It looks Linux recvmsg allows msg_controllen size less then CMSG_SPACE
buffer, at least for case with one cmsghdr. Glibc misc/tst-scm_rights
test succed on Ubuntu 23.04
Fixes: 67116c69 "linux(4): Fix control message size calculation"
MFC after: 1 week
Windows requires a physical presence interface to recognize the TPM
device. Qemu's OVMF has an implementation for the PPI which can be
reused. Using the Qemu PPI makes it very easy because we don't have to
implement new PPI functionality into our OVMF. The Qemu implementation
is already there.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D40462
Richard Lowe notes in PR 170267 IXGBE_LE32_TO_CPUS was previously
directly defined as le32dec() which is a pure function but the shared
code is expecting an in place conversion.
In SVN r282289 its assignment was removed altogether.
There was some deliberation in the PR on what to define this as, we
just need to do the update in place which is easy enough.
The uintptr_t casts in the shared code were from a DPDK sync and are
unwanted with our new ixgbe_osdep.h implementation.
PR: 170267
Reported by: Richard Lowe <richlowe@richlowe.net>
MFC after: 1 week
If there is a compatible string it likely means that the firmware needs
a dedicated driver (like on RPI*).
PR: 273087
Tested-by: Mark Millard <marklmi26-fbsd@yahoo.com>
Sponsored by: Beckhoff Automation GmbH & Co. KG
Fixes: fdfd3a90b6 ("ofw: Add a ofw_firmware driver")
These configuration headers were only guessed, but unfortunately not exactly
correctly. Therefore, re-generate them on real HW.
Generated on CA15, verified on CA9, CA7(with VFP lite) and on 32-bit ARMv9.
PR: 272229
Reported by: Robert Clausecker <fuz@FreeBSD.org>
MFC after: 2 weeks
Highlights:
- Some style fixes
- Bumped mbbuf in istrsenvisx() to MB_LEN_MAX to avoid VLAs
- mbslength cannot go negative, so make it unsigned
- Further bounds checking & fix an additional overrun, with dlen == 0
- Avoid duplicate call to wcslen(start)
On 64bit, there is a 4-byte hole in struct vdso_timekeep32 after
tk_current, if the structure is not packed. This is due to the MD
th_x86_pvc_last_systime being 64bit.
Change amd64 VDSO_TIMEHANDS_MD32 to not use uint64_t, replace it with
pair of uint32_t, as it is done for all other members.
PR: 273085
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
A UFS/FFS snapshot file is identified with the SF_SNAPSHOT
flag to identify it as a snapshot. This flag needs to be
set before setting some of its block pointers to the special
values BLK_SNAP and BLK_NOCOPY. If the snapshot creation fails
and we call VOP_REMOVE(), the SF_SNAPSHOT flag will let the
remove routine know that the special block pointer values need
to be rolled back before attempting deletion of the file.
Also ensure that an fsck is required after setting superblock
values in the ffs_checkcgintegrity() routine.
Reported-by: Peter Holm
Tested-by: Peter Holm
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
vlan_capabilities(), used by the IFCAP ioctl, was not respecting the
IFCAP_LRO bit if it was masked by the requestor.
This prevented if_bridge(4) from automasking LRO with a message like:
bridge0: can't disable some capabilities on em3.11: 0x400
This also prevented manually disabling LRO from any vlan interface.
PR: 254596
Reported by: Paul Vixie <paul@redbarn.org>
MFC after: 1 week
This reverts commit 5f11a33cee.
As requested by Kevin Bowling. He explains:
> The subtle bug was that vlan_capabilities() in if_vlan was not obeying
> the requested mask from its IFCAP ioctl.
Also, rename min_addr to default_addr, which better reflects what it
represents. The min_addr is not a minimum address in the same way that
max_addr is actually a maximum address that can be allocated. For
example, a non-zero hint can be less than min_addr and be allocated.
Reported by: dchagin
Reviewed by: dchagin, kib, markj
Fixes: d8e6f4946c "vm: Fix anonymous memory clustering under ASLR"
Differential Revision: https://reviews.freebsd.org/D41397
From the Linux man page for mprotect(2):
PROT_GROWSDOWN
Apply the protection mode down to the beginning of a mapping
that grows downward (which should be a stack segment or a
segment mapped with the MAP_GROWSDOWN flag set).
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
which requests to propagate lowest stack segment protection to the grow gap.
This seems to be required for Linux emulation.
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
mprotect(2) on the stack region needs to adjust guard stored protection,
so that e.g. enable executing on stack worked properly on stack growth.
Reported by: dchagin
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Restructure the first phase slightly, to facilitate further changes.
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Do not assume that protection is same as max_protection. Store both in
offset, packed in the same way as the prot syscall parameter.
Reviewed by: alc, markj (previous version)
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
The function returns the newly created entry.
Use vm_map_insert1() in stack grow code to avoid gap entry re-lookup.
The comment update for vm_map_try_merge_entries() was suggested by dougm.
Suggested by: alc
Reviewed by: alc, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Only a part of the object may be mapped.
Noted by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D41099
Now that we no longer support armv[45] devices, these tests can be
simplified. While here, update the comment to reflect which rpi devices
we support. It's been way more thant he Pi-B for a long time.
Sponsored by: Netflix
If the parent interface is not a bridge and can do LRO and
checksum offloading on VLANs, then guess it may do LRO on VLANs.
False positive here cost nothing, while false negative may lead
to some confusions. According to Wikipedia:
"LRO should not operate on machines acting as routers, as it breaks
the end-to-end principle and can significantly impact performance."
The same reasoning applies to machines acting as bridges.
PR: 254596
MFC after: 3 weeks
This makes it possible to install kerberos-lib (which is used by common
utilities such as curl) without pulling in the rest of kerberos.
MFC after: 1 week
If the host doesn't announce VIRTIO_NET_F_CTRL_RX we cannot disable all
multicast traffic. Previously we'd refuse to set the IFF_ALLMULTI flag,
which is the exact opposite of what is actually happening.
This broke things such as igmpproxy.
See also: https://redmine.pfsense.org/issues/14301
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41356
If a UFS/FFS filesystem develops a broken cylinder group (which is
usually detected when its check hash fails), that cylinder group
will not be usable until the filesystem has been unmounted and fsck
has been run to repair it. On the first attempt to to allocate
resources from the broken cylinder group, its available resources
are set to zero in the superblock summary information. Since it
will appear to have no resources available, no further calls will
be made to allocate resources from it. When resources are freed to
the broken cylinder group, the resource free routines will find the
cylinder group unusable so the resource will simply be discarded
and thus will not show up in the superblock summary information
until they are recovered by fsck.
Reported-by: Peter Holm
Tested-by: Peter Holm
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Rename to ffs_checkfreeblk() to better describe that it is checking
to find out if a block or fragment is free. Clarify its implementation.
No functional change intended.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
This creates an appropriate symlink instead of a potentially incorrect
path pointing to the absolute path for cpuset(8) on the host.
MFC after: 2 weeks
MFC with: f05948d4e9
Requested by: imp
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D41419
The panic stack looks like this:
panic: _sx_xlock_hard: recursed on non-recursive sx MANA port lock
@ /usr/src/sys/dev/mana/mana_en.c:1022
KDB: stack backtrace:
vpanic() at vpanic+0x150/frame 0xfffffe011b3c1970
panic() at panic+0x43/frame 0xfffffe011b3c19d0
_sx_xlock_hard() at _sx_xlock_hard+0x82d/frame 0xfffffe011b3c1a70
_sx_xlock() at _sx_xlock+0xb0/frame 0xfffffe011b3c1ab0
mana_cfg_vport() at mana_cfg_vport+0x79/frame 0xfffffe011b3c1b40
mana_alloc_queues() at mana_alloc_queues+0x3b/frame 0xfffffe011b3c1c50
mana_up() at mana_up+0x40/frame 0xfffffe011b3c1c70
mana_ioctl() at mana_ioctl+0x25b/frame 0xfffffe011b3c1cb0
ifhwioctl() at ifhwioctl+0xd11/frame 0xfffffe011b3c1db0
hn_xpnt_vf_init() at hn_xpnt_vf_init+0x15f/frame 0xfffffe011b3c1e10
The lock has already been held in the caller. Remove this
redundant lock attempt.
Reported by: NetApp
Sponsored by: Microsoft
Excerpts from the release notes:
* ssh-agent(1): PKCS#11 modules must now be specified by their full
paths. Previously dlopen(3) could search for them in system
library directories.
* ssh(1): allow forwarding Unix Domain sockets via ssh -W.
* ssh(1): add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
* ssh(1): add a "match localnetwork" predicate. This allows matching
on the addresses of available network interfaces and may be used to
vary the effective client configuration based on network location.
* ssh-agent(1): improve isolation between loaded PKCS#11 modules
by running separate ssh-pkcs11-helpers for each loaded provider.
* ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
modules being loaded by checking that the requested module
contains the required symbol before loading it.
* ssh(1): don't incorrectly disable hostname canonicalization when
CanonicalizeHostname=yes and ProxyJump was expicitly set to
"none". bz3567
Full release notes at https://www.openssh.com/txt/release-9.4
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Fix a boot-time panic in qcom_mdio_ipq4018 due to a missing bus function
and hook the file up to the build so that it will not rot away.
Test booted on an ipq807x in 2022.
X-Differential Revision: extracted from D37882
The ffs_inotovp() function returns a vnode from a mounted filesystem
for an inode number with specified generation number. We now
consistently return ESTALE if the inode with given generation number
no longer exists on that filesystem.
The ffs_reload() function reloads all incore data for a filesystem.
It is used after running fsck on a mounted filesystem and finding
things to fix. It now returns the EINTEGRITY error if it is unable
to find a valid superblock.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Summary:
This change moves /usr/bin/cpuset to /bin/cpuset so it is more readily
available on hosts where the /usr partition might not be mounted at the
time / has been mounted.
Remove some complexity from rc.subr(8) since /bin is assumed to always
be present if/when / is mounted.
MFC after: 2 weeks
MFC with: 0661f93892, 271d552379af
Test Plan:
- Test out rc.subr change.
- Confirm that the installation logic does what's needed.
Relnotes: yes (moving cpuset may impact strict file permissions/mode checking)
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40057
