This simplifies the code slightly, and brings us closer to the OpenBSD code.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46707
Reduces code and fixes a bunch of bugs with fragment handling not being in sync
with the rest of the ruleset.
Much feedback from mpf, bluhm & markus
Thanks to Tony Sarendal for help with testing
ok bluhm; various previous versions ok henning, claudio, mpf, markus
Note that while this changes the order of src addr/src port/dst addr/dst port
skips this doesn't actually affect the kernel/userspace ABI. The kernel always
recalculates skip steps. As a result we have to fix one of the pfctl parser
tests. Note that this is an order change that does not affect what packets are
acceppted or dropped.
Obtained from: OpenBSD, mcbride <mcbride@openbsd.org>, 04c69899a7
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46705
nfsrv_freeopen() was being called after the mutex
lock was released, making it possible for other
kernel threads to change the lists while nfsrv_freeopen()
took the nfsstateid out of the lists.
This patch moves the code around
"if (nfsrv_freeopen(stp, vp, 1 p) == 0) {"
into nfsrv_freeopen(), so that it can remove the nfsstateid
structure from all lists before unlocking the mutex.
This should avoid any race between CLOSE and other nfsd threads
updating the NFSv4 state.
The patch does not affect semantics when vfs.nfsd.enable_locallocks=0.
PR: 280978
Tested by: Matthew L. Dailey <matthew.l.dailey@dartmouth.edu>
MFC after: 1 week
This changeset started two years ago, but the entry was not tweaked upon
final commit to reflect reality.
Fixes: e7a629c851 ("libmd, kern, stand: consolidate md5 [...]")
Visibility can get complicated when, e.g., ifuncs are involved. In
particular, SHA256/SHA512 on aarch64 use ifuncs for their _Transform
implementations, which then exposes global symbols of the same name that
break things trying to statically link both libcrypto and libmd.
Revert this part of the _Transform removal to fix the pkg-static build
on aarch64.
Fixes: 81de655acd ("libmd: stop exporting Transform() symbols")
They all were experimental and some comments refer to internal Netflix
versions. There is not reason to leak that into the header. Style unused
options so that they have the available value aligned with really used
values.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D46779
When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero,
an mbuf would be leaked when processing a SYN-segment containing an
IPv4 strict or loose source routing option, when the on-stack
syncache entry is used or there is an error related to processing
TCP MD5 options.
Fix this by freeing the mbuf whenever an error occurred or the
on-stack syncache entry is used.
Reviewed by: markj, rscheff
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46839
In chroot mode tzsetup prepended the chroot path to the symlink target,
which is not correct. Use the same path for the symlink regardless of
chroot mode.
PR: 281332
Reported by: scf, Herbert J. Skuhra
Reviewed by: olce
Fixes: 5e16809c95 ("tzsetup: symlink /etc/localtime instead of co...")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46725
Use explicit atomic load/store operations for all producer and consumer
head and tail accesses. This allows us to remove the volatile
annotation from these variables.
Reviewed by: alc, imp, kib, markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46380
Add a threaded test for buf_ring.h used to help find issues with it on
architectures with a weak memory order.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46158
Check enqueue works correctly when the offsets overflow
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46156
Add a simple test for sys/buf_ring.h. This enqueues and dequeues items
in the buf_ring to ensure the simple operations are correct.
There are no checks for multiple threads operating on buf_ring_enqueue
or buf_ring_dequeue_mc as they can be probabilistic and depend on the
architecture memory model.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46147
When the FreeBSD/arm64 port was created we only supported FDT. We now
also support ACPI, and have for many years. When this support was
added we kept FDT as the default.
There are some setups where both ACPI tables and a FDT DTB are passed
into the kernel. In most of these cases the DTB is only used to pass
in minimal information.
To handle the cases where both are passed in prefer ACPI over FDT.
Reviewed by: bz, imp, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D46750
Report when SVE is present and allow it to be used by calling
sve_restore_state on an SVE exception from userspace.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43310
As with floating point instructions don't trap SVE instructions to the
hypervisor. This lets us handle then in the kernel.
Reviewed by: imp (earlier version)
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43303
Add the NT_ARM_SVE note type and use it to access the SVE registers
from ptrace. This allows userspace to modify the full SVE register
values.
Try to follow the Linux semantics to allow debuggers to use this with
minimal changes.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43309
To allow for user space to read the SVE vector length add a sysarch
handler to return the value to userspace.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43308
Use the new extended register support in the arm64 signal frame to
handle the SVE registers.
As these registers alias the VFP registers we use the floating point
register values to restore the lower bits of the SVE registers. This
is to support software that doesn't understand SVE to continue working.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43307
Add initial kernel support for SVE. This detects if SVE is present on
all CPUs, and if so allows for the use of SVE in the future.
As the SVE registers are a superset of the VFP registers we don't need
to restore the VFP registers when SVE is enabled.
Ths interface to enable SVE is provided, but not used until SVE is
supported in signals and with ptrace.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D43306
The program copies an input buffer to an output buffer without verifying
that the size of the input buffer is less than the size of the output
buffer, leading to a buffer overflow.
Inside the function pci_vtcon_control_send, the length of the iov buffer
is not validated before copy of the payload.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-19
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46105
Split pf_map_addr() into 2 functions:
- pf_map_addr() handles just the address mapping algorithms, it is used
in pf_route() and pf_route6() in case of stateless route-to, where
source nodes would never be created
- pf_map_addr_sn() handles source nodes and calls pf_map_addr() for
address mapping algorightms, it is used everywhere else, like NAT
rules, which are always stateful
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D46776
- Provide a sys/md4.h in the cross-build environment to fix bootstrap
of libmd.
- flua now exposes WTRAPPED which isn't incredibly common- make it
conditional, we probably won't be using it in any bootstrap context
any time soon.
Fixes: 442e0975ee ("Consolidate md4 implementations written in C")
Fixes: c2caf3b331 ("flua: posix: add more useful functions [...]")
unistd:
- _exit
- close
- fork
- getpid
- pipe
- read
- write
libgen:
- basename, dirname
stdlib:
- realpath
These are sufficient for a number of real world scenarios. In our first
application of them, we use the libgen+stdlib additions to grab the
script dir based on argv[0]. The unistd assortment is then used to
outsource a bunch of work to forks and report back to the main process.
Reviewed by: emaste, imp
Differential Revision: https://reviews.freebsd.org/D39083
These are reportedly likely to be specific to SSLeay's implementation
and likely not needed here. At the very least they shouldn't be used
by consumers, so let's kick them out now while we're already prepared
for a libmd soversion bump.
Requested by: delphij, fuz
They're not documented in libmd and we don't have any consumers. It's
problematic to keep them exported, as we don't currently export their
implementations. Make them all private.
PR: 280784 (exp-run)
Reviewed by: fuz
Differential Revision: https://reviews.freebsd.org/D34503
The drivers just had a small issue, passing a literal string as
non-const. Fix it and lift WARNS.
PR: 280784 (exp-run)
Reviewed by: delphij, emaste
Differential Revision: https://reviews.freebsd.org/D34501
Make us a little less reliant on individuals running the tests, we'll
start running them as part of CI.
PR: 280784 (exp-run)
Reviewed by: delphij
Differential Revision: https://reviews.freebsd.org/D34500
The primary benefit sought is exporting _libmd_* symbols in a private
namespace, and avoiding export of some other implementation details that
are shared amongst TUs.
PR: 280784 (exp-run)
Reviewed by: fuz
Differential Revision: https://reviews.freebsd.org/D34499
These are needed across compilation units so we can keep the _libmd_
prefixing bits (though I suspect we're not likely to collide), but we
don't need to be exporting the unprefixed versions of these; it's an
implementation detail.
PR: 280784 (exp-run)
Reviewed by: delphij, fuz
Differential Revision: https://reviews.freebsd.org/D34498
Reduce the number of md5c.c between the three of these from two to one
by just reaching into the kernel build for both userland builds. The
precedent for this already exists for sha2 in both cases.
_libmd_ symbol privatization bits have been moved to sys/md5.h and
md5.h remains to #include <sys/md5.h> for compatibility.
This stops exporting MD5Pad() in the process because the kernel stopped
exporting it in 502a35d60f. soversion is bumped accordingly.
This also renames the libc version of stack_protector.c; it previously
only worked by coincidence because .PATH ordering worked out such that
we got the right one, but this is not the case anymore. Remove the
landmine.
PR: 280784 (exp-run)
Reviewed by: allanjude, delphij
Differential Revision: https://reviews.freebsd.org/D34497
* Disable IFCAP_TOE automatically on all ifnets on all adapters during
unload. This is user-friendly and avoids panics due to stale ifnet
state after t4_tom is unloaded.
* Do not allow unload if tids are in use by the TOE on any adapter.
Reported by: Bimal Abraham @ Chelsio
MFC after: 1 week
Sponsored by: Chelsio Communications
Synchronize the error handling in nfsd. If you check other error
handlings in those same condition blocks, it uses nfsd_exit instead,
which will call killchildren() and call the rpcbind service to do
the service un-mapping.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46442
Replace calls to pctrie lookup and remove functions, which always
begin with a search from the pctrie root, with the use of pctrie
iterators to traverse and remove items from the pctrie of swapblks
without duplicating searches. Take care to reset iterators after
reacquiring an object lock, since with the lock released they could be
invalidated.
Reviewed by: alc, markj, kib
Tested by: pho (previous versions)
Differential Revision: https://reviews.freebsd.org/D46620
This chipset suffered an (un)usual number of bugs and iterations. Let's
add our NVM/firmware code from e1000 and the similar igc_nvm function
from DPDK to keep track of issues.
MFC after: 1 week
Sponsored by: BBOX.io
igc, derived from igb, does not use these registers. All interrupt
timing is governed by EITR or LLI and driven by write-back.
MFC after: 1 week
Sponsored by: BBOX.io
This reverts commit 9792c7d3eb.
The email thread "panic: nfsv4root ref cnt cpuid=1"
on freebsd-fs@freebsd.org descibes
crashes that occurred for a NFSv4.1 client mount
using "oneopenown" where the same file is re-opened
many times by different processes.
The crashes appear to have been caused by the use
of the Lookup+Open RPC (which only happens for
mounts using the "oneopenown" option).
There appears to be a race between closure of the
open and the open acquired by the Lookup+Open RPC.
Since Lookup+Open RPCs are only an optimization
and can only be done for "oneopenown" at this time,
this patch reverts enabling of them.
It may be possible to fix the code so that
Lookup+Open works reliably, so the code is left
in place (although it will never be executed) for now.
Reported by: J David <j.david.lists@gmail.com>
MFC after: 2 weeks
Replace the use of page lookups and page next pointers in swap_pager.c
with vm_page iterators.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46704