RFC 3414 Section 4. Discovery specifies that a discovery request message has a
varBindList left empty. Nonetheless, bsnmpd(1) should not crash when receiving
a non-zero var-bindings list in a Discovery Request message.
PR: 255214
MFC after: 2 weeks
The previous update to handle the gicv2m as a child of the gicv3 driver
assumed there was only a single gicv2m child. On some hardware there
are multiple children. Support this by removing the mbi ivars and
adding a new interface to handle MSI allocation in a given range.
Tested by: mw, trasz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32224
When writing to memory on arm64 we may be trying to be accessing a
read-only page. In this case try to access via the DMAP region to
get a writable location.
While here simplify writing data in DDB and stop trashing the size as
it is passed into the cache handling functions.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32053
When printing arm64 registers because of an exception in the kernel
also print the symbol and offset. This can be used to track down why
the exception occured without needing external tools.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32077
Use correct devclass name, due to the mismatch miibus would attach
to the wrong thing causing mii_attach to silently fail.
Fixes: dfcaa2c18b (enetc_mdio: Support building the driver ...)
Having it included confuses KOBJOPLOOKUP resulting in kobj_error_method
being called instead of a devmethod from the switch driver.
That in turn returns ENXIO which was treated as a pointer and
dereferenced by etherswitch ioctl logic causing the kernel to panic.
Fixes: b542c9e42b (modules: felix: Add needed dependencies)
It was missed during the conversion of kernel configs.
Although the driver is already built as a kernel module we might
want to have it built-in for diskless booting and such.
We'd likely be better served by converting these to the equivalent mem*
calls, but just kill the knob for now. The b* macros being defined get
in the way of _FORTIFY_SOURCE.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D32235
NOTE_ABSTIME values are converted to values relative to boottime in
filt_timervalidate(), and negative values are currently rejected. We
don't reject times in the past in general, so clamp this up to 0 as
needed such that the timer fires immediately rather than imposing what
looks like an arbitrary restriction.
Another possible scenario is that the system clock had to be adjusted
by ~minutes or ~hours and we have less than that in terms of uptime,
making a reasonable short-timeout suddenly invalid. Firing it is still
a valid choice in this scenario so that applications can at least
expect a consistent behavior.
Reviewed by: kib, markj
Discussed with: allanjude
Differential Revision: https://reviews.freebsd.org/D32230
Booting on an EC2 c5.xlarge instance, this reduces the number of I/Os
performed from 609 to 432, reduces the total number of blocks read
from 61963 to 60797, and reduces the time spent in the loader by 39 ms.
Note that b4cb3fe0e3 allowed the bcache to be retained for most of
the boot process, but relies on mounting filesystems; this commit
allows the bcache to be retained at the start of the boot process,
before the root filesystem has been located.
Reviewed by: imp, tsoome
MFC after: 1 week
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D32239
These aren't a part of or use libjail(3), but rather are direct
syscalls. Still, they seem like good additions, allowing us to attach
to already-running jails.
Reviewed by: freqlabs
Differential Revision: https://reviews.freebsd.org/D26927
This is implemented as an iterator, reusing parts of the earlier logic
to populate jailparams from a passed in table.
The user may request any number of parameters to pull in while we're
searching, but we'll force jid and name to appear at a minimum.
Reviewed by: freqlabs
Differential Revision: https://reviews.freebsd.org/D26756
Match the PCI simple comm devices (or try to). Be conservative and use
legacy interrupts rather than msi messages by default for this 'catch
all' since it matches what Linux does (it has opt-in generally for MSI,
but also matches more devices because it does a catch-all like
implemented in this commit).
Sponsored by: Netflix
Reviewed by: kbowling
Differential Revision: https://reviews.freebsd.org/D32228
Some setups claim to have one MSI, but they don't actually work. Allow
these to be flagged.
Sponsored by: Netflix
Reviewed by: kbowling
Differential Revision: https://reviews.freebsd.org/D32229
Previously mgb_admin_intr printed a diagnostic message if no interrupt
status bits were set, but it's not valid to call device_printf() from a
filter. Just drop the message as it has no user-facing value.
Also return FILTER_STRAY in this case - there is nothing further for
the driver to do.
Reviewed by: kbowling
MFC after: 1 week
Fixes: 8890ab7758 ("Introduce if_mgb driver...")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32231
No longer accept plaintext A-MSDU frames that start with an RFC1042
header with EtherType EAPOL. This is done by only accepting EAPOL
packets that are included in non-aggregated 802.11 frames.
Note that before this patch, FreeBSD also only accepted EAPOL frames
that are sent in a non-aggregated 802.11 frame due to bugs in
processing EAPOL packets inside A-MSDUs. In other words,
compatibility with legitimate devices remains the same.
This relates to section 6.5 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.
Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26144
PR: 256120
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D30665
Mitigate A-MSDU injection attacks by detecting if the destination address
of a subframe equals an RFC1042 (i.e., LLC/SNAP) header, and if so
dropping the complete A-MSDU frame. This mitigates known attacks,
although new (unknown) aggregation-based attacks may remain possible.
This defense works because in A-MSDU aggregation injection attacks, a
normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
header. In other words, the destination MAC address of the first A-MSDU
subframe contains the start of an RFC1042 header during an aggregation
attack. We can detect this and thereby prevent this specific attack.
This relates to section 7.2 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.
Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-24588
PR: 256119
Differential Revision: https://reviews.freebsd.org/D30664
ieee80211_defrag() accepts fragmented 802.11 frames in a protected Wi-Fi
network even when some of the fragments are not encrypted.
Track whether the fragments are encrypted or not and only accept
successive ones if they match the state of the first fragment.
This relates to section 6.3 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.
Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26147
PR: 256118
Differential Revision: https://reviews.freebsd.org/D30663
Make it mostly compatible with what's defined for Intel. Except where
noted, these are defined for all of amdzen(1|2|3).
Reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32162
Looking for "tsc-tsc" in the pmu tables will fail every time. Instead,
make this an alias for the static TSC event defined in pmc_events.h.
This fixes 'pmcstat -s cycles' on Intel and AMD.
Reviewed by: emaste
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32197
The code would incorrectly use curthread instead of the target proc to
resolve vnodes.
Fixes: 8d03b99b9d ("fd: move vnodes out of filedesc into a dedicated structure")
PR: 258729
Noted by: Damjan Jovanovic <damjan.jov@gmail.com>
Issue: Devices wont go away after the link down.
Device lost timer functionality in ocs_fc is broken,
`is_target` flag is not set in the target database and target delete is skipped.
Fix: Remove unused flags and delete the device when timer expires.
Reported by: ken@kdm.org
Reviewed by: mav, ken
Proper error recovery depends on freezing the device queue when an
error occurs, so we can recover from an error before sending
additional commands.
The ocs_fc(4) driver was not freezing the device queue for most
SCSI errors, and that broke error recovery.
sys/dev/ocs_fc/ocs_cam.c:
In ocs_scsi_initiator_io_cb(), freeze the device queue if
we're passing back status other than CAM_REQ_CMP.
Submitted by: ken@kdm.org
Reviewed by: mav, ken
In ocs_scsi_initiator_io_cb(), if the SCSI command that is
getting completed had a residual equal to the transfer length,
it was setting the CCB status to CAM_REQ_CMP.
That breaks the expected behavior for commands like READ ATTRIBUTE.
For READ ATTRIBUTE, if the first attribute requested doesn't exist,
the command is supposed to return an error (Illegal Request,
Invalid Field in CDB). The broken behavior for READ ATTRIBUTE
caused LTFS tape formatting to fail. It looks for attribute
0x1623, and expects to see an error if the attribute isn't present.
In addition, if the residual is negative (indicating an overrun),
only set the CCB status to CAM_DATA_RUN_ERR if we have not already
reported an error. The SCSI sense data will have more detail about
what went wrong.
sys/dev/ocs_fc/ocs_cam.c:
In ocs_scsi_initiator_io_cb(), don't set the status to
CAM_REQ_CMP if the residual is equal to the transfer length.
Also, only set CAM_DATA_RUN_ERR if we didn't get SCSI
status.
Submitted by: ken@kdm.org
Reviewed by: mav, ken
The 3com bluetooth PC Card adapter was removed from the tree when PC
Card support was removed earlier this year. Remove stray references to
it still in the tree.
Sponsored by: Netflix
Use refcounting to delay the detach rather than device_busy and/or
device_unbusy. fd/fdc is one of the few consumers of device_busy in the
tree for that, and it's not a good fit. Also, nothing is waking 'fd' and
other drivers don't loop like this. Return EBUSY if we still have active
users.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D31830
The definition for 'ST' is in efilib.h, so we don't need extern ST here.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D32225
The ng_h4 module was disconnected 13 years ago when the tty later was
locked by Ed. It completely fails to compile, and has a number of false
positives for Giant use. Remove it for lack of interest. Bluetooth has
largely (completely?) moved on from bluetooth over UART transport.
OK'd by: emax
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D31846
NAT hash tables are inverted for inbound vs outbound. Rather than spend
the time and cycles swapping them, let's simply calculate the bucket
lengths inversely.
MFC after: 1 week
Lua bindings appeared in FreeBSD 12.0. Delete the authors section of the
man page, since it's unclear who wrote different parts of the man
page.
Noted by: Trond Endrestol
Sponsored by: Netflix