1180fa86 luporl Aug. 5, 2019, 1:22 p.m.
Instead of restoring the saved values of argc, argv and envp,
these must be loaded from the stack that _rtld() modifies.

This fixes rtld direct exec mode.
E.g.: /libexec/ld-elf.so.1 /bin/ls

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D21131
cgit ViewVC
f97a8a36 thj Aug. 5, 2019, 11:47 a.m.
Add a common test suite for the firewalls included in the base system. The test
suite allows common test infrastructure to test pf, ipfw and ipf firewalls from
test files containing the setup for all three firewalls.

Add the pass block test for pf, ipfw and ipf. The pass block test checks the
allow/deny functionality of the firewalls tested.

Submitted by:   Ahsan Barkati
Sponsored by:   Google, Inc. (GSoC 2019)
Reviewed by:    kp
Approved by:    bz (co-mentor)
MFC after:      2 weeks
Differential Revision: https://reviews.freebsd.org/D21065
cgit ViewVC
9cb1a47a bz Aug. 5, 2019, 11:01 a.m.
The hash buckets array is called ip6q.  The data structure ip6q is a
description of different object, the one the array holds these days
(since r337776).  To clear some of this confusion, rename the array
to ip6qb.

When iterating over all buckets or addressing them directly, we
use at least the variables i, hash, and bucket.  To keep the
terminology consistent use the variable name "bucket" and always
make it an uint32_t and not sometimes an int.

No functional behaviour changes intended.

MFC after:		3 months
Sponsored by:		Netflix
cgit ViewVC
c00464a2 bz Aug. 5, 2019, 9:49 a.m.
Re-order functions within the file in preparation for an upcoming
code simplification.

No functional changes.

MFC after:		3 months
Sponsored by:		Netflix
cgit ViewVC
0ece7e42 delphij Aug. 5, 2019, 6:01 a.m.
061b729f alc Aug. 5, 2019, 2:44 a.m.
Reviewed by:	markj
X-MFC after:	r350004
Differential Revision:	https://reviews.freebsd.org/D21149
cgit ViewVC
2b508385 jhibbits Aug. 5, 2019, 1:37 a.m.
The last few changes needed before 32-bit AIM builds with secure-PLT with
base GCC.  Because ofwcall32.S and swtch32.S were branching to the GOT it
could not use secure PLT.
cgit ViewVC
c144616b kevans Aug. 5, 2019, 12:08 a.m.
r348215 changed jail_getid(3) to validate passed-in jids as active jails
(as the function is documented to return -1 if the jail does not exist).
This broke the jail option (in some cases?) as the jail historically hasn't
needed to exist at the time of rule parsing; jids will get stored and later

Fix this caller to attempt to parse *av as a number first and just use it
as-is to match historical behavior. jail_getid(3) must still be used in
order for name arguments to work, but it's strictly a fallback in case we
weren't given a number.

Reported and tested by:	Ari Suutari <ari stonepile fi>
Reviewed by:	ae
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D21128
cgit ViewVC
41059019 kib Aug. 4, 2019, 9:43 p.m.
First, amd64 version of the script cannot work at least due to the
wrong architecture specification.  Second, kernel can activate shared
objects for long time, due to PIE support.

It seems the intent was to allow ld-elf.so.1 to be build and used as
an executable.  Since we have direct exec mode implemented for dso
ld-elf.so.1, the non-functional and commented out scripts can be
finally removed.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
cgit ViewVC
4eaa2fde jhibbits Aug. 4, 2019, 8 p.m.
Missed this part with my testing as well.  Pass the right type to
cgit ViewVC
4b238da6 jhibbits Aug. 4, 2019, 7:55 p.m.
The error message prints a rman_res_t, which is an uintmax_t.  Explicitly
cast, just for future-proofing, and use the correct format.
cgit ViewVC
a8373311 jhibbits Aug. 4, 2019, 7:47 p.m.
Signed char cannot compare to values above 0x7f.  Use unsigned instead.
cgit ViewVC
937a05ba jhibbits Aug. 4, 2019, 7:28 p.m.
PowerPC, and possibly other architectures, use different address ranges for
PCI space vs physical address space, which is only mapped at resource
activation time, when the BAR gets written.  The DRM kernel modules do not
activate the rman resources, soas not to waste KVA, instead only mapping
parts of the PCI memory at a time.  This introduces a
BUS_TRANSLATE_RESOURCE() method, implemented in the Open Firmware/FDT PCI
driver, to perform this necessary translation without activating the

In addition to system KPI changes, LinuxKPI is updated to handle a
big-endian host, by adding proper endian swaps to the I/O functions.

Submitted by:	mmacy
Reported by:	hselasky
Differential Revision:	https://reviews.freebsd.org/D21096
cgit ViewVC
69a277d9 jhibbits Aug. 4, 2019, 7:25 p.m.
The flag handling was committed commented out 7 years ago.  It works, and is
needed for LinuxKPI-based DRM drivers.

Also mark a local as potentially unusable, as it's only really used when KTR
is enabled.

Submitted by:	mmacy
cgit ViewVC
a1601073 cy Aug. 4, 2019, 12:47 p.m.
When the ipfilter kld is loaded, used within VNET jail, and unloaded,
then subsequent loading, use, and unloading of another packet filters
will cause the subsequently loaded netpfil kld's to panic.

The scenario is as follows:

cd /usr/tests/sys/netpfil/common

kldunload ipl
kldunload pfsync
kldunload ipfw

kyua test pass_block

kldload ipl
kyua test pass_block
kldunload ipl

kldload pfsync
kyua test pass_block
kldunload pfsync
-- page fault panic occurs here --

Reported by:	"Ahsan Barkati" <ahsanbarkati@g.....com> via kp@
Discussed with:	kp@
Tested by:	kp@
MFC after:	3 days
cgit ViewVC