The approach taken by the stack gap implementation was to insert a
random gap between the top of the fixed stack mapping and the true top
of the main process stack. This approach was chosen so as to avoid
randomizing the previously fixed address of certain process metadata
stored at the top of the stack, but had some shortcomings. In
particular, mlockall(2) calls would wire the gap, bloating the process'
memory usage, and RLIMIT_STACK included the size of the gap so small
(< several MB) limits could not be used.
There is little value in storing each process' ps_strings at a fixed
location, as only very old programs hard-code this address; consumers
were converted decades ago to use a sysctl-based interface for this
purpose. Thus, this change re-implements stack address randomization by
simply breaking the convention of storing ps_strings at a fixed
location, and randomizing the location of the entire stack mapping.
This implementation is simpler and avoids the problems mentioned above,
while being unlikely to break compatibility anywhere the default ASLR
settings are used.
The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack,
and is re-enabled by default.
PR: 260303
Reviewed by: kib
Discussed with: emaste, mw
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704
From a user point of view, this makes ^T work out of the box.
Reviewed By: debdrup (man page)
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D33842
Allow projects based on the FreeBSD tree to append to _PRIVATELIBS
and _INTERNALLIBS by simply maintaining their own lists of
LOCAL_PRIVATELIBS and LOCAL_INTERNALLIBS, respectively.
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D33901
This tiny change to the example makes devd capable of reacting to carp
status change events on VLAN interfaces.
Reported by: Thomas Steen Rasmussen (tykling) <thomas at gibfest.dk>
These configuration options were removed in commit dfe13344f5.
Some forthcoming work will update the UMA man page to describe its
current behaviour on NUMA systems.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
It's sometimes easier to exclude some modules rather than listing all
possibly needed ones with MODULES_OVERRIDE.
So for this add MODULES_EXCLUDE which do exactly as one would guess, excludes
some modules from the build/install.
For example if one wants to exclude all modules which are only present in the
GENERIC config on amd64 :
export MODULES_EXCLUDE=$(grep -E '^device' sys/amd64/conf/GENERIC | awk '{print $2}' | tr '\n' ' ')
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33443
vm_reserv.c uses its own bitstring implemenation for popmaps. Using
the bitstring_t type from a standard header eliminates the code
duplication, allows some bit-at-a-time operations to be replaced with
more efficient bitstring range operations, and, in
vm_reserv_test_contig, allows bit_ffc_area_at to more efficiently
search for a big-enough set of consecutive zero-bits.
Make bitstring changes improve the vm_reserv code. Define a bit_ntest
method to test whether a range of bits is all set, or all clear.
Define bit_ff_at and bit_ff_area_at to implement the ffs and ffc
versions with a parameter to choose between set- and clear- bits.
Improve the area_at implementation. Modify the bit_nset and
bit_nclear implementations to allow code optimization in the cases
when start or end are multiples of _BITSTR_BITS.
Add a few new cases to bitstring_test.
Discussed with: alc
Reviewed by: markj
Tested by: pho (earlier version)
Differential Revision: https://reviews.freebsd.org/D33312
This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher
which accepts a larger nonce. Part of the nonce is used along with
the key as an input to HChaCha20 to generate a derived key used for
ChaCha20-Poly1305.
This cipher is used by WireGuard.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33523
When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed
packet when a security association doesn't exist with the peer.
This is useful when a listen socket set with TCP_MD5SIG wants to handle
connections protected with and without MD5 signatures.
Reviewed by: bz (previous version)
Sponsored by: nepustil.net
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D33227
libsoft was a transition from the FreeBSD/armv6 10 (and earlier) with
'softfp' ABI (that is, hardware float, but passed as integer registers)
to the 'hardfp' ABI that was in FreeBSD/armv[67] in FreeBSD 11 and
newer. It's been off by default since it was created.
This was mostly used by people that wanted to do a source upgrade of
their system from FreeBSD 10 to 11 or from 11-current before the cutover
to 11-current after. This should not be confused with the full software
floating point implementation (that doesn't use the hardware floating
point instructions at all) that is used out of tree by at least one
company selling armv7 gear that has no FPU.
There's no longer a need for the transition, so retire it like should
likely have happened sometime before FreeBSD 12 was released 3 years
ago.
Sponsored by: Netflix
Suggestions by: jrtc27, jhb
Reviewed by: manu, mmel
Differential Revision: https://reviews.freebsd.org/D33761
Advertise rc.conf method as the right way to enable it, mention
file system mapping... and change some wording.
Reviewed By: emaste, debdrup, Pau Amma
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D33720
We need to include bsd.endian.mk from bsd.compiler.mk to enable
compressed symbols only on FreeBSD little endian targets.
However, since we include bsd.compiler.mk from Makefile.inc1 and from
the build tools makefiles, it has to work on Linux and osx. Make the
error condition only when we're building natively (so that we are
forced to add a new architecture to the list).
Otherwise, define bogus, poisoned values and leave TARGET_ENDIANNESS
undefined. Since we don't actually use TARGET_ENDIANNESS for anything
in the cross building phase, these values are a failsafe agianst their
use. The one place in the build phase that detects endian is
appropriately protected.
Sponsored by: Netflix
Reviewed by: jrtc27
Differential Revision: https://reviews.freebsd.org/D33742
This function clones an existing crypto request, but associates the
new request with a specified session. The intended use case is for
drivers to be able to fall back to software by cloning a request and
dispatch it to an internally allocated software session.
Reviewed by: markj
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D33607
Convert ipfilter userland function declarations from K&R to ANSI. This
syncs our function declarations with NetBSD hg commit 75edcd7552a0
(apply our changes). Though not copied from NetBSD, this change was
partially inspired by NetBSD's work and inspired by style(9).
Reviewed by: glebius (for #network)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33595
There left only three modules that used dom_init(). And netipsec
was the last one to use dom_destroy().
Differential revision: https://reviews.freebsd.org/D33540
The historical BSD network stack loop that rolls over domains and
over protocols has no advantages over more modern SYSINIT(9).
While doing the sweep, split global and per-VNET initializers.
Getting rid of pr_init allows to achieve several things:
o Get rid of ifdef's that protect against double foo_init() when
both INET and INET6 are compiled in.
o Isolate initializers statically to the module they init.
o Makes code easier to understand and maintain.
Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D33537
Remove vestiges of arm big endian support. Also use the more proper
MACHINE_CPUARCH instead of MACHINE to test for that here.
This leaves powerpc as the only big endian arch.
Sponsored by: Netflix
Mips had a number of special cases that disabled features that didn't
work. Remove them all. However, retain the llvm mips bits because that
requires a lot more effort to unwind and will be done separately.
Sponsored by: Netflix
Remove the tweaks to the compiler, as well as additional command line
args to get the proper endian, word size and floating style.
Sponsored by: Netflix
Expand on the terse comments for where each of these files is used.
Reviewed by: emaste
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D33716
Based on some feedback clarify the man page for
- how to load the driver currently
- status of the driver with respect to iwm(4)
and leave a comment to (automatically) add a full list of chipsets
to the man page.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: debdrup
Differential Revision: https://reviews.freebsd.org/D33713
The introduction of <sched.h> improved compatibility with some 3rd
party software, but caused the configure scripts of some ports to
assume that they were run in a GLIBC compatible environment.
Parts of sched.h were made conditional on -D_WITH_CPU_SET_T being
added to ports, but there still were compatibility issues due to
invalid assumptions made in autoconfigure scripts.
The differences between the FreeBSD version of macros like CPU_AND,
CPU_OR, etc. and the GLIBC versions was in the number of arguments:
FreeBSD used a 2-address scheme (one source argument is also used as
the destination of the operation), while GLIBC uses a 3-adderess
scheme (2 source operands and a separately passed destination).
The GLIBC scheme provides a super-set of the functionality of the
FreeBSD macros, since it does not prevent passing the same variable
as source and destination arguments. In code that wanted to preserve
both source arguments, the FreeBSD macros required a temporary copy of
one of the source arguments.
This patch set allows to unconditionally provide functions and macros
expected by 3rd party software written for GLIBC based systems, but
breaks builds of externally maintained sources that use any of the
following macros: CPU_AND, CPU_ANDNOT, CPU_OR, CPU_XOR.
One contributed driver (contrib/ofed/libmlx5) has been patched to
support both the old and the new CPU_OR signatures. If this commit
is merged to -STABLE, the version test will have to be extended to
cover more ranges.
Ports that have added -D_WITH_CPU_SET_T to build on -CURRENT do
no longer require that option.
The FreeBSD version has been bumped to 1400046 to reflect this
incompatible change.
Reviewed by: kib
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D33451
Summary: It's currently just as stable as powerpc64, with more ports working.
Reviewers: alfredo, bdragon, luporl, jhibbits, #manpages
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D33610
Functions manipulating mbuf tags are using an int type for passing the
'type' parameter, but the internal tag storage is using a 16bit
integer to store it. This leads to the following code:
t = m_tag_alloc(...,0xffffffff,...,...);
m_tag_prepend(m, t);
r = m_tag_locate(m ,...,0xffffffff, NULL);
Returning r == NULL because m_tag_locate doesn't truncate the type
parameter when doing the match. This is unexpected because the type of
the 'type' parameter is int, and the caller doesn't need to know about
the internal truncations.
Fix this by making the 'type' parameter of type uint16_t in order to
match the size of its internal storage and make it obvious to the
caller the actual size of the parameter.
While there also use uint uniformly replacing the existing u_int
instances.
Reviewed by: kp, donner, glebius
Differential revision: https://reviews.freebsd.org/D33680
Add and hook up man pages for iwlwifi and iwlwififw and install a copy
of the firmware license to /usr/share/docs/legal so it will always be
shipped with the installed system.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Move some of the code duplicated between ctld(8) and iscsid(8) into a
libiscsiutil library.
Sharing the low-level PDU code did require having a
'struct connection' base class with a method table to permit separate
initiator vs target behavior (e.g. in handling proxy PDUs).
Reviewed by: mav, emaste
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D33544
Summary:
OFED on riscv64 builds fine, so it's ok to enable it.
Also MFC to stable/13.
Test Plan: make buildworld
Reviewers: mhorne
Subscribers: bdrewery, imp, emaste
Differential Revision: https://reviews.freebsd.org/D33602
And put pkg and its keys in it.
It's easier for small image to depend on this package rather than the
larger utilities one.
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33458
Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS clamping as in iptables it makes more
sense to move ipfilter to sbin.
This is the second of three commits of the ipfilter move.
Suggested by glebius on two occaions.
Suggested by and discussed with: glebius
Reviewed by: glebius, kp (for #network)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33510
dirdeps.mk: simplify computation of qualified vs unqualified dirdeps.
Note the importance of avoiding unresolved variables in DIRDEPS
Fix DIRDEP_LOADAVG_REPORT - expr(1) fails if expression evaluates to 0
Trim ${SRCTOP}/ from debug etc messages to make comparison easier.
Include number of DIRDEPS in debug output.
Trim ${SRCTOP}/ when exporting to env while building DIRDEPS_CACHE
to help avoid env exhaustion.
Use DIRDEPS_ALL_MACHINES_FILTER to better handle ALL_MACHINES
in complex build environments.
dirdeps-options.mk: use separate .undef for each variable
dirdeps-targets.mk: allow for '.' in DIRDEPS_TARGETS_DIRS
meta.autodep.mk: leverage ${.SUFFIXES} if we can.
meta.sys.mk: allow use in META_MODE vs DIRDEPS_BUILD
meta2deps.py: compute a list of dirdep extensions that map to current
TARGET_SPEC to avoid confusion.
Reviewed by: stevek
This makes the left column narrower, leaving more space for the text.
Reviewed By: debdrup, 0mp
Differential Revision: https://reviews.freebsd.org/D33385
After 53f5ac1310 allowed SATA device mapping to enclosure slots,
it may have sense to provide enclosure device emulation even without
real hardware interface like SGPIO just for purposes of physical
device location tracking (still assuming straight cabling).
MFC after: 1 week
Sponsored by: iXsystems, Inc.
The cookies argument is only used by the NFS server. NFSv2 defines the
cookie as 32 bits on the wire, but NFSv3 increased it to 64 bits. Our
VOP_READDIR, however, has always defined it as u_long, which is 32 bits
on some architectures. Change it to 64 bits on all architectures. This
doesn't matter for any in-tree file systems, but it matters for some
FUSE file systems that use 64-bit directory cookies.
PR: 260375
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D33404
Build uboot ubldr and friends like we build efi binaries
o move everything to be under stand/uboot
o md code goes in arch/$ARCH
o move everything over from the library
- Had to rename console.c, disk.c and module.c due to conflicts
o update version to 1.5 to reflect the new way of building
This results in a more consistent build system and should represent no
functional change, apart from powerpc version getting new help
file. Also, moved to exlcuding uboot on powerpc64le by using
BROKEN_OPTION instead of the incidental exclusion we had before due to
Makefile reorgs.
Sponsored by: Netflix
Feedback by: stevek, jrtc27
Differential Revision: https://reviews.freebsd.org/D33362
With the mac_priority(4) realtime policy active, users and processes in
the realtime group may promote existing threads and processes to
realtime scheduling priority. Extend the privileges granted to
PRIV_SCHED_SETPOLICY which allows explicit creation of new realtime
threads.
One use case of this is when the pthread scheduling policy is set to
SCHED_RR or SCHED_FIFO via pthread_attr_setschedpolicy(...) before
calling pthread_create(...). I ran into this when testing audio software
with realtime threads, particularly audio/ardour6.
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D33393
KTLS no longer supports multiple software backends. Instead, it
always uses OCF for software crypto. In particular, the ktls_ocf.ko
module no longer exists. The OCF bits for KTLS are compiled into th
kernel instead.
Sponsored by: Netflix
Add new man page for genet(4) Ethernet on Raspberry Pi 4B, based on
several other Ethernet man pages. Hook into build.
Note, this could potentially be added as an aarch64 man page; not
sure if that matters now. Include if_genet(4) link as for other
network devices.
Copyright notice cloned from a recent FreeBSD Foundation copyright.
MFC after: 3 days
Reviewed by: imp bcr #manpages
Differential Revision: https://reviews.freebsd.org/D33360
Now that MIPS isn't a recognized target for buildworld, move llvm mips
to off by default.
Sponsored by: Netflix
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D33364
Add an idletime user group that allows non-root users to run processes
with idle scheduling priority. Privileges are granted by a MAC policy in
the mac_priority module. For this purpose, the kernel privilege
PRIV_SCHED_IDPRIO was added to sys/priv.h (kernel module ABI change).
Deprecate the system wide sysctl(8) knob
security.bsd.unprivileged_idprio which lets any user run idle priority
processes, regardless of context. While the knob is still working, it is
marked as deprecated in the description and in the man pages.
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D33338
COMPILER_TYPE is not set during cleandir and perhaps other non-build
targets, and a build with ASAN or UBSAN enabled failed with an error
reporting that runtime libraries could not be built.
PR: 260099
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32805
On Linux, libcrypto is available so a non-WITHOUT_OPENSSL build happens
to work, but on macOS it isn't available to be linked against (though
there is a versioned dylib for /usr/bin/openssl etc), and neither have
libmd so would both be broken under WITHOUT_OPENSSL. Since we're using
the system libarchive, further extend the hack to ensure _DP_archive is
empty.
Fixes: ed4050750c ("src.libnames.mk: Add hack to workaround libarchive not being bootstrapped")
MFC after: 1 week
When bootstrapping on FreeBSD we use -DNO_SHARED so this case is already
handled correctly, but on non-FreeBSD we set NO_SHARED to no in
Makefile.boot.pre as not all OSes have static libraries available. As a
result, users of libdwarf fail to link during the cross tools stage due
to the newly-introduced dependency of libdwarf on libz.
This should perhaps be reworked to instead leave NO_SHARED as yes but
have an override (either implicit in bsd.prog.mk, or explicit via a new
variable) to turn off just the use of -static.
MFC after: 1 week
We don't currently honour _DP_foo when bootstrapping on non-FreeBSD, and
so none of these values matter, but the next commit will change that as
we do need to pull in dependencies for libdwarf. We should really be
bootstrapping our libarchive for ar anyway rather than using the host's,
as well as have a better way to communicate to src.libnames.mk whether
or not a library is being bootstrapped.
MFC after: 1 week
According to information found on the internet the following products
use exactly the same hardware but probably different USB IDs:
- Edimax EW-7811Un V2 (v2)
- Edimax EW-7811GLN 2.0A (v2)
I am not adding them as I cannot verify.
PR: 254280
MFC after: 1 week
Add two underscore characters "__" to names of BIT_* and BITSET_*
macros to move them to the implementation name space and to prevent
a name space pollution due to BIT_* macros in 3rd party programs with
conflicting parameter signatures.
These prefixed macro names are used in kernel header files to define
macros in e.g. sched.h, sys/cpuset.h and sys/domainset.h.
If C programs are built with either -D_KERNEL (automatically passed
when building a kernel or kernel modules) or -D_WANT_FREENBSD_BITSET
(or this macros is defined in the source code before including the
bitset macros), then all macros are made visible with their previous
names, too. E.g., both __BIT_SET() and BIT_SET() are visible with
either of _KERNEL or _WANT_FREEBSD_BITSET defined.
The main reason for this change is that some 3rd party sources
including sched.h have been found to contain conflicting BIT_*
macros.
As a work-around, parts of shed.h have been made conditional and
depend on _WITH_CPU_SET_T being set when sched.h is included.
Ports that expect the full functionality provided by sched.h need
to be built with -D_WITH_CPU_SET_T. But this leads to conflicts if
BIT_* macros are defined in that program, too.
This patch set makes all of sched.h visible again without this
parameter being passed and without any name space pollution due
to BIT_* macros becoming visible when sched.h is included.
This patch set will be backported to the STABLE branches, but ports
will need to use -D_WITH_CPU_SET_T as long as there are supported
releases that do not contain these patches.
Reviewed by: kib, markj
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D33235
_p.a are just a special case of .a archives, and should not be installed
if WITHOUT_INSTALLLIB is set.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This is a MAC policy module that grants scheduling privileges based on
group membership. Users or processes in the group realtime (gid 47) are
allowed to run threads and processes with realtime scheduling priority.
For timing-sensitive, low-latency software like audio/jack, running with
realtime priority helps to avoid stutter and gaps.
PR: 239125
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D33191
The Li macros has been deprecated by mdoc some time ago. Recommend the
use of Ql instead.
Reviewed by: debdrup
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33232
This reverts commit 266f97b5e9, reversing
changes made to a10253cffe.
A mismerge of a merge to catch up to main resulted in files being
committed which should not have been.
This is only available in recent toolchains. Check for it so we can
use it in libmd.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33166
Add a few very useful variables that might easily be overlooked, since
they're only documented in rc.subr(8) which might not be the first place
that people look.
At least _oomprotect has existed since 11.0-RELEASE, and doesn't appear
to be very well-known. While the others aren't as new, in my estimation,
a lot more people would use them if they knew about them.
While here, also add a reference to rc.subr(8) and login.conf(5), and
sort the variables alphabetically.
Reported by: Daniel Dettlaff <dmilith at gmail.com>
Reviewed by: ceri, gbe, 0mp, ygy, a.wolk, pauamma
Since e27961a496, load_rc_config does not
require a service name as its first argument. This change was documented
in the rc.subr script in 0b9c2e7ac5. Let's
update the manual page as well.
MFC after: 3 days
The inclusion of 0a0f748641 broke the build with the -DNO_ROOT option.
Specifically, that commit adds some relative paths (with `..`) to METALOG
that make other tools using that log, fail afterwards (tar, makefs...).
It's been argued[1] if this is really something mtree(8) should handle more
graciously. In the meantime, fix the breakage but changing the order in which
the links are created: first in the parent directory, then in the
architecture-specific one.
We keep the architecture-specific directories an the links to the parent
directories. This is something that we might want to change in the future.
This commit is based on a concept patch by avg@.
[1] https://lists.freebsd.org/archives/dev-commits-src-all/2021-November/index.html
Reported by: bapt@, emaste@
Approved by: avg@
Fixes: 0a0f748641
Differential Revision: https://reviews.freebsd.org/D33126
Information in this document is unchanged between 11.x and 12.x, but
this is intended to be a quick reference for supported architectures.
Also bump .Dd to cover recent changes including MIPS deprecation.
Sponsored by: The FreeBSD Foundation
With MIPS' retirement we now have more discontinued architectures than
supported ones, making the table somewhat unclear. Split the table in
two.
Reviewed by: allanjude
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33110
Belatedly remove twa(4). It was supposed to go before 13.0, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33114
Belatedly remove esp(4). It was tagged as gone in 13, but was overlooked
until now.
Sponsored by: Netflix
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33115
Belatedly remove amr(4). It was slated to depart before 13.0 but was
overlooked until now.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33113
Belatedly remove iir(4). It was slated to go before 13, but was
overlooked.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33112
We'd said this was going away in 13, but was overlooked. Belatedly
remove.
Sponsored by: Netflix
Relnotes: yes
Reviewed by: scottl
Differential Revision: https://reviews.freebsd.org/D33111
bsddialog is an attempt to write in permissive license a replacement for
libdialog.
While it is still in early stage it is good enough to already be used in
many areas, it is imported as private lib until it matures enough to be
considered as having a stable ABI
Add in all the variables set in the kenv variable devmatch_blocklist
too. This allows blocking autoloading from the boot loader.
Sponsored by: Netflix
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D32171
The last usage of this function was removed in e3b1c847a4.
There are no in-tree consumers of kernel_vmount().
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D32607
Entries for a few recently defined rc variables
were missing from rc.conf.5. This patch adds
those.
It was not obvious to me what the ordering is,
so I added them to the area where other nfsd
related variables are. I can easily move them.
I also replaced "are" with "is", since it seems to
read better.
This is a content change.
Reviewed by: debdrup
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33043
They are unused today and cannot be safely used in the face of unlocked
lookup, in which pages may be busied without the object lock held.
Obtained from: jeff (object_concurrency patches)
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32948
- Modify vm_page_busy_sleep() and vm_page_busy_sleep_unlocked() to take
a VM_ALLOC_* flag indicating whether to sleep on shared-busy, and fix
up callers.
- Modify vm_page_busy_sleep() to return a status indicating whether the
object lock was dropped, and fix up callers.
- Convert callers of vm_page_sleep_if_busy() to use vm_page_busy_sleep()
instead.
- Remove vm_page_sleep_if_(x)busy().
No functional change intended.
Obtained from: jeff (object_concurrency patches)
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32947
In 9fae47666 zfsd got a libspl dependency to avoid undefined references.
However that workaround did not help external consumers of libzfs_core.
Fix all missing dependencies lld 13 and the rtld complain about.
Reviewed by: freqlabs, markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32521
This adds a new ng_device command, NGM_DEVICE_ETHERALIGN, which has no
associated args. After the command arrives, the device begins adjusting all
packets sent out its hook to have ETHER_ALIGN bytes of padding at the
beginning of the packet. The ETHER_ALIGN padding is added only when
running on an architecture that requires strict alignment of IP headers
(based on the __NO_STRICT_ALIGNMENT macro, which is only #define'd on
x86 as of this writing).
This also adds ascii <-> binary command translation to ng_device, both for
the existing NGM_DEVICE_GET_DEVNAME and the new ETHERALIGN command.
This also gives a name to every ng_device node when it is constructed, using
the cdev device name (ngd0, ngd1, etc). This makes it easier to address
command msgs to the device using ngctl(8).
Reviewed by: donner, ray, adrian
Differential Revision: https://reviews.freebsd.org/D32905
MFC after: 1 week
Drop packets arriving from the network that have our source IPv6
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.
Reviewed by: melifaro, donner, kp
Differential revision: https://reviews.freebsd.org/D32915
Drop packets arriving from the network that have our source IP
address. If maliciously crafted they can create evil effects
like an RST exchange between two of our listening TCP ports.
Such packets just can't be legitimate. Enable the tunable
by default. Long time due for a modern Internet host.
Reviewed by: donner, melifaro
Differential revision: https://reviews.freebsd.org/D32914
This very questionable feature was enabled in FreeBSD for a very short
time. It was disabled very soon upon merging to RELENG_4 - 23d7f14119.
And in HEAD was also disabled pretty soon - 4bc37f9836.
The tunable has very vague name. Check interface for what? Given that
it was never documented and almost never enabled, I think it is fine
to rename it together with documenting it.
Also, count packets dropped by this tunable as ips_badaddr, otherwise
they fall down to ips_cantforward counter, which is misleading, as
packet was not supposed to be forwarded, it was destined locally.
Reviewed by: donner, kp
Differential revision: https://reviews.freebsd.org/D32912
NOTE: HEADS UP read the note below if your kernel config is not including GENERIC!!
This patch does a bit of cleanup on TCP congestion control modules. There were some rather
interesting surprises that one could get i.e. where you use a socket option to change
from one CC (say cc_cubic) to another CC (say cc_vegas) and you could in theory get
a memory failure and end up on cc_newreno. This is not what one would expect. The
new code fixes this by requiring a cc_data_sz() function so we can malloc with M_WAITOK
and pass in to the init function preallocated memory. The CC init is expected in this
case *not* to fail but if it does and a module does break the
"no fail with memory given" contract we do fall back to the CC that was in place at the time.
This also fixes up a set of common newreno utilities that can be shared amongst other
CC modules instead of the other CC modules reaching into newreno and executing
what they think is a "common and understood" function. Lets put these functions in
cc.c and that way we have a common place that is easily findable by future developers or
bug fixers. This also allows newreno to evolve and grow support for its features i.e. ABE
and HYSTART++ without having to dance through hoops for other CC modules, instead
both newreno and the other modules just call into the common functions if they desire
that behavior or roll there own if that makes more sense.
Note: This commit changes the kernel configuration!! If you are not using GENERIC in
some form you must add a CC module option (one of CC_NEWRENO, CC_VEGAS, CC_CUBIC,
CC_CDG, CC_CHD, CC_DCTCP, CC_HTCP, CC_HD). You can have more than one defined
as well if you desire. Note that if you create a kernel configuration that does not
define a congestion control module and includes INET or INET6 the kernel compile will
break. Also you need to define a default, generic adds 'options CC_DEFAULT=\"newreno\"
but you can specify any string that represents the name of the CC module (same names
that show up in the CC module list under net.inet.tcp.cc). If you fail to add the
options CC_DEFAULT in your kernel configuration the kernel build will also break.
Reviewed by: Michael Tuexen
Sponsored by: Netflix Inc.
RELNOTES:YES
Differential Revision: https://reviews.freebsd.org/D32693
Recent firmwares have more leeway in FEC selection and there is a need
to track the FECs requested by the driver separately from the FEC in use
on the link. The existing dev.<port>.<inst>.fec sysctl can read both but
its behavior depends on the link state and it is sometimes hard to find
out what was requested when the link is up.
Split the fec sysctl into two (requested_fec and link_fec) to get access
to both pieces of information regardless of the link state.
MFC after: 1 week
Sponsored by: Chelsio Communications
Commit f0c9847a6c added the ioflag and cred arguments to
VOP_ALLOCATE() for NFSv4.2 server support. This patch updates
the man page for these arguments.
Reviewed by: khng, gbe
Differential Revision: https://reviews.freebsd.org/D32898
Mark functions inet_netof(), inet_lnaof(), and inet_makeaddr() as
deprecated, as they assume Class A/B/C. inet_makeaddr() mostly works
when networks are a multiple of 8 bits, but warn for anything other
than historical classes. Reduce other mentions of network classes.
MFC after: 1 month
Reviewed by: bcr, #manpages
Differential Revision: https://reviews.freebsd.org/D32711
AES-CBC OpenSSL assembly is used underneath.
The glue layer(ossl_aes.c) is based on CHACHA20 implementation.
Contrary to the SHA and CHACHA20, AES OpenSSL assembly logic
does not have a fallback implementation in case CPU doesn't
support required instructions.
Because of that CPU caps are checked during initialization and AES
support is advertised only if available.
The feature is available on all architectures that ossl supports:
i386, amd64, arm64.
The biggest advantage of this patch over existing solutions
(aesni(4) and armv8crypto(4)) is that it supports SHA,
allowing for ETA operations.
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: jhb (previous version)
Differential revision: https://reviews.freebsd.org/D32099
AES-CBC OpenSSL assembly is used underneath.
The glue layer(ossl_aes.c) is based on CHACHA20 implementation.
Contrary to the SHA and CHACHA20, AES OpenSSL assembly logic
does not have a fallback implementation in case CPU doesn't
support required instructions.
Because of that CPU caps are checked during initialization and AES
support is advertised only if available.
The feature is available on all architectures that ossl supports:
i386, amd64, arm64.
The biggest advantage of this patch over existing solutions
(aesni(4) and armv8crypto(4)) is that it supports SHA,
allowing for ETA operations.
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D32099
You can wire da, ada and nda device units to serial numbers. sdda cannot
be wired like this because SD and MMC cards lack serial numbers (or at
the very least CAMMMC does not query or retain them).
Sponsored by: Netflix
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D32825
Unwired units start with the first avaialble unit that hasn't been
wired, not one greater than the largest wired unit. wired units are
skipped when assigning unwired units a number.
Sponsored by: Netflix
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D32824
Allow users to set a number on rules which will be exposed as part of
the pflog header.
The intent behind this is to allow users to correlate rules across
updates (remember that pf rules continue to exist and match existing
states, even if they're removed from the active ruleset) and pflog.
Obtained from: pfSense
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32750
I made a mistaking in merging the final commits for the devctl changes. This
adds the 'hushed' variable and has the correct dates for the manuals.
Pointy hat to: imp
Generate VT events when the bell beeps. When coupled with disabling the
bell,this allows custom bells to be rung when we'd otherwise beep.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D32656
In most cases blackholing for locally originated packets is undesired,
leads to different kind of lags and delays. Provide sysctls to enforce
it, e.g. for debugging purposes.
Reviewed by: rrs
Differential revision: https://reviews.freebsd.org/D32718
Pick up changes in option dependencies (WITHOUT_OPENSSL and WITHOUT_CXX)
and the addition of WITH_DETECT_TZ_CHANGES and WITH_LLVM_BINUTILS.
Sponsored by: The FreeBSD Foundation
