The tcp_tun_port field that is used to pass port value between UDP
and TCP in case of tunneling is a generic field that used to pass
data between network layers. It can be contaminated on entry, e.g.
by a VLAN tag set by a NIC driver. Explicily set it, so that it
is zeroed out in a normal not-tunneled TCP. If it contains garbage,
tcp_twcheck() later can enter wrong block of code and treat the packet
as incorrectly tunneled one. On main and stable/14 that will end up
with sending incorrect responses, but on stable/13 with ipfw(8) and
pcb-matching rules it may end up in a panic.
This is a minimal conservative patch to be merged to stable branches.
Later we may redesign this.
PR: 275169
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D43065
Although the HPTS subsytem wasn't initially designed as a loadable
module, now it is so. Make it possible to also unload it, but for
safety reasons hide that under 'kldunload -f'.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D43092
Remove the global cts_last_ran and use already existing unused field of
struct tcp_hptsi, which seems originally planned to hold this table. This
makes it consistent with other malloc-ed tables, like main array of HPTS
entities and CPU groups.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D43091
Python test scripts get processed (to add the `#! /usr/libexec/
atf_pytest_wrapper` shebang line), into a .xtmp file, and installed from
there. However, as there was no dependency of this .xtmp file on the
original file we kept reinstalling the .xtmp file, even if the original
had been edited already.
This could cause great confusion when debugging python test scripts.
Reviewed by: markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43118
The tmpfs memory reserve defaulted to 4 MB, and other than that,
all of available memory + swap could be allocated to tmpfs files.
This was dangerous, as the page daemon attempts to keep some memory
free, using up swap, and then resulting in processes being killed.
Increase the reserve to a fraction of available memory + swap at
file system startup time. The limit is expressed as a percentage
of available memory + swap that can be used, and defaults to 95%.
The percentage can be changed via the vfs.tmpfs.memory_percent sysctl,
recomputing the reserve with the new percentage but the initial
available memory + swap. Note that the reserve can also be set
directly with an existing sysctl, ignoring the percentage. The
previous behavior can be specified by setting vfs.tmpfs.memory_percent
to 100.
Add sysctl for vfs.tmpfs.memory_percent and the pre-existing
vfs.tmpfs.memory_reserved to tmpfs(5).
PR: 275436
MFC after: 1 month
Reviewed by: rgrimes
Differential Revision: https://reviews.freebsd.org/D43011
tmpfs enforced the file system size limit on writes for file systems
with a specified size, but not when the size was the default. Add
enforcement when the size is default: do not allocate additional
pages if the available memory + swap falls to the reserve level.
Note, enforcement is also done when attempting to create a file,
both with and without an explicit file system size.
PR: 275436
MFC after: 1 month
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D43010
In preparation for annotating copyin() and related functions with
__result_use_check.
Reviewed by: bz, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43095
Implement ieee80211_handle_wake_tx_queue() and ieee80211_tx_dequeue_ni()
while looking at the code. They are needed by various wireless drivers.
Introduce an ltxq lock and protect the skbq by that.
This prevents panics due to a race between a driver upcall and
the net80211 tx downcall. While the former should be rcu protected we
cannot rely on that.
It remains questionable if we need to protect further fields there
(with a different lock?).
Also introduce a txq_mtx on the lhw which needs to be further deployed
but we need to come up with a good strategy to not end up with 7 different
locks.
Sponsored by: The FreeBSD Foundation
PR: 274178, 275710
Tested by: cc
MFC after: 3 days
Do not clear knotes from the TTY until it gets dealloc'ed, unless the
TTY is being revoked, in that case delete the knotes when closed is
called on the TTY.
When knotes are cleared from a knlist, those knotes become detached from
the knlist. And when an event is triggered on a detached knote there
isn't an associated knlist and therefore no lock will be taken when the
event is triggered.
This becomes a problem when a detached knote is triggered on a TTY since
the mutex for a TTY is also used as the lock for its knlists. This
scenario ends up calling the TTY event handlers without the TTY lock
being held and tripping on asserts in the event handlers.
PR: 272151
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D41605
struct nvme_hmb_desc contains a pad field which was not getting
initialized before being synced. This doesn't have much consequence but
triggers a report from KMSAN, which verifies that host-filled DMA memory
is initialized before it is made visible to the device. So, let's just
initialize it properly.
Reported by: KMSAN
Reviewed by: mav, imp
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43090
Rename SYSTRAP() macro to _SYSCALL() and add _SYSCALL_BODY() which invokes
the syscall via _SYCALL() and then calls cerror as required. Use to
implement PSEUDO() and RSYSCALL() removing _SYSCALL_NOERROR().
Reviewed by: imp
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43061
The last use was removed in 2018 as part of a reimplementation of brk()
and sbrk() in commit 9d9fd255d6.
Reviewed by: imp
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43060
Add a _SYSCALL(name) which calls the SYS_name syscall. Use it to add a
_SYSCALL_BODY() macro which invokes the syscall and calls cerror as
required. Use the latter to implement PSEUDO() and RSYSCALL().
Reviewed by: imp, markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43059
Add _SYSCALL_BODY() macro which invokes the syscall via _SYCALL() and
calls cerror as required. Use to implement PSEUDO() and RSYSCALL().
Reviewed by: imp, markj
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D43057
knlist_clear() does not free knotes and so does not call fdrop(), so
remove the bit of the function description which claims otherwise. (The
knote will be dropped by the next queue scan, and it is at that point
that the fd reference will be dropped.)
MFC after: 1 week
Report the entire path to the device, rather than the the bit after /dev/
for the --esp command. Nothing in the tree depends on the output
format: Only bsdinstall's bootconfig script calls efibootmgr, and it
doesn't use the --esp/-E flag.
Sponsored by: Netflix
-e env will include `env` in the boot loader. Document that the boot
loader appends the `env` to the BootXXXX variable, and will parse it as
a series of a=b values to set in the boot loader's environment. These
assignments are separated by spaces. The env arg needs to be quoted if
more than one env var is to be set (we parse only the next argument on
the command line).
Sponsored by: Netflix
This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.
Full details of the extension are in the PROTOCOL file.
OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
Approved by: so (implicit)
Obtained from: https://anongit.mindrot.org/openssh.git/patch/?id=1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
Security: CVE-2023-48795
We don't support it, so there's no need to tell readers what would
happen if we did. Also, don't remind the user that a certain field is
ignored by aio_read. Mentioning every ignored field would make the man
pages too verbose.
MFC after: 1 week
Sponsored by: Axcient
Reviewed by: Pau Amma <pauamma@gundo.com>
Differential Revision: https://reviews.freebsd.org/D42622
Include files that don't begin with a '/' are documented to search the
current directory, then /usr/share/calendar. This hasn't been accurate
for years, since e061f95e7b ("Rework calendar(1) parser") rewrote a
lot of this.
Stash off the cwd before we do any chdir()ing around and use that to
honor the same order we'll follow for the -f flag. This may result in
an extra lookup that will fail for the initial calendar file, but I
don't think it's worth the complexity to avoid it.
While we're here, fix the documentation to just reference the order
described in FILES so that we only need to keep it up to date in one
place.
Reviewed by: bapt
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D42278
Have a simple Gilbert-Elliott channel model in
dummynet to mimick correlated loss behavior of
realistic environments. This allows simpler testing
of burst-loss environments.
Reviewed By: tuexen, kp, pauamma_gundo.com, #manpages
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42980
Since TCPHPTS is now included in the GENERIC kernel, remove the
documented dependency of it from the tcp_rack(4) and tcp_bbr(4)
manual pages.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D43084
PR#15634 removes 128K into 2x68K LWB split optimization, since it
was found to cause LWB buffer overflow while trying to write 128KB
TX_CLONE_RANGE record with 1022 block pointers into 68KB buffer,
with multiple VDEVs ZIL.
This commit adds a test for this particular scenario by writing
maximum sizes TX_CLONE_RANE record with 1022 block pointers into
68KB buffer, with two SLOG devices.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Ameer Hamza <ahamza@ixsystems.com>
Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
Closes#15672
If the ffs_write() operation specified to overwrite the whole buffer,
ffs tries to save the read by not validating allocated buffer. Then
uiommove() might fail with EFAULT, in which case pages are left zeroed
and marked valid but not read from the disk. Then vn_io_fault() logic
retries the write after holding the user pages to avoid EFAULTs. In
erronous case of really faulty buffer, or in contrived case of writing
from file to itself, we are left with zeroed buffer instead of valid
content written back to disk.
Handle the situation by releasing non-cached buffer on fault, instead
of clearing it. Note that buffers with alive dependencies cannot be
released, but also either they cannot have valid content on the disk
because dependency on data buffer means that it was not yet written, or
they were reallocated by fragment extension or ffs_reallocbks(), and are
already fully valid.
Reported by: kevans
Discussed with: mav
In collaboration with: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Allow the cloudware *_FLAVOURS and *_FSLIST values to be overridden
at the command line, to assist users who want to e.g. build only one
of the many EC2 AMIs available.
When ZFS overwrites a whole block, it does not bother to read the
old content from disk. It is a good optimization, but if the buffer
fill fails due to page fault or something else, the buffer ends up
corrupted, neither keeping old content, nor getting the new one.
On FreeBSD this is additionally complicated by page faults being
blocked by VFS layer, always returning EFAULT on attempt to write
from mmap()'ed but not yet cached address range. Normally it is
not a big problem, since after original failure VFS will retry the
write after reading the required data. The problem becomes worse
in specific case when somebody tries to write into a file its own
mmap()'ed content from the same location. In that situation the
only copy of the data is getting corrupted on the page fault and
the following retries only fixate the status quo. Block cloning
makes this issue easier to reproduce, since it does not read the
old data, unlike traditional file copy, that may work by chance.
This patch provides the fill status to dmu_buf_fill_done(), that
in case of error can destroy the corrupted buffer as if no write
happened. One more complication in case of block cloning is that
if error is possible during fill, dmu_buf_will_fill() must read
the data via fall-back to dmu_buf_will_dirty(). It is required
to allow in case of error restoring the buffer to a state after
the cloning, not not before it, that would happen if we just call
dbuf_undirty().
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Rob Norris <robn@despairlabs.com>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes#15665
Alas, ARM declared xen_ulong_t to be 64-bits long, unlike i386 where
it matches the word size. As a result, compatibility wrappers are
needed for Xen atomic operations.
Reviewed by: royger
These are in fact GPLv2 when distributed with the Linux kernel, but the
license also allows MIT if distributed separately. Add the markers to
avoid interference by automated tools.
Differential Revision: https://reviews.freebsd.org/D32796
Reviewed by: royger
Notable upstream pull request merges:
#15643a9b937e06 For db_marker inherit the db pointer for AVL comparision
#15644e53e60c0b DMU: Fix lock leak on dbuf_hold() error
#1565386063d903 dbuf: Handle arcbuf assignment after block cloning
#1565686e115e21 dbuf: Set dr_data when unoverriding after clone
Obtained from: OpenZFS
OpenZFS commit: 86e115e21e
When we release a multicast address (e.g. on interface shutdown) we may
still have packets queued in inm_scq. We have to free those, or we'll
leak memory.
Reviewed by: glebius
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43033