index: src/sys/arch/i386/i386/locore.S diff -u src/sys/arch/i386/i386/locore.S:1.100 src/sys/arch/i386/i386/locore.S:1.101 --- src/sys/arch/i386/i386/locore.S:1.100 Sat Jun 16 17:30:19 2012 +++ src/sys/arch/i386/i386/locore.S Wed Jun 27 00:37:08 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.100 2012/06/16 17:30:19 chs Exp $ */ +/* $NetBSD: locore.S,v 1.101 2012/06/27 00:37:08 jym Exp $ */ /* * Copyright-o-rama! @@ -129,7 +129,7 @@ */ #include machine/asm.h -__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.100 2012/06/16 17:30:19 chs Exp $); +__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.101 2012/06/27 00:37:08 jym Exp $); #include opt_compat_oldboot.h #include opt_ddb.h @@ -169,18 +169,11 @@ __KERNEL_RCSID(0, $NetBSD: locore.S,v 1 */ .section __xen_guest .ascii GUEST_OS=netbsd,GUEST_VER=3.0,XEN_VER=xen-3.0 -#if defined(DOM0OPS) || !defined(XEN_COMPAT_030001) .ascii ,VIRT_BASE=0xc000 /* KERNBASE */ .ascii ,ELF_PADDR_OFFSET=0xc000 /* KERNBASE */ -#else - .ascii ,VIRT_BASE=0xc010 /* KERNTEXTOFF */ - .ascii ,ELF_PADDR_OFFSET=0xc010 /* KERNTEXTOFF */ -#endif .ascii ,VIRT_ENTRY=0xc010 /* KERNTEXTOFF */
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Wed Jun 27 00:37:10 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: machdep.c src/sys/arch/i386/conf: XEN3_DOMU src/sys/arch/i386/i386: locore.S machdep.c src/sys/arch/xen/conf: files.xen src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/include/i386: hypercalls.h src/sys/arch/xen/x86: x86_xpmap.c xen_bus_dma.c src/sys/arch/xen/xen: balloon.c if_xennet_xenbus.c privcmd.c xennetback_xenbus.c Log Message: Retire XEN_COMPAT_030001 as detailed on port-xen@: http://mail-index.netbsd.org/port-xen/2012/06/25/msg007431.html The xen_p2m API comes next. ok bouyer@. Tested on i386 PAE and amd64 (Xen 3.3 on private test bed, and Xen 3.4 for Amazon EC2). FWIW, Amazon always reported: hypervisor0 at mainbus0: Xen version 3.4.3-kaos_t1micro multiple times for Europe and US West-1, so I guess they are now at 3.4 (32 and 64 bits). To generate a diff of this commit: cvs rdiff -u -r1.186 -r1.187 src/sys/arch/amd64/amd64/machdep.c cvs rdiff -u -r1.43 -r1.44 src/sys/arch/i386/conf/XEN3_DOMU cvs rdiff -u -r1.100 -r1.101 src/sys/arch/i386/i386/locore.S cvs rdiff -u -r1.728 -r1.729 src/sys/arch/i386/i386/machdep.c cvs rdiff -u -r1.126 -r1.127 src/sys/arch/xen/conf/files.xen cvs rdiff -u -r1.35 -r1.36 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.14 -r1.15 src/sys/arch/xen/include/i386/hypercalls.h cvs rdiff -u -r1.44 -r1.45 src/sys/arch/xen/x86/x86_xpmap.c cvs rdiff -u -r1.23 -r1.24 src/sys/arch/xen/x86/xen_bus_dma.c cvs rdiff -u -r1.13 -r1.14 src/sys/arch/xen/xen/balloon.c cvs rdiff -u -r1.59 -r1.60 src/sys/arch/xen/xen/if_xennet_xenbus.c cvs rdiff -u -r1.43 -r1.44 src/sys/arch/xen/xen/privcmd.c cvs rdiff -u -r1.47 -r1.48 src/sys/arch/xen/xen/xennetback_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Jun 24 13:56:10 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: Update comment: we stopped using xcall to sync PTP between CPUs. pmap_kpm_sync_xcall = xen_kpm_sync To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/x86/cpu.c diff -u src/sys/arch/xen/x86/cpu.c:1.92 src/sys/arch/xen/x86/cpu.c:1.93 --- src/sys/arch/xen/x86/cpu.c:1.92 Wed Jun 6 22:22:41 2012 +++ src/sys/arch/xen/x86/cpu.c Sun Jun 24 13:56:10 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu.c,v 1.92 2012/06/06 22:22:41 rmind Exp $ */ +/* $NetBSD: cpu.c,v 1.93 2012/06/24 13:56:10 jym Exp $ */ /* NetBSD: cpu.c,v 1.18 2004/02/20 17:35:01 yamt Exp */ /*- @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.92 2012/06/06 22:22:41 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.93 2012/06/24 13:56:10 jym Exp $); #include opt_ddb.h #include opt_multiprocessor.h @@ -1113,7 +1113,7 @@ cpu_load_pmap(struct pmap *pmap, struct cpuid_t cid = cpu_index(ci); mutex_enter(ci-ci_kpm_mtx); - /* make new pmap visible to pmap_kpm_sync_xcall() */ + /* make new pmap visible to xen_kpm_sync() */ kcpuset_atomic_set(pmap-pm_xen_ptp_cpus, cid); #endif #ifdef i386 @@ -1166,7 +1166,7 @@ cpu_load_pmap(struct pmap *pmap, struct #endif /* __x86_64__ */ #if defined(__x86_64__) || defined(PAE) - /* old pmap no longer visible to pmap_kpm_sync_xcall() */ + /* old pmap no longer visible to xen_kpm_sync() */ if (oldpmap != pmap_kernel()) { kcpuset_atomic_clear(oldpmap-pm_xen_ptp_cpus, cid); }
CVS commit: src/sys/arch/xen
Module Name:src Committed By: jym Date: Sun Jun 24 18:31:53 UTC 2012 Modified Files: src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/x86: xen_pmap.c Log Message: Enable the map/unmap recursive mapping functions for all Xen ports for save/restore. For an unknown reason (to me) Xen refuses to update VM translations when the entry is pointing back to itself (which is precisely what our recursive VM model does). So enable the functions that take care of this, which will avoid all sort of memory corruption upon restore leading domU to trample upon itself. Save/restore works again for amd64. The occasional domU frontend corruption is still present, but is harmless to dom0. Now we have a working shell and ddb inside domU, that helps debugging a tiny bit. XXX pull-up to -6. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.21 -r1.22 src/sys/arch/xen/x86/xen_pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/include/xenpmap.h diff -u src/sys/arch/xen/include/xenpmap.h:1.34 src/sys/arch/xen/include/xenpmap.h:1.35 --- src/sys/arch/xen/include/xenpmap.h:1.34 Fri Apr 20 22:23:24 2012 +++ src/sys/arch/xen/include/xenpmap.h Sun Jun 24 18:31:52 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xenpmap.h,v 1.34 2012/04/20 22:23:24 rmind Exp $ */ +/* $NetBSD: xenpmap.h,v 1.35 2012/06/24 18:31:52 jym Exp $ */ /* * @@ -58,11 +58,8 @@ void xen_bcast_invlpg(vaddr_t); void pmap_xen_resume(void); void pmap_xen_suspend(void); - -#ifdef PAE -void pmap_map_recursive_entries(void); -void pmap_unmap_recursive_entries(void); -#endif /* PAE */ +void pmap_map_recursive_entries(void); +void pmap_unmap_recursive_entries(void); #if defined(PAE) || defined(__x86_64__) void xen_kpm_sync(struct pmap *, int); Index: src/sys/arch/xen/x86/xen_pmap.c diff -u src/sys/arch/xen/x86/xen_pmap.c:1.21 src/sys/arch/xen/x86/xen_pmap.c:1.22 --- src/sys/arch/xen/x86/xen_pmap.c:1.21 Fri Apr 20 22:23:25 2012 +++ src/sys/arch/xen/x86/xen_pmap.c Sun Jun 24 18:31:53 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xen_pmap.c,v 1.21 2012/04/20 22:23:25 rmind Exp $ */ +/* $NetBSD: xen_pmap.c,v 1.22 2012/06/24 18:31:53 jym Exp $ */ /* * Copyright (c) 2007 Manuel Bouyer. @@ -102,7 +102,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: xen_pmap.c,v 1.21 2012/04/20 22:23:25 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: xen_pmap.c,v 1.22 2012/06/24 18:31:53 jym Exp $); #include opt_user_ldt.h #include opt_lockdebug.h @@ -241,9 +241,7 @@ pmap_extract_ma(struct pmap *pmap, vaddr void pmap_xen_suspend(void) { -#ifdef PAE pmap_unmap_recursive_entries(); -#endif xpq_flush_queue(); } @@ -251,14 +249,11 @@ pmap_xen_suspend(void) void pmap_xen_resume(void) { -#ifdef PAE pmap_map_recursive_entries(); -#endif xpq_flush_queue(); } -#ifdef PAE /* * NetBSD uses L2 shadow pages to support PAE with Xen. However, Xen does not * handle them correctly during save/restore, leading to incorrect page @@ -327,7 +322,6 @@ pmap_unmap_recursive_entries(void) 0); } } -#endif /* PAE */ #if defined(PAE) || defined(__x86_64__)
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Jun 24 13:56:10 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: Update comment: we stopped using xcall to sync PTP between CPUs. pmap_kpm_sync_xcall = xen_kpm_sync To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen
Module Name:src Committed By: jym Date: Sun Jun 24 18:31:53 UTC 2012 Modified Files: src/sys/arch/xen/include: xenpmap.h src/sys/arch/xen/x86: xen_pmap.c Log Message: Enable the map/unmap recursive mapping functions for all Xen ports for save/restore. For an unknown reason (to me) Xen refuses to update VM translations when the entry is pointing back to itself (which is precisely what our recursive VM model does). So enable the functions that take care of this, which will avoid all sort of memory corruption upon restore leading domU to trample upon itself. Save/restore works again for amd64. The occasional domU frontend corruption is still present, but is harmless to dom0. Now we have a working shell and ddb inside domU, that helps debugging a tiny bit. XXX pull-up to -6. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/arch/xen/include/xenpmap.h cvs rdiff -u -r1.21 -r1.22 src/sys/arch/xen/x86/xen_pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/kern
Module Name:src Committed By: jym Date: Tue Jun 5 22:28:11 UTC 2012 Modified Files: src/sys/kern: subr_pool.c Log Message: As pool reclaiming is unlikely to happen at interrupt or softint context, re-enable the portion of code that allows invalidation of CPU-bound pool caches. Two reasons: - CPU cached objects being invalidated, the probability of fetching an obsolete object from the pool_cache(9) is greatly reduced. This speeds up pool_cache_get() quite a bit as it does not have to keep destroying objects until it finds an updated one when an invalidation is in progress. - for situations where we have to ensure that no obsolete object remains after a state transition (canonical example: pmap mappings between Xen VM restoration), invalidating all pool_cache(9) is the safest way to go. As it uses xcall(9) to broadcast the execution of pool_cache_transfer(), pool_cache_invalidate() cannot be called from interrupt or softint context (scheduling a xcall(9) can put a LWP to sleep). pool_cache_xcall() = pool_cache_transfer() to reflect its use. Invalidation being a costly process (1000s objects may be destroyed), all places where pool_cache_invalidate() may be called from interrupt/softint context will now get caught by the proper KASSERT(), and fixed. Ping me when you see one. Tested under i386 and amd64 by running ATF suite within 64MiB HVM domains (tried triggering pgdaemon a few times). No objection on tech-kern@. XXX a similar fix has to be pulled up to NetBSD-6, but with a more conservative approach. See http://mail-index.netbsd.org/tech-kern/2012/05/29/msg013245.html To generate a diff of this commit: cvs rdiff -u -r1.195 -r1.196 src/sys/kern/subr_pool.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/kern/subr_pool.c diff -u src/sys/kern/subr_pool.c:1.195 src/sys/kern/subr_pool.c:1.196 --- src/sys/kern/subr_pool.c:1.195 Sat May 5 19:15:10 2012 +++ src/sys/kern/subr_pool.c Tue Jun 5 22:28:11 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_pool.c,v 1.195 2012/05/05 19:15:10 rmind Exp $ */ +/* $NetBSD: subr_pool.c,v 1.196 2012/06/05 22:28:11 jym Exp $ */ /*- * Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008, 2010 @@ -32,7 +32,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.195 2012/05/05 19:15:10 rmind Exp $); +__KERNEL_RCSID(0, $NetBSD: subr_pool.c,v 1.196 2012/06/05 22:28:11 jym Exp $); #include opt_ddb.h #include opt_lockdebug.h @@ -191,7 +191,7 @@ static bool pool_cache_get_slow(pool_cac static void pool_cache_cpu_init1(struct cpu_info *, pool_cache_t); static void pool_cache_invalidate_groups(pool_cache_t, pcg_t *); static void pool_cache_invalidate_cpu(pool_cache_t, u_int); -static void pool_cache_xcall(pool_cache_t); +static void pool_cache_transfer(pool_cache_t); static int pool_catchup(struct pool *); static void pool_prime_page(struct pool *, void *, @@ -1425,7 +1425,7 @@ pool_drain_start(struct pool **ppp, uint /* If there is a pool_cache, drain CPU level caches. */ *ppp = pp; if (pp-pr_cache != NULL) { - *wp = xc_broadcast(0, (xcfunc_t)pool_cache_xcall, + *wp = xc_broadcast(0, (xcfunc_t)pool_cache_transfer, pp-pr_cache, NULL); } } @@ -2007,31 +2007,39 @@ pool_cache_invalidate_groups(pool_cache_ * Note: For pool caches that provide constructed objects, there * is an assumption that another level of synchronization is occurring * between the input to the constructor and the cache invalidation. + * + * Invalidation is a costly process and should not be called from + * interrupt context. */ void pool_cache_invalidate(pool_cache_t pc) { - pcg_t *full, *empty, *part; -#if 0 uint64_t where; + pcg_t *full, *empty, *part; + + KASSERT(!cpu_intr_p() !cpu_softintr_p()); if (ncpu 2 || !mp_online) { /* * We might be called early enough in the boot process * for the CPU data structures to not be fully initialized. - * In this case, simply gather the local CPU's cache now - * since it will be the only one running. + * In this case, transfer the content of the local CPU's + * cache back into global cache as only this CPU is currently + * running. */ - pool_cache_xcall(pc); + pool_cache_transfer(pc); } else { /* - * Gather all of the CPU-specific caches into the - * global cache. + * Signal all CPUs that they must transfer their local + * cache back to the global pool then wait for the xcall to + * complete. */ - where = xc_broadcast(0, (xcfunc_t)pool_cache_xcall, pc, NULL); + where = xc_broadcast(0, (xcfunc_t)pool_cache_transfer, + pc, NULL); xc_wait(where); } -#endif + + /* Empty pool caches, then invalidate objects */ mutex_enter(pc-pc_lock); full = pc-pc_fullgroups; empty = pc-pc_emptygroups; @@ -2415,13 +2423,13 @@ pool_cache_put_paddr(pool_cache_t pc, vo } /* - * pool_cache_xcall: + * pool_cache_transfer: * * Transfer objects
CVS commit: src/sys/kern
Module Name:src Committed By: jym Date: Tue Jun 5 22:28:11 UTC 2012 Modified Files: src/sys/kern: subr_pool.c Log Message: As pool reclaiming is unlikely to happen at interrupt or softint context, re-enable the portion of code that allows invalidation of CPU-bound pool caches. Two reasons: - CPU cached objects being invalidated, the probability of fetching an obsolete object from the pool_cache(9) is greatly reduced. This speeds up pool_cache_get() quite a bit as it does not have to keep destroying objects until it finds an updated one when an invalidation is in progress. - for situations where we have to ensure that no obsolete object remains after a state transition (canonical example: pmap mappings between Xen VM restoration), invalidating all pool_cache(9) is the safest way to go. As it uses xcall(9) to broadcast the execution of pool_cache_transfer(), pool_cache_invalidate() cannot be called from interrupt or softint context (scheduling a xcall(9) can put a LWP to sleep). pool_cache_xcall() = pool_cache_transfer() to reflect its use. Invalidation being a costly process (1000s objects may be destroyed), all places where pool_cache_invalidate() may be called from interrupt/softint context will now get caught by the proper KASSERT(), and fixed. Ping me when you see one. Tested under i386 and amd64 by running ATF suite within 64MiB HVM domains (tried triggering pgdaemon a few times). No objection on tech-kern@. XXX a similar fix has to be pulled up to NetBSD-6, but with a more conservative approach. See http://mail-index.netbsd.org/tech-kern/2012/05/29/msg013245.html To generate a diff of this commit: cvs rdiff -u -r1.195 -r1.196 src/sys/kern/subr_pool.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jym Date: Tue Jun 5 22:51:47 UTC 2012 Modified Files: src/external/cddl/osnet/sys/kern: misc.c src/sys/kern: subr_pool.c src/sys/rump/librump/rumpkern: memalloc.c vm.c src/sys/sys: pool.h src/sys/uvm: uvm_pdaemon.c Log Message: Now that pool_cache_invalidate() is synchronous and can handle per-CPU caches, merge together pool_drain_start() and pool_drain_end() into bool pool_drain(struct pool **ppp); bool value indicates whether reclaiming was fully done (true) or not (false) ppp will contain a pointer to the pool that was drained (optional). See http://mail-index.netbsd.org/tech-kern/2012/06/04/msg013287.html To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/cddl/osnet/sys/kern/misc.c cvs rdiff -u -r1.196 -r1.197 src/sys/kern/subr_pool.c cvs rdiff -u -r1.15 -r1.16 src/sys/rump/librump/rumpkern/memalloc.c cvs rdiff -u -r1.126 -r1.127 src/sys/rump/librump/rumpkern/vm.c cvs rdiff -u -r1.74 -r1.75 src/sys/sys/pool.h cvs rdiff -u -r1.105 -r1.106 src/sys/uvm/uvm_pdaemon.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Mon May 7 12:12:04 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: db_memrw.c src/sys/arch/i386/i386: db_memrw.c Log Message: Use the current destination address to compute PTE, not the address of origin. Harmless, except when db_write_text() passes a page boundary. From Bug Hunting. XXX has to be pulled up to -5 and -6. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/sys/arch/amd64/amd64/db_memrw.c cvs rdiff -u -r1.28 -r1.29 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/db_memrw.c diff -u src/sys/arch/amd64/amd64/db_memrw.c:1.9 src/sys/arch/amd64/amd64/db_memrw.c:1.10 --- src/sys/arch/amd64/amd64/db_memrw.c:1.9 Wed Nov 23 01:15:02 2011 +++ src/sys/arch/amd64/amd64/db_memrw.c Mon May 7 12:12:04 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.9 2011/11/23 01:15:02 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -51,7 +51,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.9 2011/11/23 01:15:02 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $); #include sys/param.h #include sys/proc.h @@ -111,7 +111,7 @@ db_write_text(vaddr_t addr, size_t size, /* * Get the PTE for the page. */ - ppte = kvtopte(addr); + ppte = kvtopte((vaddr_t)dst); pte = *ppte; if ((pte PG_V) == 0) { Index: src/sys/arch/i386/i386/db_memrw.c diff -u src/sys/arch/i386/i386/db_memrw.c:1.28 src/sys/arch/i386/i386/db_memrw.c:1.29 --- src/sys/arch/i386/i386/db_memrw.c:1.28 Mon May 7 02:32:09 2012 +++ src/sys/arch/i386/i386/db_memrw.c Mon May 7 12:12:03 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.28 2012/05/07 02:32:09 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.29 2012/05/07 12:12:03 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -49,7 +49,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.28 2012/05/07 02:32:09 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.29 2012/05/07 12:12:03 jym Exp $); #include opt_xen.h @@ -111,7 +111,7 @@ db_write_text(vaddr_t addr, size_t size, /* * Get the PTE for the page. */ - ppte = kvtopte(addr); + ppte = kvtopte((vaddr_t)dst); pte = *ppte; if ((pte PG_V) == 0) {
CVS commit: src/sys/arch/amd64/amd64
Module Name:src Committed By: jym Date: Mon May 7 12:20:27 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: db_memrw.c Log Message: invlpg on a non canonical address is a noop, so no chance to invalidate the TLB and the CPU will not notice the access right change. This results in write protection faults in supervisor mode when patching kernel code through ddb(4) (originally mapped as read only). Bug reported by David Laight on port-amd64@ (thanks!), patch and test by me. i386 is unaffected as PG_LGFRAME does not mask the sign bits. For the sake of correctness, use VA_SIGN_NEG(...) anyway. XXX this is the patch that will be pulled-up to -5 and -6. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/arch/amd64/amd64/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/db_memrw.c diff -u src/sys/arch/amd64/amd64/db_memrw.c:1.10 src/sys/arch/amd64/amd64/db_memrw.c:1.11 --- src/sys/arch/amd64/amd64/db_memrw.c:1.10 Mon May 7 12:12:04 2012 +++ src/sys/arch/amd64/amd64/db_memrw.c Mon May 7 12:20:27 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.11 2012/05/07 12:20:27 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -51,7 +51,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.10 2012/05/07 12:12:04 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.11 2012/05/07 12:20:27 jym Exp $); #include sys/param.h #include sys/proc.h @@ -123,7 +123,7 @@ db_write_text(vaddr_t addr, size_t size, * Get the VA for the page. */ if (pte PG_PS) - pgva = (vaddr_t)dst PG_LGFRAME; + pgva = VA_SIGN_NEG((vaddr_t)dst PG_LGFRAME); else pgva = x86_trunc_page(dst);
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 12:23:05 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: For correctness: do not forget VA_SIGN_NEG(). To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/db_memrw.c diff -u src/sys/arch/i386/i386/db_memrw.c:1.29 src/sys/arch/i386/i386/db_memrw.c:1.30 --- src/sys/arch/i386/i386/db_memrw.c:1.29 Mon May 7 12:12:03 2012 +++ src/sys/arch/i386/i386/db_memrw.c Mon May 7 12:23:05 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.29 2012/05/07 12:12:03 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.30 2012/05/07 12:23:05 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -49,7 +49,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.29 2012/05/07 12:12:03 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.30 2012/05/07 12:23:05 jym Exp $); #include opt_xen.h @@ -123,7 +123,7 @@ db_write_text(vaddr_t addr, size_t size, * Get the VA for the page. */ if (pte PG_PS) - pgva = (vaddr_t)dst PG_LGFRAME; + pgva = VA_SIGN_NEG((vaddr_t)dst PG_LGFRAME); else pgva = x86_trunc_page((vaddr_t)dst);
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Mon May 7 17:45:29 UTC 2012 Modified Files: src/sys/arch/amd64/conf: files.amd64 src/sys/arch/i386/conf: files.i386 src/sys/arch/x86/conf: files.x86 src/sys/arch/xen/conf: files.xen Added Files: src/sys/arch/x86/x86: db_memrw.c Removed Files: src/sys/arch/amd64/amd64: db_memrw.c src/sys/arch/i386/i386: db_memrw.c Log Message: Merge i386 and amd64 version of db_memrw.c. Use this opportunity to skip calculating the VA of the page. Let the CPU deal with the invalidation itself through invlpg + destination address to avoid converting between canonical/non canonical forms. To generate a diff of this commit: cvs rdiff -u -r1.11 -r0 src/sys/arch/amd64/amd64/db_memrw.c cvs rdiff -u -r1.74 -r1.75 src/sys/arch/amd64/conf/files.amd64 cvs rdiff -u -r1.362 -r1.363 src/sys/arch/i386/conf/files.i386 cvs rdiff -u -r1.30 -r0 src/sys/arch/i386/i386/db_memrw.c cvs rdiff -u -r1.77 -r1.78 src/sys/arch/x86/conf/files.x86 cvs rdiff -u -r0 -r1.1 src/sys/arch/x86/x86/db_memrw.c cvs rdiff -u -r1.125 -r1.126 src/sys/arch/xen/conf/files.xen Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/conf/files.amd64 diff -u src/sys/arch/amd64/conf/files.amd64:1.74 src/sys/arch/amd64/conf/files.amd64:1.75 --- src/sys/arch/amd64/conf/files.amd64:1.74 Sun Nov 6 19:45:04 2011 +++ src/sys/arch/amd64/conf/files.amd64 Mon May 7 17:45:28 2012 @@ -1,4 +1,4 @@ -# $NetBSD: files.amd64,v 1.74 2011/11/06 19:45:04 christos Exp $ +# $NetBSD: files.amd64,v 1.75 2012/05/07 17:45:28 jym Exp $ # # new style config file for amd64 architecture # @@ -36,7 +36,6 @@ file arch/amd64/amd64/cpufunc.S file arch/amd64/amd64/db_disasm.c ddb file arch/amd64/amd64/db_interface.c ddb file arch/amd64/amd64/db_machdep.c ddb -file arch/amd64/amd64/db_memrw.c ddb | kgdb file arch/amd64/amd64/kobj_machdep.c modular file arch/amd64/amd64/kgdb_machdep.c kgdb file kern/subr_disk_mbr.c disk Index: src/sys/arch/i386/conf/files.i386 diff -u src/sys/arch/i386/conf/files.i386:1.362 src/sys/arch/i386/conf/files.i386:1.363 --- src/sys/arch/i386/conf/files.i386:1.362 Fri Nov 18 22:18:07 2011 +++ src/sys/arch/i386/conf/files.i386 Mon May 7 17:45:28 2012 @@ -1,4 +1,4 @@ -# $NetBSD: files.i386,v 1.362 2011/11/18 22:18:07 jmcneill Exp $ +# $NetBSD: files.i386,v 1.363 2012/05/07 17:45:28 jym Exp $ # # new style config file for i386 architecture # @@ -68,7 +68,6 @@ file arch/i386/i386/db_dbgreg.S ddb | ks file arch/i386/i386/db_disasm.c ddb file arch/i386/i386/db_interface.c ddb file arch/i386/i386/db_machdep.c ddb -file arch/i386/i386/db_memrw.c ddb | kgdb file arch/i386/i386/dumpsys.c file kern/subr_disk_mbr.c disk file kern/subr_spldebug.c spldebug Index: src/sys/arch/x86/conf/files.x86 diff -u src/sys/arch/x86/conf/files.x86:1.77 src/sys/arch/x86/conf/files.x86:1.78 --- src/sys/arch/x86/conf/files.x86:1.77 Fri Jan 13 21:46:00 2012 +++ src/sys/arch/x86/conf/files.x86 Mon May 7 17:45:29 2012 @@ -1,4 +1,4 @@ -# $NetBSD: files.x86,v 1.77 2012/01/13 21:46:00 martin Exp $ +# $NetBSD: files.x86,v 1.78 2012/05/07 17:45:29 jym Exp $ # options for MP configuration through the MP spec defflag opt_mpbios.h MPBIOS MPVERBOSE MPDEBUG MPBIOS_SCANPCI @@ -71,6 +71,7 @@ file arch/x86/x86/bus_space.c file arch/x86/x86/consinit.c file arch/x86/x86/core_machdep.c coredump file arch/x86/x86/cpu_topology.c +file arch/x86/x86/db_memrw.c ddb | kgdb file arch/x86/x86/db_trace.c ddb file arch/x86/x86/errata.c file arch/x86/x86/genfb_machdep.c Index: src/sys/arch/xen/conf/files.xen diff -u src/sys/arch/xen/conf/files.xen:1.125 src/sys/arch/xen/conf/files.xen:1.126 --- src/sys/arch/xen/conf/files.xen:1.125 Sat Jan 14 04:22:56 2012 +++ src/sys/arch/xen/conf/files.xen Mon May 7 17:45:29 2012 @@ -1,4 +1,4 @@ -# $NetBSD: files.xen,v 1.125 2012/01/14 04:22:56 pgoyette Exp $ +# $NetBSD: files.xen,v 1.126 2012/05/07 17:45:29 jym Exp $ # NetBSD: files.x86,v 1.10 2003/10/08 17:30:00 bouyer Exp # NetBSD: files.i386,v 1.254 2004/03/25 23:32:10 jmc Exp @@ -43,7 +43,6 @@ file arch/i386/i386/db_dbgreg.S ddb | ks file arch/i386/i386/db_disasm.c ddb file arch/i386/i386/db_interface.c ddb file arch/i386/i386/db_machdep.c ddb -file arch/i386/i386/db_memrw.c ddb | kgdb file arch/i386/i386/dumpsys.c file arch/i386/i386/gdt.c file arch/i386/i386/ipkdb_glue.c ipkdb @@ -72,7 +71,6 @@ file arch/amd64/amd64/cpu_in_cksum.S (i file arch/amd64/amd64/db_disasm.c ddb file arch/amd64/amd64/db_interface.c ddb file arch/amd64/amd64/db_machdep.c ddb -file arch/amd64/amd64/db_memrw.c ddb | kgdb file arch/amd64/amd64/kgdb_machdep.c kgdb file arch/amd64/amd64/kobj_machdep.c modular file arch/amd64/amd64/gdt.c @@ -84,6 +82,7 @@ file arch/amd64/amd64/lock_stubs.S endif file kern/subr_disk_mbr.c disk +file arch/x86/x86/db_memrw.c ddb | kgdb file
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Mon May 7 12:12:04 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: db_memrw.c src/sys/arch/i386/i386: db_memrw.c Log Message: Use the current destination address to compute PTE, not the address of origin. Harmless, except when db_write_text() passes a page boundary. From Bug Hunting. XXX has to be pulled up to -5 and -6. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/sys/arch/amd64/amd64/db_memrw.c cvs rdiff -u -r1.28 -r1.29 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 02:12:35 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: I am not quite sure that __data_start (set through location counter) is a char... declare it as int, like amd64. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/db_memrw.c diff -u src/sys/arch/i386/i386/db_memrw.c:1.25 src/sys/arch/i386/i386/db_memrw.c:1.26 --- src/sys/arch/i386/i386/db_memrw.c:1.25 Tue Mar 10 20:05:30 2009 +++ src/sys/arch/i386/i386/db_memrw.c Mon May 7 02:12:35 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.25 2009/03/10 20:05:30 bouyer Exp $ */ +/* $NetBSD: db_memrw.c,v 1.26 2012/05/07 02:12:35 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -49,7 +49,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.25 2009/03/10 20:05:30 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.26 2012/05/07 02:12:35 jym Exp $); #include opt_xen.h @@ -186,7 +186,7 @@ db_write_text(vaddr_t addr, size_t size, void db_write_bytes(vaddr_t addr, size_t size, const char *data) { - extern char __data_start; + extern int __data_start; char *dst; dst = (char *)addr;
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 02:15:34 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: Remove XXXSMP comment and explain why no TLB shootdown is required here. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/db_memrw.c diff -u src/sys/arch/i386/i386/db_memrw.c:1.26 src/sys/arch/i386/i386/db_memrw.c:1.27 --- src/sys/arch/i386/i386/db_memrw.c:1.26 Mon May 7 02:12:35 2012 +++ src/sys/arch/i386/i386/db_memrw.c Mon May 7 02:15:34 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.26 2012/05/07 02:12:35 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.27 2012/05/07 02:15:34 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -49,7 +49,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.26 2012/05/07 02:12:35 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.27 2012/05/07 02:15:34 jym Exp $); #include opt_xen.h @@ -161,22 +161,13 @@ db_write_text(vaddr_t addr, size_t size, */ pmap_pte_set(pte, oldpte); pmap_pte_flush(); -#if 0 + pmap_update_pg(pgva); /* - * XXXSMP Not clear if this is needed for 100% correctness. + * MULTIPROCESSOR: no shootdown required as all other CPUs + * should be in CPUF_PAUSE state and will not cache the PTE + * with the write access set. */ - { - int cpumask = 0; - /* - * shoot down in case other CPU mistakenly caches page. - */ - pmap_tlb_shootdown(pmap_kernel(), pgva, 0, PG_G); - pmap_tlb_shootwait(); - } -#else - pmap_update_pg(pgva); -#endif - + } while (size != 0); }
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 02:32:09 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: Use pmap_pte_*bits macros to set/clear bits in a PTE. Remove pmap_pte_flush calls as these operations are synchronously flushed under Xen; they should not be cached. XXX the code can be shared between i386 and amd64, but I will merge them once I figure out why db_write_text() can cause page faults for certain CPUs in long mode (code looks correct, but single stepping or adding debug printf's makes the bug magically disappear... sigh) Bug reported by David Laight on port-amd64@ when attempting to set breakpoints through ddb(4). To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/db_memrw.c diff -u src/sys/arch/i386/i386/db_memrw.c:1.27 src/sys/arch/i386/i386/db_memrw.c:1.28 --- src/sys/arch/i386/i386/db_memrw.c:1.27 Mon May 7 02:15:34 2012 +++ src/sys/arch/i386/i386/db_memrw.c Mon May 7 02:32:09 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: db_memrw.c,v 1.27 2012/05/07 02:15:34 jym Exp $ */ +/* $NetBSD: db_memrw.c,v 1.28 2012/05/07 02:32:09 jym Exp $ */ /*- * Copyright (c) 1996, 2000 The NetBSD Foundation, Inc. @@ -49,7 +49,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.27 2012/05/07 02:15:34 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: db_memrw.c,v 1.28 2012/05/07 02:32:09 jym Exp $); #include opt_xen.h @@ -97,7 +97,7 @@ db_read_bytes(vaddr_t addr, size_t size, static void db_write_text(vaddr_t addr, size_t size, const char *data) { - pt_entry_t *pte, oldpte, tmppte; + pt_entry_t *ppte, pte; vaddr_t pgva; size_t limit; char *dst; @@ -111,10 +111,10 @@ db_write_text(vaddr_t addr, size_t size, /* * Get the PTE for the page. */ - pte = kvtopte(addr); - oldpte = *pte; + ppte = kvtopte(addr); + pte = *ppte; - if ((oldpte PG_V) == 0) { + if ((pte PG_V) == 0) { printf( address %p not a valid page\n, dst); return; } @@ -122,7 +122,7 @@ db_write_text(vaddr_t addr, size_t size, /* * Get the VA for the page. */ - if (oldpte PG_PS) + if (pte PG_PS) pgva = (vaddr_t)dst PG_LGFRAME; else pgva = x86_trunc_page((vaddr_t)dst); @@ -132,7 +132,7 @@ db_write_text(vaddr_t addr, size_t size, * with this mapping and subtract it from the * total size. */ - if (oldpte PG_PS) + if (pte PG_PS) limit = NBPD_L2 - ((vaddr_t)dst (NBPD_L2 - 1)); else limit = PAGE_SIZE - ((vaddr_t)dst PGOFSET); @@ -140,9 +140,11 @@ db_write_text(vaddr_t addr, size_t size, limit = size; size -= limit; - tmppte = (oldpte ~PG_KR) | PG_KW; - pmap_pte_set(pte, tmppte); - pmap_pte_flush(); + /* + * Make the kernel text page writable. + */ + pmap_pte_clearbits(ppte, PG_KR); + pmap_pte_setbits(ppte, PG_KW); pmap_update_pg(pgva); /* * MULTIPROCESSOR: no shootdown required as the PTE continues to @@ -157,10 +159,10 @@ db_write_text(vaddr_t addr, size_t size, *dst++ = *data++; /* - * Restore the old PTE. + * Turn the page back to read-only. */ - pmap_pte_set(pte, oldpte); - pmap_pte_flush(); + pmap_pte_clearbits(ppte, PG_KW); + pmap_pte_setbits(ppte, PG_KR); pmap_update_pg(pgva); /* * MULTIPROCESSOR: no shootdown required as all other CPUs
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 02:12:35 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: I am not quite sure that __data_start (set through location counter) is a char... declare it as int, like amd64. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Mon May 7 02:32:09 UTC 2012 Modified Files: src/sys/arch/i386/i386: db_memrw.c Log Message: Use pmap_pte_*bits macros to set/clear bits in a PTE. Remove pmap_pte_flush calls as these operations are synchronously flushed under Xen; they should not be cached. XXX the code can be shared between i386 and amd64, but I will merge them once I figure out why db_write_text() can cause page faults for certain CPUs in long mode (code looks correct, but single stepping or adding debug printf's makes the bug magically disappear... sigh) Bug reported by David Laight on port-amd64@ when attempting to set breakpoints through ddb(4). To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/i386/i386/db_memrw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Sat May 5 15:08:29 UTC 2012 Modified Files: src/sys/arch/x86/include: specialreg.h Log Message: Add latest CR4 bits: - CR4_VMXE: VMX operations, used for hardware virtualization. - CR4_SMXE: SMX operations, used for safer Mode Extensions (ground for Intel's TXT - Trusted Execution Technology - platform). - CR4_FSGSBASE: enable *FSBASE and *GSBASE instructions, for R/W access to FS/GS segment base addresses. - CR4_PCIDE: enable Process Context IDentifiers (other architectures may call these address space identifiers). - CR4_OSXSAVE: enable xsave and xrestore instructions - CR4_SMEP: Supervisor Mode Execution Prevention. Allows enforcing --x rights from cpl 0. From Intel® 64 and IA-32 Architectures Software Developer’s Manual, March 2012. Align declarations. CPUID_* bits for these features follow. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/specialreg.h diff -u src/sys/arch/x86/include/specialreg.h:1.58 src/sys/arch/x86/include/specialreg.h:1.59 --- src/sys/arch/x86/include/specialreg.h:1.58 Mon Apr 30 00:04:31 2012 +++ src/sys/arch/x86/include/specialreg.h Sat May 5 15:08:29 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: specialreg.h,v 1.58 2012/04/30 00:04:31 christos Exp $ */ +/* $NetBSD: specialreg.h,v 1.59 2012/05/05 15:08:29 jym Exp $ */ /*- * Copyright (c) 1991 The Regents of the University of California. @@ -68,20 +68,26 @@ /* the remaining 7 bits of this register are reserved */ /* - * bits in the pentiums %cr4 register: + * bits in the %cr4 control register: */ +#define CR4_VME 0x0001 /* virtual 8086 mode extension enable */ +#define CR4_PVI 0x0002 /* protected mode virtual interrupt enable */ +#define CR4_TSD 0x0004 /* restrict RDTSC instruction to cpl 0 */ +#define CR4_DE 0x0008 /* debugging extension */ +#define CR4_PSE 0x0010 /* large (4MB) page size enable */ +#define CR4_PAE 0x0020 /* physical address extension enable */ +#define CR4_MCE 0x0040 /* machine check enable */ +#define CR4_PGE 0x0080 /* page global enable */ +#define CR4_PCE 0x0100 /* enable RDPMC instruction for all cpls */ +#define CR4_OSFXSR 0x0200 /* enable fxsave/fxrestor and SSE */ +#define CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ +#define CR4_VMXE 0x2000 /* enable VMX operations */ +#define CR4_SMXE 0x4000 /* enable SMX operations */ +#define CR4_FSGSBASE 0x0001 /* enable *FSBASE and *GSBASE instructions */ +#define CR4_PCIDE 0x0002 /* enable Process Context IDentifiers */ +#define CR4_OSXSAVE 0x0004 /* enable xsave and xrestore */ +#define CR4_SMEP 0x0010 /* enable SMEP support */ -#define CR4_VME 0x0001 /* virtual 8086 mode extension enable */ -#define CR4_PVI 0x0002 /* protected mode virtual interrupt enable */ -#define CR4_TSD 0x0004 /* restrict RDTSC instruction to cpl 0 only */ -#define CR4_DE 0x0008 /* debugging extension */ -#define CR4_PSE 0x0010 /* large (4MB) page size enable */ -#define CR4_PAE 0x0020 /* physical address extension enable */ -#define CR4_MCE 0x0040 /* machine check enable */ -#define CR4_PGE 0x0080 /* page global enable */ -#define CR4_PCE 0x0100 /* enable RDPMC instruction for all cpls */ -#define CR4_OSFXSR 0x0200 /* enable fxsave/fxrestor and SSE */ -#define CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ /* * CPUID features bits
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Sat May 5 15:08:29 UTC 2012 Modified Files: src/sys/arch/x86/include: specialreg.h Log Message: Add latest CR4 bits: - CR4_VMXE: VMX operations, used for hardware virtualization. - CR4_SMXE: SMX operations, used for safer Mode Extensions (ground for Intel's TXT - Trusted Execution Technology - platform). - CR4_FSGSBASE: enable *FSBASE and *GSBASE instructions, for R/W access to FS/GS segment base addresses. - CR4_PCIDE: enable Process Context IDentifiers (other architectures may call these address space identifiers). - CR4_OSXSAVE: enable xsave and xrestore instructions - CR4_SMEP: Supervisor Mode Execution Prevention. Allows enforcing --x rights from cpl 0. From Intel® 64 and IA-32 Architectures Software Developer’s Manual, March 2012. Align declarations. CPUID_* bits for these features follow. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sys/arch/x86/include/specialreg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man2
Module Name:src Committed By: jym Date: Mon Apr 23 17:44:39 UTC 2012 Modified Files: src/share/man/man2: siginfo.2 Log Message: Note that si_addr may be inaccurate on certain architectures. Example: i386/amd64 alignement fault can drive to SIGBUS (when configured so by process), however the faulty address returned by the CPU is not reliable. Bump date. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/share/man/man2/siginfo.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man2/siginfo.2 diff -u src/share/man/man2/siginfo.2:1.5 src/share/man/man2/siginfo.2:1.6 --- src/share/man/man2/siginfo.2:1.5 Mon Jul 26 12:50:52 2010 +++ src/share/man/man2/siginfo.2 Mon Apr 23 17:44:39 2012 @@ -1,4 +1,4 @@ -.\ $NetBSD: siginfo.2,v 1.5 2010/07/26 12:50:52 christos Exp $ +.\ $NetBSD: siginfo.2,v 1.6 2012/04/23 17:44:39 jym Exp $ .\ .\ Copyright (c) 2003 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd July 26, 2010 +.Dd April 23, 2012 .Dt SIGINFO 2 .Os .Sh NAME @@ -280,6 +280,11 @@ contains the address of the faulting dat .Fa si_trap contains a hardware specific reason. .Pp +For some architectures +the value of +.Fa si_addr +may be inaccurate. +.Pp For .Dv SIGPOLL the
CVS commit: src/share/man/man2
Module Name:src Committed By: jym Date: Mon Apr 23 17:44:39 UTC 2012 Modified Files: src/share/man/man2: siginfo.2 Log Message: Note that si_addr may be inaccurate on certain architectures. Example: i386/amd64 alignement fault can drive to SIGBUS (when configured so by process), however the faulty address returned by the CPU is not reliable. Bump date. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/share/man/man2/siginfo.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/tests/lib/libc/gen (address alignment)
Le 21/04/12 14:50, Jean-Yves Migeon a écrit : The machine did not drop into ddb, it simply rebooted. Unfortunately it did not leave a core dump behind, so I don't have much to look at just yet. When I get home later today, I will try to get more info. BTW, this occurred while running the ATF test from a non-privileged user, so if there's a bug lurking in these recent changes, it could be considered to be a security vulnerability - non-priv user should not be able to crash the box... :) Okay, thanks for the report. So this rules out Virtual Box, it seems to happen on native amd64 too. I am taking a look right now. This seems to be a bug in the trap handling code. The signal is caught correctly (it reaches T_ALIGNFLT|T_USER in trap()), but things blow up just after: we end signalling the process with a SIGILL (which does not come from trap()). Using 32 bits compat mode (cc -m 32) also causes the crash. So something in e_trapsignal() or userret() goes wrong. Still digging. -- jym@
Re: CVS commit: src/tests/lib/libc/gen (address alignment)
Le 21/04/12 19:47, Christoph Egger a écrit : rip 0x0 and rsp 0x50202 look really abnormal to me. I'll have a look in FreeBSD, that's probably a group of exceptions that have to be handled differently. rip 0x0 often means that a function pointer has been called which is NULL. Christoph Yep, but the bug seems to be a displaced stack here; the information is pushed correctly, but with an offset. Looking at FreeBSD interrupt code, some exceptions have the tf_err value already pushed by the CPU, so no need to do it twice. I have sent a small patch to Paul for testing, it fixes the bug in my VM. Hope that this fixes the bug natively too. -- jym@
Re: CVS commit: src/sys/arch/amd64/amd64
Le 21/04/12 23:25, Christos Zoulas a écrit : In article4f930a8c.6040...@free.fr, Jean-Yves Migeonjeanyves.mig...@free.fr wrote: Le 21/04/12 20:52, Christos Zoulas a écrit : Module Name:src Committed By: christos Date: Sat Apr 21 18:52:37 UTC 2012 Modified Files: src/sys/arch/amd64/amd64: vector.S Log Message: Alignment fault traps push the error code automatically, so don't use ZTRAP! Meh, the fix was awaiting Paul testing... Alright, so I guess this one is right. Even if Paul's testing discovered that the fix did not work for the emulator, wouldn't you commit it so that at least things work on real hardware? It's the other way around; the bug was rather harmless in VMs (kills the process with a SIGILL), while it force-reboot the host on a native platform. I could not know that the fix works on real hardware, that's why I was waiting for Paul's response. Do you want me to ask for a pull-up? Sure, thanks. Will do. -- jym@
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Fri Apr 20 18:28:43 UTC 2012 Modified Files: src/sys/arch/x86/include: psl.h Log Message: PSL_AC is user-settable. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/arch/x86/include/psl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/psl.h diff -u src/sys/arch/x86/include/psl.h:1.6 src/sys/arch/x86/include/psl.h:1.7 --- src/sys/arch/x86/include/psl.h:1.6 Thu Sep 18 21:09:18 2008 +++ src/sys/arch/x86/include/psl.h Fri Apr 20 18:28:43 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: psl.h,v 1.6 2008/09/18 21:09:18 dsl Exp $ */ +/* $NetBSD: psl.h,v 1.7 2012/04/20 18:28:43 jym Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -71,7 +71,7 @@ #define PSL_USERSTATIC (PSL_MBO | PSL_MBZ | PSL_I | PSL_IOPL | PSL_NT | PSL_VM | PSL_VIF | PSL_VIP) #endif #define PSL_USER (PSL_C | PSL_PF | PSL_AF | PSL_Z | PSL_N | \ -PSL_T | PSL_V | PSL_D) +PSL_T | PSL_V | PSL_D | PSL_AC) #define PSL_CLEARSIG (PSL_T | PSL_VM | PSL_AC | PSL_D)
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Fri Apr 20 18:28:43 UTC 2012 Modified Files: src/sys/arch/x86/include: psl.h Log Message: PSL_AC is user-settable. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/arch/x86/include/psl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Thu Apr 19 18:00:35 UTC 2012 Modified Files: src/sys/arch/amd64/acpi: acpi_wakecode.S src/sys/arch/amd64/amd64: locore.S mptramp.S src/sys/arch/i386/acpi: acpi_wakecode.S src/sys/arch/i386/i386: locore.S mptramp.S Log Message: Set the CR0_AM bit so processes can enable alignment check errors under x86 through PSL_AC bit. ATF test incoming shortly. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/arch/amd64/acpi/acpi_wakecode.S cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/amd64/locore.S cvs rdiff -u -r1.12 -r1.13 src/sys/arch/amd64/amd64/mptramp.S cvs rdiff -u -r1.14 -r1.15 src/sys/arch/i386/acpi/acpi_wakecode.S cvs rdiff -u -r1.97 -r1.98 src/sys/arch/i386/i386/locore.S cvs rdiff -u -r1.22 -r1.23 src/sys/arch/i386/i386/mptramp.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/acpi/acpi_wakecode.S diff -u src/sys/arch/amd64/acpi/acpi_wakecode.S:1.10 src/sys/arch/amd64/acpi/acpi_wakecode.S:1.11 --- src/sys/arch/amd64/acpi/acpi_wakecode.S:1.10 Mon Aug 24 22:06:50 2009 +++ src/sys/arch/amd64/acpi/acpi_wakecode.S Thu Apr 19 18:00:34 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: acpi_wakecode.S,v 1.10 2009/08/24 22:06:50 jmcneill Exp $ */ +/* $NetBSD: acpi_wakecode.S,v 1.11 2012/04/19 18:00:34 jym Exp $ */ /*- * Copyright (c) 2007 Joerg Sonnenberger jo...@netbsd.org @@ -198,7 +198,7 @@ wakeup_32: /* Enable paging */ movl %cr0,%eax - orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP),%eax + orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP|CR0_AM),%eax movl %eax,%cr0 /* Flush prefetch queue */ jmp 1f Index: src/sys/arch/amd64/amd64/locore.S diff -u src/sys/arch/amd64/amd64/locore.S:1.67 src/sys/arch/amd64/amd64/locore.S:1.68 --- src/sys/arch/amd64/amd64/locore.S:1.67 Fri Feb 24 08:06:07 2012 +++ src/sys/arch/amd64/amd64/locore.S Thu Apr 19 18:00:34 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.67 2012/02/24 08:06:07 cherry Exp $ */ +/* $NetBSD: locore.S,v 1.68 2012/04/19 18:00:34 jym Exp $ */ /* * Copyright-o-rama! @@ -626,7 +626,7 @@ start: movw $0x1234,0x472 # warm boot * 4. Enable paging and the rest of it. */ movl %cr0,%eax - orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP),%eax + orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP|CR0_AM),%eax movl %eax,%cr0 jmp compat compat: Index: src/sys/arch/amd64/amd64/mptramp.S diff -u src/sys/arch/amd64/amd64/mptramp.S:1.12 src/sys/arch/amd64/amd64/mptramp.S:1.13 --- src/sys/arch/amd64/amd64/mptramp.S:1.12 Tue Apr 20 15:42:21 2010 +++ src/sys/arch/amd64/amd64/mptramp.S Thu Apr 19 18:00:34 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: mptramp.S,v 1.12 2010/04/20 15:42:21 jym Exp $ */ +/* $NetBSD: mptramp.S,v 1.13 2012/04/19 18:00:34 jym Exp $ */ /*- * Copyright (c) 2000 The NetBSD Foundation, Inc. @@ -173,7 +173,7 @@ _TRMP_LABEL(mp_startup) movl%ecx,%cr3 # load ptd addr into mmu movl%cr0,%eax # get control word -orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP),%eax +orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_MP|CR0_WP|CR0_AM),%eax movl%eax,%cr0 jmp mptramp_compat mptramp_compat: Index: src/sys/arch/i386/acpi/acpi_wakecode.S diff -u src/sys/arch/i386/acpi/acpi_wakecode.S:1.14 src/sys/arch/i386/acpi/acpi_wakecode.S:1.15 --- src/sys/arch/i386/acpi/acpi_wakecode.S:1.14 Mon Aug 24 10:16:12 2009 +++ src/sys/arch/i386/acpi/acpi_wakecode.S Thu Apr 19 18:00:34 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: acpi_wakecode.S,v 1.14 2009/08/24 10:16:12 jmcneill Exp $ */ +/* $NetBSD: acpi_wakecode.S,v 1.15 2012/04/19 18:00:34 jym Exp $ */ /*- * Copyright (c) 2002 The NetBSD Foundation, Inc. @@ -165,7 +165,7 @@ wakeup_32: movl WAKEUP_r_cr3 + ACPI_WAKEUP_ADDR,%eax movl %eax,%cr3 movl %cr0,%eax - orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_EM|CR0_MP|CR0_WP),%eax + orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_EM|CR0_MP|CR0_WP|CR0_AM),%eax movl %eax,%cr0 /* Flush the prefetch queue */ Index: src/sys/arch/i386/i386/locore.S diff -u src/sys/arch/i386/i386/locore.S:1.97 src/sys/arch/i386/i386/locore.S:1.98 --- src/sys/arch/i386/i386/locore.S:1.97 Fri Mar 2 16:43:31 2012 +++ src/sys/arch/i386/i386/locore.S Thu Apr 19 18:00:35 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.97 2012/03/02 16:43:31 bouyer Exp $ */ +/* $NetBSD: locore.S,v 1.98 2012/04/19 18:00:35 jym Exp $ */ /* * Copyright-o-rama! @@ -129,7 +129,7 @@ */ #include machine/asm.h -__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.97 2012/03/02 16:43:31 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.98 2012/04/19 18:00:35 jym Exp $); #include opt_compat_oldboot.h #include opt_ddb.h @@ -682,7 +682,7 @@ try586: /* Use the `cpuid' instruction. */ movl %cr0,%eax # get control word # enable paging NPX emulation - orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_EM|CR0_MP),%eax + orl
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Thu Apr 19 18:07:05 UTC 2012 Modified Files: src/sys/arch/i386/i386: locore.S Log Message: Mirror what is done for amd64 boot and ACPI wakeup code by setting CR0_WP (write protection bit) early on boot. Although it is set later via cpu_init(), this can help tracking down invalid writes to pages mapped as read only from ring 0. No regression observed when booting under anita (QEMU) or a P4 host. Depending on your hardware or setup, you may trigger code paths I have overlooked. So if your machine does not start properly, or you get page faults early during boot, please report them to me. To generate a diff of this commit: cvs rdiff -u -r1.98 -r1.99 src/sys/arch/i386/i386/locore.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/i386/i386/locore.S diff -u src/sys/arch/i386/i386/locore.S:1.98 src/sys/arch/i386/i386/locore.S:1.99 --- src/sys/arch/i386/i386/locore.S:1.98 Thu Apr 19 18:00:35 2012 +++ src/sys/arch/i386/i386/locore.S Thu Apr 19 18:07:05 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: locore.S,v 1.98 2012/04/19 18:00:35 jym Exp $ */ +/* $NetBSD: locore.S,v 1.99 2012/04/19 18:07:05 jym Exp $ */ /* * Copyright-o-rama! @@ -129,7 +129,7 @@ */ #include machine/asm.h -__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.98 2012/04/19 18:00:35 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: locore.S,v 1.99 2012/04/19 18:07:05 jym Exp $); #include opt_compat_oldboot.h #include opt_ddb.h @@ -682,7 +682,7 @@ try586: /* Use the `cpuid' instruction. */ movl %cr0,%eax # get control word # enable paging NPX emulation - orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_EM|CR0_MP|CR0_AM),%eax + orl $(CR0_PE|CR0_PG|CR0_NE|CR0_TS|CR0_EM|CR0_MP|CR0_WP|CR0_AM),%eax movl %eax,%cr0 # and page NOW! pushl $begin # jump to high mem
CVS commit: src/tests/lib/libc/gen
Module Name:src Committed By: jym Date: Fri Apr 20 00:40:32 UTC 2012 Modified Files: src/tests/lib/libc/gen: t_siginfo.c Log Message: ATF test for SIGBUS = BUS_ADRALN (invalid address alignment). That one is tedious to test under x86: alignment exceptions are not reported by this architecture unless you ask for them explicitely (by setting the PSL_AC bit). The brokenness does not end there: %cr2 should contain the address where the unaligned access occured, alas, it does not. I am not aware of other architectures where this could happen. Still, my knowledge is limited; if there is one, feel free to send me a mail and I will update the test accordingly. Adding insult to injury, this test can fail in various funny ways with VMs: - under x86 QEMU, no trap() happens. As ring 3 code stays almost untouched by QEMU VMM, I suppose the exception can only be triggered when the host itself is capable of catching unaligned accesses. - under Virtual Box with HVM support, i386 works fine, but amd64 fails with a SIGILL (Illegal instruction) that happens right before entering the signal handler. No idea why, and trying to debug it with gdb freezes the VM (including ddb breaks). Anyway, tested with: - i386: P4 host, anita, Virtual Box HVM (Mac OS X) - amd64: anita, Virtual Box HVM (Mac OS X) XXX I would appreciate if someone could test it under a real amd64 host with an up-to-date kernel, so I can reasonably assume that the culprit is Virtual Box and not our amd64 port (my test machine being off line I cannot do it myself). Results from other arches would be a plus too. Initial issue reported by Nicolas Joly on port-amd64. Thanks! To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/tests/lib/libc/gen/t_siginfo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/lib/libc/gen/t_siginfo.c diff -u src/tests/lib/libc/gen/t_siginfo.c:1.14 src/tests/lib/libc/gen/t_siginfo.c:1.15 --- src/tests/lib/libc/gen/t_siginfo.c:1.14 Sun Mar 18 07:14:08 2012 +++ src/tests/lib/libc/gen/t_siginfo.c Fri Apr 20 00:40:31 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: t_siginfo.c,v 1.14 2012/03/18 07:14:08 jruoho Exp $ */ +/* $NetBSD: t_siginfo.c,v 1.15 2012/04/20 00:40:31 jym Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -48,6 +48,9 @@ #include ieeefp.h #endif +/* for sigbus */ +char *addr; + /* for sigchild */ pid_t child; int code; @@ -405,6 +408,70 @@ ATF_TC_BODY(sigsegv, tc) atf_tc_fail(Test did not fault as expected); } +static void +sigbus_action(int signo, siginfo_t *info, void *ptr) +{ + + sig_debug(signo, info, (ucontext_t *)ptr); + + ATF_REQUIRE_EQ(info-si_signo, SIGBUS); + ATF_REQUIRE_EQ(info-si_errno, 0); + ATF_REQUIRE_EQ(info-si_code, BUS_ADRALN); + + if (strcmp(atf_config_get(atf_arch), i386) == 0 || + strcmp(atf_config_get(atf_arch), x86_64) == 0) { + atf_tc_expect_fail(x86 architecture does not correctly + report the address where the unaligned access occured); + } + + ATF_REQUIRE_EQ(info-si_addr, (void *)addr); + atf_tc_pass(); + /* NOTREACHED */ +} + +ATF_TC(sigbus_adraln); +ATF_TC_HEAD(sigbus_adraln, tc) +{ + + atf_tc_set_md_var(tc, descr, + Checks that signal trampoline correctly calls SIGBUS handler + for invalid address alignment); +} + +ATF_TC_BODY(sigbus_adraln, tc) +{ + struct sigaction sa; + + sa.sa_flags = SA_SIGINFO; + sa.sa_sigaction = sigbus_action; + sigemptyset(sa.sa_mask); + sigaction(SIGBUS, sa, NULL); + + /* Enable alignement checks for x86. 0x4 is PSL_AC. */ +#if defined(__i386__) + __asm__(pushf; orl $0x4, (%esp); popf); +#elif defined(__amd64__) + __asm__(pushf; orl $0x4, (%rsp); popf); +#endif + + addr = calloc(2, sizeof(int)); + ATF_REQUIRE(addr != NULL); + + if (strcmp(atf_config_get(atf_arch), i386) == 0 || + strcmp(atf_config_get(atf_arch), x86_64) == 0) { + if (system(cpuctl identify 0 | grep -q QEMU) == 0) { + atf_tc_expect_fail(QEMU fails to trap unaligned + accesses); + } + } + + /* Force an unaligned access */ + addr++; + ATF_REQUIRE_EQ(*(volatile int *)addr, 0); + + atf_tc_fail(Test did not fault as expected); +} + ATF_TP_ADD_TCS(tp) { @@ -415,6 +482,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, sigfpe_flt); ATF_TP_ADD_TC(tp, sigfpe_int); ATF_TP_ADD_TC(tp, sigsegv); + ATF_TP_ADD_TC(tp, sigbus_adraln); return atf_no_error(); }
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Thu Apr 19 18:00:35 UTC 2012 Modified Files: src/sys/arch/amd64/acpi: acpi_wakecode.S src/sys/arch/amd64/amd64: locore.S mptramp.S src/sys/arch/i386/acpi: acpi_wakecode.S src/sys/arch/i386/i386: locore.S mptramp.S Log Message: Set the CR0_AM bit so processes can enable alignment check errors under x86 through PSL_AC bit. ATF test incoming shortly. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/arch/amd64/acpi/acpi_wakecode.S cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/amd64/locore.S cvs rdiff -u -r1.12 -r1.13 src/sys/arch/amd64/amd64/mptramp.S cvs rdiff -u -r1.14 -r1.15 src/sys/arch/i386/acpi/acpi_wakecode.S cvs rdiff -u -r1.97 -r1.98 src/sys/arch/i386/i386/locore.S cvs rdiff -u -r1.22 -r1.23 src/sys/arch/i386/i386/mptramp.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/i386/i386
Module Name:src Committed By: jym Date: Thu Apr 19 18:07:05 UTC 2012 Modified Files: src/sys/arch/i386/i386: locore.S Log Message: Mirror what is done for amd64 boot and ACPI wakeup code by setting CR0_WP (write protection bit) early on boot. Although it is set later via cpu_init(), this can help tracking down invalid writes to pages mapped as read only from ring 0. No regression observed when booting under anita (QEMU) or a P4 host. Depending on your hardware or setup, you may trigger code paths I have overlooked. So if your machine does not start properly, or you get page faults early during boot, please report them to me. To generate a diff of this commit: cvs rdiff -u -r1.98 -r1.99 src/sys/arch/i386/i386/locore.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/tests/lib/libc/gen
Module Name:src Committed By: jym Date: Fri Apr 20 00:40:32 UTC 2012 Modified Files: src/tests/lib/libc/gen: t_siginfo.c Log Message: ATF test for SIGBUS = BUS_ADRALN (invalid address alignment). That one is tedious to test under x86: alignment exceptions are not reported by this architecture unless you ask for them explicitely (by setting the PSL_AC bit). The brokenness does not end there: %cr2 should contain the address where the unaligned access occured, alas, it does not. I am not aware of other architectures where this could happen. Still, my knowledge is limited; if there is one, feel free to send me a mail and I will update the test accordingly. Adding insult to injury, this test can fail in various funny ways with VMs: - under x86 QEMU, no trap() happens. As ring 3 code stays almost untouched by QEMU VMM, I suppose the exception can only be triggered when the host itself is capable of catching unaligned accesses. - under Virtual Box with HVM support, i386 works fine, but amd64 fails with a SIGILL (Illegal instruction) that happens right before entering the signal handler. No idea why, and trying to debug it with gdb freezes the VM (including ddb breaks). Anyway, tested with: - i386: P4 host, anita, Virtual Box HVM (Mac OS X) - amd64: anita, Virtual Box HVM (Mac OS X) XXX I would appreciate if someone could test it under a real amd64 host with an up-to-date kernel, so I can reasonably assume that the culprit is Virtual Box and not our amd64 port (my test machine being off line I cannot do it myself). Results from other arches would be a plus too. Initial issue reported by Nicolas Joly on port-amd64. Thanks! To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/tests/lib/libc/gen/t_siginfo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Mar 11 16:16:44 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: Typo fix. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/x86/cpu.c diff -u src/sys/arch/xen/x86/cpu.c:1.89 src/sys/arch/xen/x86/cpu.c:1.90 --- src/sys/arch/xen/x86/cpu.c:1.89 Sat Feb 25 18:57:50 2012 +++ src/sys/arch/xen/x86/cpu.c Sun Mar 11 16:16:44 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu.c,v 1.89 2012/02/25 18:57:50 bouyer Exp $ */ +/* $NetBSD: cpu.c,v 1.90 2012/03/11 16:16:44 jym Exp $ */ /* NetBSD: cpu.c,v 1.18 2004/02/20 17:35:01 yamt Exp */ /*- @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.89 2012/02/25 18:57:50 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.90 2012/03/11 16:16:44 jym Exp $); #include opt_ddb.h #include opt_multiprocessor.h @@ -1196,7 +1196,7 @@ cpu_load_pmap(struct pmap *pmap, struct * considered to be a canonical SHADOW PDIR with the following * properties: * - Its recursive mapping points to itself - * - per-cpu recurseive mappings point to themselves on __x86_64__ + * - per-cpu recursive mappings point to themselves on __x86_64__ * - per-cpu L4 pages' kernel entries are expected to be in sync with * the shadow */
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Sun Mar 11 16:28:02 UTC 2012 Modified Files: src/sys/arch/x86/include: pmap.h Log Message: Alternate PTEs got killed a few weeks ago. Clean up unused prototypes. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/sys/arch/x86/include/pmap.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/pmap.h diff -u src/sys/arch/x86/include/pmap.h:1.50 src/sys/arch/x86/include/pmap.h:1.51 --- src/sys/arch/x86/include/pmap.h:1.50 Fri Feb 17 18:40:18 2012 +++ src/sys/arch/x86/include/pmap.h Sun Mar 11 16:28:02 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: pmap.h,v 1.50 2012/02/17 18:40:18 bouyer Exp $ */ +/* $NetBSD: pmap.h,v 1.51 2012/03/11 16:28:02 jym Exp $ */ /* * Copyright (c) 1997 Charles D. Cranor and Washington University. @@ -447,9 +447,6 @@ xpmap_ptetomach(pt_entry_t *pte) paddr_t vtomach(vaddr_t); #define vtomfn(va) (vtomach(va) PAGE_SHIFT) - -void pmap_apte_flush(struct pmap *); -void pmap_unmap_apdp(void); #endif /* XEN */ /* pmap functions with machine addresses */
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Mar 11 17:14:30 UTC 2012 Modified Files: src/sys/arch/xen/x86: xen_pmap.c Log Message: Split the map/unmap code from the sync/flush code: move xpq_flush_queue() calls after pmap_{,un}map_recursive_entries() so that pmap's handlers handle the flush themselves. Now pmap_{,un}map_recursive_entries() do what their names imply, nothing more. Fix pmap_xen_suspend()'s comment: APDPs are now gone. pmap's handlers are called deep during kernel save/restore. We already are at IPL_VM + kpreemption disabled. No need to wrap the xpq_flush_queue() with splvm/splx. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/sys/arch/xen/x86/xen_pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/x86/xen_pmap.c diff -u src/sys/arch/xen/x86/xen_pmap.c:1.19 src/sys/arch/xen/x86/xen_pmap.c:1.20 --- src/sys/arch/xen/x86/xen_pmap.c:1.19 Fri Mar 2 16:38:14 2012 +++ src/sys/arch/xen/x86/xen_pmap.c Sun Mar 11 17:14:30 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xen_pmap.c,v 1.19 2012/03/02 16:38:14 bouyer Exp $ */ +/* $NetBSD: xen_pmap.c,v 1.20 2012/03/11 17:14:30 jym Exp $ */ /* * Copyright (c) 2007 Manuel Bouyer. @@ -102,7 +102,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: xen_pmap.c,v 1.19 2012/03/02 16:38:14 bouyer Exp $); +__KERNEL_RCSID(0, $NetBSD: xen_pmap.c,v 1.20 2012/03/11 17:14:30 jym Exp $); #include opt_user_ldt.h #include opt_lockdebug.h @@ -236,22 +236,16 @@ pmap_extract_ma(struct pmap *pmap, vaddr } /* - * Flush all APDP entries found in pmaps - * Required during Xen save/restore operations, as Xen does not - * handle alternative recursive mappings properly + * Xen pmap's handlers for save/restore */ void pmap_xen_suspend(void) { - int s; - - s = splvm(); - xpq_flush_queue(); - splx(s); - #ifdef PAE pmap_unmap_recursive_entries(); #endif + + xpq_flush_queue(); } void @@ -260,6 +254,8 @@ pmap_xen_resume(void) #ifdef PAE pmap_map_recursive_entries(); #endif + + xpq_flush_queue(); } #ifdef PAE @@ -294,10 +290,13 @@ pmap_map_recursive_entries(void) xpmap_ptom(pmap_pdirpa(pmap_kernel(), PDIR_SLOT_PTE + i)), xpmap_ptom(pmap_kernel()-pm_pdirpa[i]) | PG_V); } - - xpq_flush_queue(); } +/* + * Unmap recursive entries found in pmaps. Required during Xen + * save/restore operations, as Xen does not handle recursive mappings + * properly. + */ void pmap_unmap_recursive_entries(void) { @@ -322,13 +321,11 @@ pmap_unmap_recursive_entries(void) mutex_exit(pmaps_lock); /* do it for pmap_kernel() too! */ - for (i = 0; i PDP_SIZE; i++) + for (i = 0; i PDP_SIZE; i++) { xpq_queue_pte_update( xpmap_ptom(pmap_pdirpa(pmap_kernel(), PDIR_SLOT_PTE + i)), 0); - - xpq_flush_queue(); - + } } #endif /* PAE */
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Mar 11 16:16:44 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: Typo fix. To generate a diff of this commit: cvs rdiff -u -r1.89 -r1.90 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/x86/include
Module Name:src Committed By: jym Date: Sun Mar 11 16:28:02 UTC 2012 Modified Files: src/sys/arch/x86/include: pmap.h Log Message: Alternate PTEs got killed a few weeks ago. Clean up unused prototypes. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/sys/arch/x86/include/pmap.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Sun Mar 11 17:14:30 UTC 2012 Modified Files: src/sys/arch/xen/x86: xen_pmap.c Log Message: Split the map/unmap code from the sync/flush code: move xpq_flush_queue() calls after pmap_{,un}map_recursive_entries() so that pmap's handlers handle the flush themselves. Now pmap_{,un}map_recursive_entries() do what their names imply, nothing more. Fix pmap_xen_suspend()'s comment: APDPs are now gone. pmap's handlers are called deep during kernel save/restore. We already are at IPL_VM + kpreemption disabled. No need to wrap the xpq_flush_queue() with splvm/splx. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/sys/arch/xen/x86/xen_pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Mon Feb 13 23:54:58 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: PAT flags are not under control of Xen domains currently, so there is no point in enabling them. Avoids: - a warning logged by hypervisor when a domain attempts to modify the PAT MSR. - an error during domain resuming, where a PAT flag has been set on a page while the hypervisor does not allow it. ok releng@. To generate a diff of this commit: cvs rdiff -u -r1.79 -r1.80 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/x86/cpu.c diff -u src/sys/arch/xen/x86/cpu.c:1.79 src/sys/arch/xen/x86/cpu.c:1.80 --- src/sys/arch/xen/x86/cpu.c:1.79 Sat Jan 28 12:15:19 2012 +++ src/sys/arch/xen/x86/cpu.c Mon Feb 13 23:54:58 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu.c,v 1.79 2012/01/28 12:15:19 cherry Exp $ */ +/* $NetBSD: cpu.c,v 1.80 2012/02/13 23:54:58 jym Exp $ */ /* NetBSD: cpu.c,v 1.18 2004/02/20 17:35:01 yamt Exp */ /*- @@ -66,7 +66,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.79 2012/01/28 12:15:19 cherry Exp $); +__KERNEL_RCSID(0, $NetBSD: cpu.c,v 1.80 2012/02/13 23:54:58 jym Exp $); #include opt_ddb.h #include opt_multiprocessor.h @@ -532,7 +532,6 @@ cpu_attach_common(device_t parent, devic panic(unknown processor type??\n); } - pat_init(ci); atomic_or_32(cpus_attached, ci-ci_cpumask); #ifdef MPVERBOSE
CVS commit: src/sys/arch/xen/x86
Module Name:src Committed By: jym Date: Mon Feb 13 23:54:58 UTC 2012 Modified Files: src/sys/arch/xen/x86: cpu.c Log Message: PAT flags are not under control of Xen domains currently, so there is no point in enabling them. Avoids: - a warning logged by hypervisor when a domain attempts to modify the PAT MSR. - an error during domain resuming, where a PAT flag has been set on a page while the hypervisor does not allow it. ok releng@. To generate a diff of this commit: cvs rdiff -u -r1.79 -r1.80 src/sys/arch/xen/x86/cpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Sun Feb 12 14:24:08 UTC 2012 Modified Files: src/sys/arch/xen/xen: evtchn.c Log Message: Xen MP merge introduced MP safety around ipl handlers. When removing an event handler, check handler's function and arguments against the real ones, not the ones from wrappers. This fixes a bug where !mpsafe events could not be removed from the handler chain, thereby blocking suspension of a domU. ok releng@. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sys/arch/xen/xen/evtchn.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/evtchn.c diff -u src/sys/arch/xen/xen/evtchn.c:1.61 src/sys/arch/xen/xen/evtchn.c:1.62 --- src/sys/arch/xen/xen/evtchn.c:1.61 Thu Dec 8 03:34:44 2011 +++ src/sys/arch/xen/xen/evtchn.c Sun Feb 12 14:24:08 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: evtchn.c,v 1.61 2011/12/08 03:34:44 cherry Exp $ */ +/* $NetBSD: evtchn.c,v 1.62 2012/02/12 14:24:08 jym Exp $ */ /* * Copyright (c) 2006 Manuel Bouyer. @@ -54,7 +54,7 @@ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: evtchn.c,v 1.61 2011/12/08 03:34:44 cherry Exp $); +__KERNEL_RCSID(0, $NetBSD: evtchn.c,v 1.62 2012/02/12 14:24:08 jym Exp $); #include opt_xen.h #include isa.h @@ -774,7 +774,7 @@ event_remove_handler(int evtch, int (*fu for (ihp = evts-ev_handlers, ih = evts-ev_handlers; ih != NULL; ihp = ih-ih_evt_next, ih = ih-ih_evt_next) { - if (ih-ih_fun == func ih-ih_arg == arg) + if (ih-ih_realfun == func ih-ih_realarg == arg) break; } if (ih == NULL) { @@ -789,7 +789,7 @@ event_remove_handler(int evtch, int (*fu for (ihp = ipls-ipl_handlers, ih = ipls-ipl_handlers; ih != NULL; ihp = ih-ih_ipl_next, ih = ih-ih_ipl_next) { - if (ih-ih_fun == func ih-ih_arg == arg) + if (ih-ih_realfun == func ih-ih_realarg == arg) break; } if (ih == NULL)
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Sun Feb 12 14:38:18 UTC 2012 Modified Files: src/sys/arch/x86/include: cpu.h src/sys/arch/xen/xen: clock.c xen_machdep.c Log Message: Xen clock management routines keep track of CPU (following MP merge). Reflect this change in the suspend/resume routines so they can cope with domU CPU suspend, instead of setting their cpu_info pointer to NULL. Avoid copy/pasting by using the resume routines during attachement. ok releng@. No regression observed, and allows domU to suspend successfully again. Restore is a different beast as PD/PT flags are marked invalid by Xen-4 hypervisor, and blocks resuming. Looking into it. To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/sys/arch/x86/include/cpu.h cvs rdiff -u -r1.60 -r1.61 src/sys/arch/xen/xen/clock.c cvs rdiff -u -r1.9 -r1.10 src/sys/arch/xen/xen/xen_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/include/cpu.h diff -u src/sys/arch/x86/include/cpu.h:1.46 src/sys/arch/x86/include/cpu.h:1.47 --- src/sys/arch/x86/include/cpu.h:1.46 Sat Jan 28 07:19:17 2012 +++ src/sys/arch/x86/include/cpu.h Sun Feb 12 14:38:18 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu.h,v 1.46 2012/01/28 07:19:17 cherry Exp $ */ +/* $NetBSD: cpu.h,v 1.47 2012/02/12 14:38:18 jym Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -413,8 +413,8 @@ void child_trampoline(void); void startrtclock(void); void xen_delay(unsigned int); void xen_initclocks(void); -void xen_suspendclocks(void); -void xen_resumeclocks(void); +void xen_suspendclocks(struct cpu_info *); +void xen_resumeclocks(struct cpu_info *); #else /* clock.c */ void initrtclock(u_long); Index: src/sys/arch/xen/xen/clock.c diff -u src/sys/arch/xen/xen/clock.c:1.60 src/sys/arch/xen/xen/clock.c:1.61 --- src/sys/arch/xen/xen/clock.c:1.60 Mon Jan 9 13:35:42 2012 +++ src/sys/arch/xen/xen/clock.c Sun Feb 12 14:38:18 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: clock.c,v 1.60 2012/01/09 13:35:42 cherry Exp $ */ +/* $NetBSD: clock.c,v 1.61 2012/02/12 14:38:18 jym Exp $ */ /* * @@ -29,7 +29,7 @@ #include opt_xen.h #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: clock.c,v 1.60 2012/01/09 13:35:42 cherry Exp $); +__KERNEL_RCSID(0, $NetBSD: clock.c,v 1.61 2012/02/12 14:38:18 jym Exp $); #include sys/param.h #include sys/systm.h @@ -419,7 +419,7 @@ static struct evcnt hardclock_called[MAX void xen_initclocks(void) { - int err, evtch; + int err; static bool tcdone = false; struct cpu_info *ci = curcpu(); @@ -438,8 +438,6 @@ xen_initclocks(void) callout_init(xen_timepush_co, 0); } #endif - evtch = bind_virq_to_evtch(VIRQ_TIMER); - aprint_verbose(Xen clock: using event channel %d\n, evtch); if (!tcdone) { /* Do this only once */ mutex_init(tmutex, MUTEX_DEFAULT, IPL_CLOCK); @@ -451,7 +449,9 @@ xen_initclocks(void) if (!tcdone) { /* Do this only once */ tc_init(xen_timecounter); } + /* The splhigh requirements start here. */ + xen_resumeclocks(ci); /* * The periodic timer looks buggy, we stop receiving events @@ -461,16 +461,12 @@ xen_initclocks(void) err = HYPERVISOR_vcpu_op(VCPUOP_stop_periodic_timer, ci-ci_cpuid, NULL); - KASSERT(err == 0); + err = HYPERVISOR_set_timer_op( vcpu_system_time[ci-ci_cpuid] + NS_PER_TICK); KASSERT(err == 0); - event_set_handler(evtch, (int (*)(void *))xen_timer_handler, - ci, IPL_CLOCK, clock); - hypervisor_enable_event(evtch); - #ifdef DOM0OPS if (!tcdone) { /* Do this only once */ @@ -490,7 +486,7 @@ xen_initclocks(void) } void -xen_suspendclocks(void) +xen_suspendclocks(struct cpu_info *ci) { int evtch; @@ -498,13 +494,13 @@ xen_suspendclocks(void) KASSERT(evtch != -1); hypervisor_mask_event(evtch); - event_remove_handler(evtch, (int (*)(void *))xen_timer_handler, NULL); + event_remove_handler(evtch, (int (*)(void *))xen_timer_handler, ci); aprint_verbose(Xen clock: removed event channel %d\n, evtch); } void -xen_resumeclocks(void) +xen_resumeclocks(struct cpu_info *ci) { int evtch; @@ -512,7 +508,7 @@ xen_resumeclocks(void) KASSERT(evtch != -1); event_set_handler(evtch, (int (*)(void *))xen_timer_handler, - NULL, IPL_CLOCK, clock); + ci, IPL_CLOCK, clock); hypervisor_enable_event(evtch); aprint_verbose(Xen clock: using event channel %d\n, evtch); Index: src/sys/arch/xen/xen/xen_machdep.c diff -u src/sys/arch/xen/xen/xen_machdep.c:1.9 src/sys/arch/xen/xen/xen_machdep.c:1.10 --- src/sys/arch/xen/xen/xen_machdep.c:1.9 Sun Nov 20 19:41:27 2011 +++ src/sys/arch/xen/xen/xen_machdep.c Sun Feb 12 14:38:18 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: xen_machdep.c,v 1.9 2011/11/20 19:41:27 jym Exp $ */ +/* $NetBSD: xen_machdep.c,v 1.10 2012/02/12 14:38:18 jym Exp $ */ /* * Copyright (c) 2006 Manuel Bouyer. @@ -53,7 +53,7 @@ #include sys/cdefs.h
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Sun Feb 12 14:24:08 UTC 2012 Modified Files: src/sys/arch/xen/xen: evtchn.c Log Message: Xen MP merge introduced MP safety around ipl handlers. When removing an event handler, check handler's function and arguments against the real ones, not the ones from wrappers. This fixes a bug where !mpsafe events could not be removed from the handler chain, thereby blocking suspension of a domU. ok releng@. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sys/arch/xen/xen/evtchn.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: jym Date: Sun Feb 12 14:38:18 UTC 2012 Modified Files: src/sys/arch/x86/include: cpu.h src/sys/arch/xen/xen: clock.c xen_machdep.c Log Message: Xen clock management routines keep track of CPU (following MP merge). Reflect this change in the suspend/resume routines so they can cope with domU CPU suspend, instead of setting their cpu_info pointer to NULL. Avoid copy/pasting by using the resume routines during attachement. ok releng@. No regression observed, and allows domU to suspend successfully again. Restore is a different beast as PD/PT flags are marked invalid by Xen-4 hypervisor, and blocks resuming. Looking into it. To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/sys/arch/x86/include/cpu.h cvs rdiff -u -r1.60 -r1.61 src/sys/arch/xen/xen/clock.c cvs rdiff -u -r1.9 -r1.10 src/sys/arch/xen/xen/xen_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Thu Jan 5 18:11:51 UTC 2012 Modified Files: src/sys/arch/xen/xen: balloon.c Log Message: Comment fix. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/sys/arch/xen/xen/balloon.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/balloon.c diff -u src/sys/arch/xen/xen/balloon.c:1.12 src/sys/arch/xen/xen/balloon.c:1.13 --- src/sys/arch/xen/xen/balloon.c:1.12 Mon Dec 26 20:26:38 2011 +++ src/sys/arch/xen/xen/balloon.c Thu Jan 5 18:11:50 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: balloon.c,v 1.12 2011/12/26 20:26:38 jym Exp $ */ +/* $NetBSD: balloon.c,v 1.13 2012/01/05 18:11:50 jym Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ #define BALLOONDEBUG 0 #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.12 2011/12/26 20:26:38 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.13 2012/01/05 18:11:50 jym Exp $); #include sys/inttypes.h #include sys/device.h @@ -692,7 +692,7 @@ sysctl_kern_xen_balloon_min(SYSCTLFN_ARG return 0; } -/* Returns the current memory reservation of the domain */ +/* Returns the maximum memory reservation of the domain */ static int sysctl_kern_xen_balloon_max(SYSCTLFN_ARGS) {
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Thu Jan 5 18:11:51 UTC 2012 Modified Files: src/sys/arch/xen/xen: balloon.c Log Message: Comment fix. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/sys/arch/xen/xen/balloon.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Mon Dec 26 20:26:38 UTC 2011 Modified Files: src/sys/arch/xen/xen: balloon.c Log Message: Properly protect the min/target variables from balloon_sc, not just target. Use their reference directly instead of going through their opaque sysctl_data storage. It makes the locking a bit more obvious. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/sys/arch/xen/xen/balloon.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/xen/xen/balloon.c diff -u src/sys/arch/xen/xen/balloon.c:1.11 src/sys/arch/xen/xen/balloon.c:1.12 --- src/sys/arch/xen/xen/balloon.c:1.11 Tue Sep 20 00:12:24 2011 +++ src/sys/arch/xen/xen/balloon.c Mon Dec 26 20:26:38 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: balloon.c,v 1.11 2011/09/20 00:12:24 jym Exp $ */ +/* $NetBSD: balloon.c,v 1.12 2011/12/26 20:26:38 jym Exp $ */ /*- * Copyright (c) 2010 The NetBSD Foundation, Inc. @@ -71,7 +71,7 @@ #define BALLOONDEBUG 0 #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.11 2011/09/20 00:12:24 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: balloon.c,v 1.12 2011/12/26 20:26:38 jym Exp $); #include sys/inttypes.h #include sys/device.h @@ -129,18 +129,17 @@ struct balloon_xenbus_softc { device_t sc_dev; struct sysctllog *sc_log; - kmutex_t balloon_mtx; /* Protects condvar and target (below) */ + kmutex_t balloon_mtx; /* Protects condvar, target and res_min (below) */ kcondvar_t balloon_cv; /* Condvar variable for target (below) */ size_t balloon_target; /* Target domain reservation size in pages. */ - xen_pfn_t *sc_mfn_list; /* List of MFNs passed from/to balloon */ + /* Minimum amount of memory reserved by domain, in KiB */ + uint64_t balloon_res_min; + xen_pfn_t *sc_mfn_list; /* List of MFNs passed from/to balloon */ pool_cache_t bpge_pool; /* pool cache for balloon page entries */ /* linked list for tracking pages used by balloon */ SLIST_HEAD(, balloon_page_entry) balloon_page_entries; size_t balloon_num_page_entries; - - /* Minimum amount of memory reserved by domain, in KiB */ - uint64_t balloon_res_min; }; static size_t xenmem_get_currentreservation(void); @@ -607,21 +606,25 @@ balloon_xenbus_watcher(struct xenbus_wat unsigned int len) { size_t new_target; - uint64_t target_kb = balloon_xenbus_read_target(); - uint64_t target_min = balloon_sc-balloon_res_min; - uint64_t target_max = BALLOON_PAGES_TO_KB(xenmem_get_maxreservation()); + uint64_t target_kb, target_max, target_min; + target_kb = balloon_xenbus_read_target(); if (target_kb == 0) { /* bogus -- just return */ return; } + mutex_enter(balloon_sc-balloon_mtx); + target_min = balloon_sc-balloon_res_min; + mutex_exit(balloon_sc-balloon_mtx); if (target_kb target_min) { device_printf(balloon_sc-sc_dev, new target %PRIu64 is below min %PRIu64\n, target_kb, target_min); return; } + + target_max = BALLOON_PAGES_TO_KB(xenmem_get_maxreservation()); if (target_kb target_max) { /* * Should not happen. Hypervisor should block balloon @@ -664,7 +667,10 @@ sysctl_kern_xen_balloon_min(SYSCTLFN_ARG node = *rnode; node.sysctl_data = newval; - newval = *(u_quad_t *)rnode-sysctl_data; + + mutex_enter(balloon_sc-balloon_mtx); + newval = balloon_sc-balloon_res_min; + mutex_exit(balloon_sc-balloon_mtx); error = sysctl_lookup(SYSCTLFN_CALL(node)); if (error || newp == NULL) @@ -678,8 +684,10 @@ sysctl_kern_xen_balloon_min(SYSCTLFN_ARG return EPERM; } - if (*(u_quad_t *)rnode-sysctl_data != newval) - atomic_swap_64((u_quad_t *)rnode-sysctl_data, newval); + mutex_enter(balloon_sc-balloon_mtx); + if (balloon_sc-balloon_res_min != newval) + balloon_sc-balloon_res_min = newval; + mutex_exit(balloon_sc-balloon_mtx); return 0; } @@ -729,8 +737,11 @@ sysctl_kern_xen_balloon_target(SYSCTLFN_ node = *rnode; node.sysctl_data = newval; - /* we are just reading the value of target, no lock needed */ - newval = BALLOON_PAGES_TO_KB(*(u_quad_t*)rnode-sysctl_data); + + mutex_enter(balloon_sc-balloon_mtx); + newval = BALLOON_PAGES_TO_KB(balloon_sc-balloon_target); + res_min = balloon_sc-balloon_res_min; + mutex_exit(balloon_sc-balloon_mtx); error = sysctl_lookup(SYSCTLFN_CALL(node)); if (newp == NULL || error != 0) { @@ -747,7 +758,6 @@ sysctl_kern_xen_balloon_target(SYSCTLFN_ * sorry. */ res_max = BALLOON_PAGES_TO_KB(xenmem_get_maxreservation()); - res_min = balloon_sc-balloon_res_min; if (newval res_min || newval res_max) { #if BALLOONDEBUG device_printf(balloon_sc-sc_dev, @@ -799,16 +809,14 @@ sysctl_kern_xen_balloon_setup(struct bal CTLTYPE_QUAD, current, SYSCTL_DESCR(Domain's current memory reservation from hypervisor, in KiB.), - sysctl_kern_xen_balloon_current, 0, - NULL, 0, + sysctl_kern_xen_balloon_current, 0, NULL, 0, CTL_CREATE, CTL_EOL);
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: jym Date: Mon Dec 26 20:26:38 UTC 2011 Modified Files: src/sys/arch/xen/xen: balloon.c Log Message: Properly protect the min/target variables from balloon_sc, not just target. Use their reference directly instead of going through their opaque sysctl_data storage. It makes the locking a bit more obvious. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/sys/arch/xen/xen/balloon.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src
On Wed, 21 Dec 2011 16:47:49 +0100, Reinoud Zandijk wrote: The patch is written to allow for multiple non-UVM flags to be attached to mappings and allow the kernel to react on them. NetBSD/usermode uses this to disallow system calls to be made from within mapped regions and get them returned as illegal instructions so it can analyse and emulate the system calls. To prevent every process to be scrutinized this way a process flag has been introduced to mark if a process needs this check since the detection involve acuiring a lock to walk the uvm map. Why make this a memory-level property, and not a process-level property? If you want to proxy syscalls between host and usermode kernel, why make it exclusive to certain mem regions? I am probably missing something with the way usermode processes, usermode kernel host kernel interact. On the enhancing security argument, malicious source code could trigger compiler bugs that allow for code to be modified or otherwise manipulated to issue system calls where they shouldn't. Although it wouldn't nessiarily pose a system security issue, it could be used for extracting info or for malicious behaviour where with the patch it would simply bomb out. That's the part I have trouble with. It looks like a weaker form of W^X (or PaX's mprotect), and I can't see the additional security benefits. Malicious code is free to trigger compiler bugs that can make calls to valid memory areas. If you manage to plant a int 0x80 in a MMAP_NOSYSCALLS executable region, just make it to a call __syscall. At the expense of a few more arguments, you will get the same result. As for the panic in sys_mmap(), as pointed out by Joerg and David Young, yes, that should return a EOPNOTSUPP or an EINVAL. Panicing is indeed far too crude and i'll change that. Hope this answers most of your questions. Waiting for mines :) -- Jean-Yves Migeon j...@netbsd.org
Re: CVS commit: src
On 20.12.2011 16:39, Reinoud Zandijk wrote: Module Name:src Committed By: reinoud Date: Tue Dec 20 15:39:36 UTC 2011 Modified Files: src/lib/libc/sys: mmap.2 src/sys/sys: mman.h proc.h src/sys/uvm: uvm_extern.h uvm_map.c uvm_mmap.c Log Message: Add a MAP_NOSYSCALLS flag to mmap. This flag prohibits executing of system calls from the mapped region. This can be used for emulation perposed or for extra security in the case of generated code. IMHO, this change should have been discussed first. Can you please elaborate on its usage? I fail to see the point about emulation, and even more so about the alleged extra security where this can be trivially bypassed. Return to libfoo and ROP are quite mainstream techniques these days... -- Jean-Yves Migeon j...@netbsd.org
CVS commit: src/sys/secmodel/keylock
Module Name:src Committed By: jym Date: Thu Dec 8 11:01:59 UTC 2011 Modified Files: src/sys/secmodel/keylock: secmodel_keylock.c Log Message: build fix for keylock secmodel(9). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/secmodel/keylock/secmodel_keylock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/keylock/secmodel_keylock.c diff -u src/sys/secmodel/keylock/secmodel_keylock.c:1.6 src/sys/secmodel/keylock/secmodel_keylock.c:1.7 --- src/sys/secmodel/keylock/secmodel_keylock.c:1.6 Sun Dec 4 19:25:00 2011 +++ src/sys/secmodel/keylock/secmodel_keylock.c Thu Dec 8 11:01:59 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_keylock.c,v 1.6 2011/12/04 19:25:00 jym Exp $ */ +/* $NetBSD: secmodel_keylock.c,v 1.7 2011/12/08 11:01:59 jym Exp $ */ /*- * Copyright (c) 2009 Marc Balmer m...@msys.ch * Copyright (c) 2006 Elad Efrat e...@netbsd.org @@ -54,7 +54,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_keylock.c,v 1.6 2011/12/04 19:25:00 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_keylock.c,v 1.7 2011/12/08 11:01:59 jym Exp $); #include sys/types.h #include sys/param.h @@ -70,10 +70,13 @@ __KERNEL_RCSID(0, $NetBSD: secmodel_key #include miscfs/specfs/specdev.h +#include secmodel/secmodel.h #include secmodel/keylock/keylock.h static kauth_listener_t l_system, l_process, l_network, l_machdep, l_device; +static secmodel_t keylock_sm; + SYSCTL_SETUP(sysctl_security_keylock_setup, sysctl security keylock setup) { @@ -142,7 +145,7 @@ secmodel_keylock_stop(void) kauth_unlisten_scope(l_machdep); kauth_unlisten_scope(l_device); - error = secmodel_deregister(keylock_sm); + error = secmodel_deregister(keylock_sm); if (error != 0) printf(secmodel_keylock_stop: secmodel_deregister returned %d\n, error);
CVS commit: src/sys/secmodel/keylock
Module Name:src Committed By: jym Date: Thu Dec 8 11:01:59 UTC 2011 Modified Files: src/sys/secmodel/keylock: secmodel_keylock.c Log Message: build fix for keylock secmodel(9). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/secmodel/keylock/secmodel_keylock.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jym Date: Mon Dec 5 23:04:39 UTC 2011 Modified Files: src: build.sh Log Message: do_sys_sync() is part of vfs, hence rumpvfs. Used by pmf(9) during device suspend, so explicitly link against rumpvfs to resolve that symbol when linking rumpdev. Unbreaks rumptest target. To generate a diff of this commit: cvs rdiff -u -r1.251 -r1.252 src/build.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/build.sh diff -u src/build.sh:1.251 src/build.sh:1.252 --- src/build.sh:1.251 Mon Oct 17 16:22:12 2011 +++ src/build.sh Mon Dec 5 23:04:39 2011 @@ -1,5 +1,5 @@ #! /usr/bin/env sh -# $NetBSD: build.sh,v 1.251 2011/10/17 16:22:12 mbalmer Exp $ +# $NetBSD: build.sh,v 1.252 2011/12/05 23:04:39 jym Exp $ # # Copyright (c) 2001-2011 The NetBSD Foundation, Inc. # All rights reserved. @@ -1632,7 +1632,7 @@ createmakewrapper() eval cat EOF ${makewrapout} #! ${HOST_SH} # Set proper variables to allow easy make building of a NetBSD subtree. -# Generated from: \$NetBSD: build.sh,v 1.251 2011/10/17 16:22:12 mbalmer Exp $ +# Generated from: \$NetBSD: build.sh,v 1.252 2011/12/05 23:04:39 jym Exp $ # with these arguments: ${_args} # @@ -1830,7 +1830,7 @@ installworld() RUMP_LIBSETS=' -lrump, -lrumpvfs -lrump, - -lrumpdev -lrump, + -lrumpvfs -lrumpdev -lrump, -lrumpnet -lrump, -lrumpkern_tty -lrumpvfs -lrump, -lrumpfs_tmpfs -lrumpvfs -lrump,
CVS commit: src
Module Name:src Committed By: jym Date: Mon Dec 5 23:04:39 UTC 2011 Modified Files: src: build.sh Log Message: do_sys_sync() is part of vfs, hence rumpvfs. Used by pmf(9) during device suspend, so explicitly link against rumpvfs to resolve that symbol when linking rumpdev. Unbreaks rumptest target. To generate a diff of this commit: cvs rdiff -u -r1.251 -r1.252 src/build.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sys
On 04.12.2011 21:07, Alan Barrett wrote: On Sun, 04 Dec 2011, Jean-Yves Migeon wrote: Log Message: Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel safe communication. Where and when was this discussed? See commit log: http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html -- Jean-Yves Migeon jeanyves.mig...@free.fr
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 18:34:20 UTC 2011 Modified Files: src/share/man/man9: sysctl.9 Log Message: - add the bool type for IMMEDIATE flag. - minor tweak to the handler example: it leaks 't' (on stack) when passed to sysctl_lookup(9), as it copyout its content via sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag was set for this node but the example does not preclude that. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/share/man/man9/sysctl.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/sysctl.9 diff -u src/share/man/man9/sysctl.9:1.17 src/share/man/man9/sysctl.9:1.18 --- src/share/man/man9/sysctl.9:1.17 Sun May 16 05:18:35 2010 +++ src/share/man/man9/sysctl.9 Sun Dec 4 18:34:20 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: sysctl.9,v 1.17 2010/05/16 05:18:35 jruoho Exp $ +.\ $NetBSD: sysctl.9,v 1.18 2011/12/04 18:34:20 jym Exp $ .\ .\ Copyright (c) 2004 The NetBSD Foundation, Inc. .\ All rights reserved. @@ -27,7 +27,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd May 16, 2010 +.Dd December 4, 2011 .Dt SYSCTL 9 .Os .Sh NAME @@ -421,6 +421,7 @@ If the flag is set, the .Fa qv argument will be interpreted as the initial value for the new +.Dq bool , .Dq int or .Dq quad @@ -504,6 +505,8 @@ sysctl_helper(SYSCTLFN_ARGS) struct sysctlnode node; int t, error; + t = *(int *)rnode-\*[Gt]sysctl_data; + node = *rnode; node.sysctl_data = \*[Am]t; error = sysctl_lookup(SYSCTLFN_CALL(\*[Am]node)); @@ -513,7 +516,7 @@ sysctl_helper(SYSCTLFN_ARGS) if (t \*[Lt] 0 || t \*[Gt] 20) return (EINVAL); - *(int*)rnode-\*[Gt]sysctl_data = t; + *(int *)rnode-\*[Gt]sysctl_data = t; return (0); } .Ed
CVS commit: src/sys/secmodel/extensions
Module Name:src Committed By: jym Date: Sun Dec 4 21:04:51 UTC 2011 Modified Files: src/sys/secmodel/extensions: secmodel_extensions.c Log Message: When user_set_cpu_affinity is non-zero, only allow users to modify the CPU affinity of the LWPs they own. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/extensions/secmodel_extensions.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/extensions/secmodel_extensions.c diff -u src/sys/secmodel/extensions/secmodel_extensions.c:1.1 src/sys/secmodel/extensions/secmodel_extensions.c:1.2 --- src/sys/secmodel/extensions/secmodel_extensions.c:1.1 Sun Dec 4 19:25:00 2011 +++ src/sys/secmodel/extensions/secmodel_extensions.c Sun Dec 4 21:04:51 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $ */ +/* $NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $ */ /*- * Copyright (c) 2011 Elad Efrat e...@netbsd.org * All rights reserved. @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_extensions.c,v 1.1 2011/12/04 19:25:00 jym Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_extensions.c,v 1.2 2011/12/04 21:04:51 jym Exp $); #include sys/types.h #include sys/param.h @@ -413,7 +413,10 @@ secmodel_extensions_process_cb(kauth_cre case KAUTH_PROCESS_SCHEDULER_SETAFFINITY: if (user_set_cpu_affinity != 0) { - result = KAUTH_RESULT_ALLOW; + struct proc *p = arg0; + + if (kauth_cred_uidmatch(cred, p-p_cred)) +result = KAUTH_RESULT_ALLOW; } break;
CVS commit: src
is-securelevel-above Qc +.It arg +a reference to an +.Dv int +representing the threshold level. +.It ret +a boolean, set by +.Nm +to +.Dv true +when the +.Em securelevel +is strictly above +the threshold level, +.Dv false +otherwise. +.El +.Sh RETURN TYPES +If successful, the evaluation returns 0 with the +.Fa ret +argument being either +.Dv true +or +.Dv false . .Sh SEE ALSO .Xr kauth 9 , .Xr secmodel 9 , -.Xr secmodel_bsd44 9 +.Xr secmodel_bsd44 9 , +.Xr secmodel_eval 9 .Sh AUTHORS .An Elad Efrat Aq e...@netbsd.org .Sh BUGS Index: src/share/man/man9/secmodel_suser.9 diff -u src/share/man/man9/secmodel_suser.9:1.4 src/share/man/man9/secmodel_suser.9:1.5 --- src/share/man/man9/secmodel_suser.9:1.4 Sat Oct 3 07:37:01 2009 +++ src/share/man/man9/secmodel_suser.9 Sun Dec 4 21:08:45 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: secmodel_suser.9,v 1.4 2009/10/03 07:37:01 wiz Exp $ +.\ $NetBSD: secmodel_suser.9,v 1.5 2011/12/04 21:08:45 jym Exp $ .\ .\ Copyright (c) 2009 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd October 2, 2009 +.Dd December 4, 2011 .Dt SECMODEL_SUSER 9 .Os .Sh NAME @@ -40,46 +40,53 @@ The .Em super-user is the host administrator, considered to have higher privileges than other users. +.Sh FUNCTIONS +.Nm +exposes a +.Xr secmodel_eval 9 +evaluation routine +to test whether a set of credentials can be assimilated to +.Em super-user +credentials or not. .Pp -The following -.Xr sysctl 3 -variables are exported: -.Bl -tag -width compact -.It security.models.suser.curtain -If non-zero, will filter returned objects according to the user-id -requesting information about them, preventing from users any access to -objects they don't own. -.Pp -At the moment, it affects -.Xr ps 1 , -.Xr netstat 1 -(for -.Dv PF_INET , -.Dv PF_INET6 , -and -.Dv PF_UNIX -PCBs), and -.Xr w 1 . -.It security.models.suser.usermount -Allow non-superuser mounts. -.Pp -If non-zero, file-systems are allowed to be mounted by an ordinary user who -owns the point -.Ar node -and has at least read access to the -.Ar special -device -.Xr mount 8 -arguments. -Finally, the flags -.Cm nosuid -and -.Cm nodev -must be given for non-superuser mounts. +The parameters to +.Xr secmodel_eval 9 +are: +.Bl -tag -compact -width x +.It id +the unique identifier of +.Nm : +.Qo Dv org.netbsd.secmodel.suser Qc +.It what +a string, +.Qo Dv is-root Qc . +.It arg +the +.Xr kauth 9 +credentials +.Po Fa kauth_cred_t Pc +of the caller. +.It ret +a boolean, set by +.Nm +to +.Dv true +when the credentials are equivalent to +.Em super-user , +.Dv false +otherwise. .El +.Sh RETURN TYPES +If successful, the evaluation returns 0 with the +.Fa ret +argument being either +.Dv true +or +.Dv false . .Sh SEE ALSO .Xr kauth 9 , .Xr secmodel 9 , -.Xr secmodel_bsd44 9 +.Xr secmodel_bsd44 9 , +.Xr secmodel_eval 9 .Sh AUTHORS .An Elad Efrat Aq e...@netbsd.org Added files: Index: src/share/man/man9/secmodel_extensions.9 diff -u /dev/null src/share/man/man9/secmodel_extensions.9:1.1 --- /dev/null Sun Dec 4 21:08:46 2011 +++ src/share/man/man9/secmodel_extensions.9 Sun Dec 4 21:08:45 2011 @@ -0,0 +1,120 @@ +.\ $NetBSD: secmodel_extensions.9,v 1.1 2011/12/04 21:08:45 jym Exp $ +.\ +.\ Copyright (c) 2011 The NetBSD Foundation, Inc. +.\ All rights reserved. +.\ +.\ This code is derived from software contributed to The NetBSD Foundation +.\ by Jean-Yves Migeon j...@netbsd.org +.\ +.\ Redistribution and use in source and binary forms, with or without +.\ modification, are permitted provided that the following conditions +.\ are met: +.\ 1. Redistributions of source code must retain the above copyright +.\notice, this list of conditions and the following disclaimer. +.\ 2. Redistributions in binary form must reproduce the above copyright +.\notice, this list of conditions and the following disclaimer in the +.\documentation and/or other materials provided with the distribution. +.\ +.\ THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\ POSSIBILITY OF SUCH DAMAGE. +.\ +.Dd December 3, 2011 +.Dt SECMODEL_EXTENSIONS 9 +.Os +.Sh NAME +.Nm secmodel_extensions +.Nd Extensions security
CVS commit: src/sys/modules
Module Name:src Committed By: jym Date: Sun Dec 4 23:13:54 UTC 2011 Modified Files: src/sys/modules: Makefile Added Files: src/sys/modules/secmodel_extensions: Makefile Log Message: Hook secmodel_extensions(9) to modules build. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/sys/modules/Makefile cvs rdiff -u -r0 -r1.1 src/sys/modules/secmodel_extensions/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/modules/Makefile diff -u src/sys/modules/Makefile:1.99 src/sys/modules/Makefile:1.100 --- src/sys/modules/Makefile:1.99 Thu Nov 24 15:52:24 2011 +++ src/sys/modules/Makefile Sun Dec 4 23:13:54 2011 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.99 2011/11/24 15:52:24 ahoka Exp $ +# $NetBSD: Makefile,v 1.100 2011/12/04 23:13:54 jym Exp $ .include bsd.own.mk @@ -61,6 +61,7 @@ SUBDIR+= puffs SUBDIR+= putter SUBDIR+= scsiverbose SUBDIR+= secmodel_bsd44 +SUBDIR+= secmodel_extensions SUBDIR+= secmodel_overlay SUBDIR+= securelevel SUBDIR+= smbfs Added files: Index: src/sys/modules/secmodel_extensions/Makefile diff -u /dev/null src/sys/modules/secmodel_extensions/Makefile:1.1 --- /dev/null Sun Dec 4 23:13:54 2011 +++ src/sys/modules/secmodel_extensions/Makefile Sun Dec 4 23:13:54 2011 @@ -0,0 +1,10 @@ +# $NetBSD: Makefile,v 1.1 2011/12/04 23:13:54 jym Exp $ + +.include ../Makefile.inc + +.PATH: ${S}/secmodel/extensions + +KMOD= secmodel_extensions +SRCS= secmodel_extensions.c + +.include bsd.kmodule.mk
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 23:59:25 UTC 2011 Modified Files: src/share/man/man9: kauth.9 Log Message: KAUTH_GENERIC_CANSEE is no more. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man9/kauth.9 diff -u src/share/man/man9/kauth.9:1.94 src/share/man/man9/kauth.9:1.95 --- src/share/man/man9/kauth.9:1.94 Sun Dec 4 21:52:37 2011 +++ src/share/man/man9/kauth.9 Sun Dec 4 23:59:25 2011 @@ -1,4 +1,4 @@ -.\ $NetBSD: kauth.9,v 1.94 2011/12/04 21:52:37 jym Exp $ +.\ $NetBSD: kauth.9,v 1.95 2011/12/04 23:59:25 jym Exp $ .\ .\ Copyright (c) 2005, 2006 Elad Efrat e...@netbsd.org .\ All rights reserved. @@ -155,17 +155,6 @@ Checks whether the credentials belong to Using this request is strongly discouraged and should only be done as a temporary place-holder, as it is breaking the separation between the interface for authorization requests from the back-end implementation. -.It Dv KAUTH_GENERIC_CANSEE -Checks whether an object with one set of credentials can access -information about another object, possibly with a different set of -credentials. -.Pp -.Ar arg0 -contains the credentials of the object looked at. -.Pp -This request should be issued only in cases where generic credentials -check is required; otherwise it is recommended to use the object-specific -routines. .El .Ss System Scope The system scope,
CVS commit: src/distrib/sets/lists/modules
Module Name:src Committed By: jym Date: Mon Dec 5 02:04:34 UTC 2011 Modified Files: src/distrib/sets/lists/modules: mi Log Message: Set list fix... To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/distrib/sets/lists/modules/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/distrib/sets/lists/modules/mi diff -u src/distrib/sets/lists/modules/mi:1.38 src/distrib/sets/lists/modules/mi:1.39 --- src/distrib/sets/lists/modules/mi:1.38 Thu Nov 24 21:46:15 2011 +++ src/distrib/sets/lists/modules/mi Mon Dec 5 02:04:34 2011 @@ -1,4 +1,4 @@ -# $NetBSD: mi,v 1.38 2011/11/24 21:46:15 ahoka Exp $ +# $NetBSD: mi,v 1.39 2011/12/05 02:04:34 jym Exp $ # # Note: don't delete entries from here - mark them as obsolete instead. # @@ -143,6 +143,8 @@ ./@MODULEDIR@/sdt/sdt.kmod base-kernel-modules kmod,dtrace ./@MODULEDIR@/secmodel_bsd44 base-kernel-modules kmod ./@MODULEDIR@/secmodel_bsd44/secmodel_bsd44.kmod base-kernel-modules kmod +./@MODULEDIR@/secmodel_extensions base-kernel-modules kmod +./@MODULEDIR@/secmodel_extensions/secmodel_extensions.kmod base-kernel-modules kmod ./@MODULEDIR@/secmodel_overlay base-kernel-modules kmod ./@MODULEDIR@/secmodel_overlay/secmodel_overlay.kmod base-kernel-modules kmod ./@MODULEDIR@/securelevel base-kernel-modules kmod
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 18:34:20 UTC 2011 Modified Files: src/share/man/man9: sysctl.9 Log Message: - add the bool type for IMMEDIATE flag. - minor tweak to the handler example: it leaks 't' (on stack) when passed to sysctl_lookup(9), as it copyout its content via sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag was set for this node but the example does not preclude that. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/share/man/man9/sysctl.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src Committed By: jym Date: Sun Dec 4 19:25:01 UTC 2011 Modified Files: src/sys/kern: init_main.c kern_auth.c kern_module.c src/sys/rump/librump/rumpkern: Makefile.rumpkern rump.c src/sys/secmodel: files.secmodel src/sys/secmodel/bsd44: bsd44.h files.bsd44 secmodel_bsd44.c src/sys/secmodel/keylock: secmodel_keylock.c src/sys/secmodel/overlay: overlay.h secmodel_overlay.c src/sys/secmodel/securelevel: secmodel_securelevel.c securelevel.h src/sys/secmodel/suser: secmodel_suser.c suser.h src/sys/sys: kauth.h Added Files: src/sys/secmodel: secmodel.c secmodel.h src/sys/secmodel/extensions: extensions.h files.extensions secmodel_extensions.c Log Message: Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel safe communication. When a secmodel wishes to know a property maintained by another secmodel, it has to submit a request to it so the other secmodel can proceed to evaluating the request. This is done through the secmodel_eval(9) call; example: bool isroot; error = secmodel_eval(org.netbsd.secmodel.suser, is-root, cred, isroot); if (error == 0 !isroot) result = KAUTH_RESULT_DENY; This one asks the suser module if the credentials are assumed to be root when evaluated by suser module. If the module is present, it will respond. If absent, the call will return an error. Args and command are arbitrarily defined; it's up to the secmodel(9) to document what it expects. Typical example is securelevel testing: when someone wants to know whether securelevel is raised above a certain level or not, the caller has to request this property to the secmodel_securelevel(9) module. Given that securelevel module may be absent from system's context (thus making access to the global securelevel variable impossible or unsafe), this API can cope with this absence and return an error. We are using secmodel_eval(9) to implement a secmodel_extensions(9) module, which plugs with the bsd44, suser and securelevel secmodels to provide the logic behind curtain, usermount and user_set_cpu_affinity modes, without adding hooks to traditional secmodels. This solves a real issue with the current secmodel(9) code, as usermount or user_set_cpu_affinity are not really tied to secmodel_suser(9). The secmodel_eval(9) is also used to restrict security.models settings when securelevel is above 0, through the is-securelevel-above evaluation: - curtain can be enabled any time, but cannot be disabled if securelevel is above 0. - usermount/user_set_cpu_affinity can be disabled any time, but cannot be enabled if securelevel is above 0. Regarding sysctl(7) entries: curtain and usermount are now found under security.models.extensions tree. The security.curtain and vfs.generic.usermount are still accessible for backwards compat. Documentation is incoming, I am proof-reading my writings. Written by elad@, reviewed and tested (anita test + interact for rights tests) by me. ok elad@. See also http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html XXX might consider va0 mapping too. XXX Having a secmodel(9) specific printf (like aprint_*) for reporting secmodel(9) errors might be a good idea, but I am not sure on how to design such a function right now. To generate a diff of this commit: cvs rdiff -u -r1.437 -r1.438 src/sys/kern/init_main.c cvs rdiff -u -r1.65 -r1.66 src/sys/kern/kern_auth.c cvs rdiff -u -r1.85 -r1.86 src/sys/kern/kern_module.c cvs rdiff -u -r1.113 -r1.114 src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.237 -r1.238 src/sys/rump/librump/rumpkern/rump.c cvs rdiff -u -r1.4 -r1.5 src/sys/secmodel/files.secmodel cvs rdiff -u -r0 -r1.1 src/sys/secmodel/secmodel.c cvs rdiff -u -r0 -r1.4 src/sys/secmodel/secmodel.h cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/bsd44/bsd44.h cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/bsd44/files.bsd44 cvs rdiff -u -r1.14 -r1.15 src/sys/secmodel/bsd44/secmodel_bsd44.c cvs rdiff -u -r0 -r1.1 src/sys/secmodel/extensions/extensions.h \ src/sys/secmodel/extensions/files.extensions \ src/sys/secmodel/extensions/secmodel_extensions.c cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/keylock/secmodel_keylock.c cvs rdiff -u -r1.4 -r1.5 src/sys/secmodel/overlay/overlay.h cvs rdiff -u -r1.11 -r1.12 src/sys/secmodel/overlay/secmodel_overlay.c cvs rdiff -u -r1.22 -r1.23 \ src/sys/secmodel/securelevel/secmodel_securelevel.c cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/securelevel/securelevel.h cvs rdiff -u -r1.35 -r1.36 src/sys/secmodel/suser/secmodel_suser.c cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/suser/suser.h cvs rdiff -u -r1.65 -r1.66 src/sys/sys/kauth.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel/extensions
Module Name:src Committed By: jym Date: Sun Dec 4 21:04:51 UTC 2011 Modified Files: src/sys/secmodel/extensions: secmodel_extensions.c Log Message: When user_set_cpu_affinity is non-zero, only allow users to modify the CPU affinity of the LWPs they own. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/extensions/secmodel_extensions.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jym Date: Sun Dec 4 21:08:46 UTC 2011 Modified Files: src/distrib/sets/lists/comp: mi src/lib/libpthread: affinity.3 src/lib/librt: sched.3 src/share/man/man9: Makefile secmodel.9 secmodel_bsd44.9 secmodel_securelevel.9 secmodel_suser.9 Added Files: src/share/man/man9: secmodel_extensions.9 Log Message: Improvements in secmodel(9). Document secmodel_register(9), _deregister(9) and _eval(9). Add secmodel_extensions(9), and indicate the new sysctl(7) to let ordinary users control the CPU affinity (user_set_cpu_affinity). To generate a diff of this commit: cvs rdiff -u -r1.1715 -r1.1716 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.6 -r1.7 src/lib/libpthread/affinity.3 cvs rdiff -u -r1.10 -r1.11 src/lib/librt/sched.3 cvs rdiff -u -r1.361 -r1.362 src/share/man/man9/Makefile cvs rdiff -u -r1.17 -r1.18 src/share/man/man9/secmodel.9 cvs rdiff -u -r1.13 -r1.14 src/share/man/man9/secmodel_bsd44.9 cvs rdiff -u -r0 -r1.1 src/share/man/man9/secmodel_extensions.9 cvs rdiff -u -r1.10 -r1.11 src/share/man/man9/secmodel_securelevel.9 cvs rdiff -u -r1.4 -r1.5 src/share/man/man9/secmodel_suser.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 21:52:37 UTC 2011 Modified Files: src/share/man/man9: kauth.9 Log Message: GETPARAMS = GETPARAM SETPARAMS = SETPARAM To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/modules
Module Name:src Committed By: jym Date: Sun Dec 4 23:13:54 UTC 2011 Modified Files: src/sys/modules: Makefile Added Files: src/sys/modules/secmodel_extensions: Makefile Log Message: Hook secmodel_extensions(9) to modules build. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/sys/modules/Makefile cvs rdiff -u -r0 -r1.1 src/sys/modules/secmodel_extensions/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/examples/secmodel
Module Name:src Committed By: jym Date: Sun Dec 4 23:55:36 UTC 2011 Modified Files: src/share/examples/secmodel: example.h secmodel_example.c Log Message: Update secmodel_examples to better describe the secmodel(9) API. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/share/examples/secmodel/example.h cvs rdiff -u -r1.25 -r1.26 src/share/examples/secmodel/secmodel_example.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 23:59:25 UTC 2011 Modified Files: src/share/man/man9: kauth.9 Log Message: KAUTH_GENERIC_CANSEE is no more. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: jym Date: Mon Dec 5 00:13:31 UTC 2011 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: secmodel_eval(9) may want to access securelevel before it is set to the right value, so init it first before registering secmodel(9). To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/distrib/sets/lists/modules
Module Name:src Committed By: jym Date: Mon Dec 5 02:04:34 UTC 2011 Modified Files: src/distrib/sets/lists/modules: mi Log Message: Set list fix... To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/distrib/sets/lists/modules/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: jym Date: Mon Nov 28 20:57:52 UTC 2011 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Whitespace fixes. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/securelevel/secmodel_securelevel.c diff -u src/sys/secmodel/securelevel/secmodel_securelevel.c:1.21 src/sys/secmodel/securelevel/secmodel_securelevel.c:1.22 --- src/sys/secmodel/securelevel/secmodel_securelevel.c:1.21 Wed Nov 23 10:47:48 2011 +++ src/sys/secmodel/securelevel/secmodel_securelevel.c Mon Nov 28 20:57:51 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_securelevel.c,v 1.21 2011/11/23 10:47:48 tls Exp $ */ +/* $NetBSD: secmodel_securelevel.c,v 1.22 2011/11/28 20:57:51 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -28,14 +28,14 @@ /* * This file contains kauth(9) listeners needed to implement the traditional - * NetBSD securelevel. + * NetBSD securelevel. * * The securelevel is a system-global indication on what operations are * allowed or not. It affects all users, including root. */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.21 2011/11/23 10:47:48 tls Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_securelevel.c,v 1.22 2011/11/28 20:57:51 jym Exp $); #ifdef _KERNEL_OPT #include opt_insecure.h @@ -71,7 +71,7 @@ static struct sysctllog *securelevel_sys */ int secmodel_securelevel_sysctl(SYSCTLFN_ARGS) -{ +{ int newsecurelevel, error; struct sysctlnode node; @@ -81,7 +81,7 @@ secmodel_securelevel_sysctl(SYSCTLFN_ARG error = sysctl_lookup(SYSCTLFN_CALL(node)); if (error || newp == NULL) return (error); - + if ((newsecurelevel securelevel) (l-l_proc != initproc)) return (EPERM); @@ -424,7 +424,7 @@ secmodel_securelevel_network_cb(kauth_cr return (result); } -/* +/* * kauth(9) listener * * Security model: Traditional NetBSD @@ -462,7 +462,7 @@ secmodel_securelevel_machdep_cb(kauth_cr * kauth(9) listener * * Security model: Traditional NetBSD - * Scope: Device + * Scope: Device * Responsibility: Securelevel */ int
CVS commit: src/sys/secmodel
Module Name:src Committed By: jym Date: Mon Nov 28 22:28:34 UTC 2011 Modified Files: src/sys/secmodel/bsd44: secmodel_bsd44.c src/sys/secmodel/overlay: secmodel_overlay.c Log Message: The secmodel(9)s init, start and stop routines are managed by each secmodel module(7), so there is no point in calling suser/securelevel routines from bsd44. This leads to unwanted cross-secmodel dependencies. Do not call secmodel_bsd44_init() from secmodel_overlay_init(). Doing so resets all curtain/securelevel values, which is not really needed when loading an overlay filter. Remove the secmodel_register/deregister comments, they will be implemented differently in an upcoming patch. ok elad@ (via private mail). To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/sys/secmodel/bsd44/secmodel_bsd44.c cvs rdiff -u -r1.10 -r1.11 src/sys/secmodel/overlay/secmodel_overlay.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/secmodel/bsd44/secmodel_bsd44.c diff -u src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 src/sys/secmodel/bsd44/secmodel_bsd44.c:1.14 --- src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 Fri Oct 2 18:50:13 2009 +++ src/sys/secmodel/bsd44/secmodel_bsd44.c Mon Nov 28 22:28:33 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $ */ +/* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $); #include sys/types.h #include sys/param.h @@ -79,26 +79,19 @@ sysctl_security_bsd44_setup(struct sysct void secmodel_bsd44_init(void) { - secmodel_suser_init(); - secmodel_securelevel_init(); + } void secmodel_bsd44_start(void) { - secmodel_suser_start(); - secmodel_securelevel_start(); - /* secmodel_register(); */ } void secmodel_bsd44_stop(void) { - secmodel_suser_stop(); - secmodel_securelevel_stop(); - /* secmodel_deregister(); */ } static int Index: src/sys/secmodel/overlay/secmodel_overlay.c diff -u src/sys/secmodel/overlay/secmodel_overlay.c:1.10 src/sys/secmodel/overlay/secmodel_overlay.c:1.11 --- src/sys/secmodel/overlay/secmodel_overlay.c:1.10 Fri Oct 2 18:50:13 2009 +++ src/sys/secmodel/overlay/secmodel_overlay.c Mon Nov 28 22:28:34 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $ */ +/* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat e...@netbsd.org * All rights reserved. @@ -27,7 +27,7 @@ */ #include sys/cdefs.h -__KERNEL_RCSID(0, $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $); +__KERNEL_RCSID(0, $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $); #include sys/types.h #include sys/param.h @@ -123,8 +123,6 @@ secmodel_overlay_init(void) secmodel_suser_device_cb, NULL); kauth_listen_scope(OVERLAY_ISCOPE_DEVICE, secmodel_securelevel_device_cb, NULL); - - secmodel_bsd44_init(); } void @@ -178,8 +176,6 @@ secmodel_overlay_start(void) secmodel_overlay_device_cb, NULL); l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, secmodel_overlay_vnode_cb, NULL); - - /* secmodel_register(); */ } /* @@ -205,7 +201,8 @@ secmodel_overlay_modcmd(modcmd_t cmd, vo switch (cmd) { case MODULE_CMD_INIT: secmodel_overlay_init(); - secmodel_bsd44_stop(); + secmodel_suser_stop(); + secmodel_securelevel_stop(); secmodel_overlay_start(); sysctl_security_overlay_setup(sysctl_overlay_log); break;
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: jym Date: Mon Nov 28 20:57:52 UTC 2011 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: Whitespace fixes. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.