Certain operations such as checksum insertion and VLAN insertion
require the device model to rewrite the packet header. The first step
in rewriting the packet header is to copy the existing packet header
from the source packet. This copy is done by copying data from an
iovec array that corresponds to the S/G entries described by transmit
descriptors. However, if the total packet length is smaller than the
headers that need to be copied as the initial template, this copy can
overflow the iovec array and use garbage values as the source pointer
to memcpy. The PR used a single descriptor with a length of 0 in its
PoC.
To fix, track the total packet length and drop requests to transmit
packets whose payload is smaller than the required header length.
While here, fix another issue where the final descriptor could have an
invalid length (too short) that could underflow 'len' when stripping
the checksum. Skip those requests instead, too.
PR: 264372
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: grehan, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36182
This avoids type confusion where a malicious guest could rewrite the
MaxPStreams field in an endpoint context after the endpoint was
initialized causing the device model to interpret a guest provided
address (stored in ep_ringaddr of the "software" endpoint state) as a
bhyve host process address (ep_sctx_trbs). It also prevents a malicious
guest from triggering overflows of ep_sctx_trbs[] by increasing the
number of streams after the endpoint has been initialized.
Rather than re-reading the MaxPStreams value out of the endpoint context
in guest memory on subsequent operations, cache the value in the software
endpoint state. Possibly the device model should raise errors if the
value of MaxPStreams changes while an endpoint is running. This approach
simply ignores any such changes by the guest.
PR: 264294, 264347
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36181
Controllers must support the Identify Controller list if they support
Namespace Management. But the UNH NVMe tests use this command regardless
of whether the device under test supports Namespace Management.
This implementation returns an empty Controller list (i.e., Number of
Identifiers is zero).
Fixes UNH Test 1.1.2
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36193
The NVMe specification only allows Controllers compliant with the
revision 1.3 and earlier specification to report a value of 0x0 in the
No-Deallocate Modifies Media After Sanitize (NODMMAS) field.
For our revision 1.4 Controller, report that media is not modified after
Sanitize as the implementation does not implement Sanitize.
Fixes UNH Test 1.1.2
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36192
Space used by the MOS is summed after all on-disk data structures are
finalized, so the MOS DSL directory represents a special case when
counting bytes used for each directory. The DSL layer failed to update
the MOS DSL directory's parent, the root directory, accordingly, so the
root directory reported less space used than was used in reality. Be
careful to update the root directory after the MOS is finalized.
PR: 265849
Sponsored by: The FreeBSD Foundation
There was a missing sentence in the description of the second mount
entry in the example. Fix that and some other bits in the EXAMPLES
section.
Also, make the STANDARDS section a bit more readable.
MFC after: 1 week
Sponsored by: Klara Inc.
Summary:
Code was using the mask value without the shift.
Test Plan: Within FreeBSD/Linux guest, Identify NVMe controller to check the result.
Reviewed by: chuck, imp
MFC after: 2 weeks
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32659
Summary:
Currently Active Firmware Info is not initialized.
Fix is to initialize the Active Firmware Info to Slot 1.
Test Plan: Within FreeBSD/Linux guests, show the Firmware Logpage to confirm.
Reviewed By: chuck
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D32658
Summary:
Set Number of Power States Supported to indicate 1 power state. Keep the
Power State Descriptor data structures as zero to indicate "Not
reported".
Test Plan:
Within FreeBSD/Linux guests, list the number of power states and check
the Max Power value.
Reviewed By: markj, chuck
MFC after: 2 weeks
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Differential Revision: https://reviews.freebsd.org/D32657
The debug print in nvme_opc_get_log_page() would print an uninitialized
local variable.
In nvme_opc_write_read(), a failed LBA bounds check would cause
pci_nvme_stats_write_read_update() to be called with an uninitialized
variable as a parameter. Although the parameter is unused when the
check fails (and so status != 0), LLVM 14 emits some bogus machine code
in this path, which happens to result in a segfault when it gets
executed.
PR: 265749
Reviewed by: chuck, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36119
Currently these are not reported because bhyve is compiled with WARNS=2.
Let's start taking small steps towards enabling more warnings.
No functional change intended.
Reviewed by: chuck, imp, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36118
The Dataset Management code could free an uninitialized pointer if the
device doesn't support the Dataset Management command.
PR: 264548
Reported by: Robert Morris <rtm@lcs.mit.edu>
Fuzzing of bhyve uncovered an assertion failure in the NVMe emulation.
Investigation uncovered several corner cases the code did not handle.
This change handles several Controller initialization errors, including
- bad AQ sizes
- bad AQ vm_map_gpa
- doorbell writes prior to RDY
- doorbell writes to uninitialized queue
- CSTS.RDY if CFS set
PR: 256317,256319,256320,256322
Reported by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D35453
Fuzzing of bhyve using hyfuzz discovered a way to cause a segmentation
fault in the NVMe emulation. If a guest specifies a physical address in
either the PRP1 or PRP2 field of a command that cannot be mapped from
guest to host, the function paddr_guest2host() returns a NULL pointer.
The NVMe emulation did not check for this error case, which allowed for
the segmentation fault to occur.
Fix is to check for a return value of NULL and indicate an error back to
the guest (Data Transfer error). While in the area, slightly refactor
the write/read blockif function to use a common error exit path.
PR: 256321
Reported by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Reviewed by: imp, jhb
Differential Revision: https://reviews.freebsd.org/D35452
Summary:
NVMe operations indicate the memory region(s) associated with a command
via physical region pages (PRPs). Since each PRP has a fixed size,
contiguous memory regions larger than the PRP size require multiple PRP
entries.
Instead of issuing a blockif call for each PRP, the NVMe emulation
concatenates multiple contiguous PRP entries into a single blockif
request. The test for contiguous regions has a bug such that it
mistakenly treats an initial PRP address of zero as a contiguous range
and concatenates it with the previous. But because there is no previous
IOV, the concatenation code corrupts the IO request structure and leads
to a segmentation fault when the blockif request completes.
Fix is to test for the existence of a previous range before trying to
concatenate the current range with the previous one.
While in the area, rename pci_nvme_append_iov_req()'s lba parameter to
offset to match its usage.
PR: 264177
Reported by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35328
This is consistent with what other uid-morphing utilities
do, i.e. jexec(1), su(1) etc.
MFC after: 2 weeks
Reviewed by: gbe
Differential Revision: https://reviews.freebsd.org/D36148
Check the canmount property before building the mountpoint string.
Reported by: Coverity
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Sponsored by: The FreeBSD Foundation
nvstring_get() returns a copy of the string, not a pointer into the
nvlist's internal buffer.
Reported by: Coverity
Fixes: 240afd8c1f ("makefs: Add ZFS support")
Sponsored by: The FreeBSD Foundation
This is in preparation for including an etcupdate tree when performing a
-DNO_ROOT release image build. Although -DNO_ROOT can be passed via -M,
to be useful we need to mangle the resulting METALOG to mirror the
various cleanups to the tree that are done after the build (removing
generated files, empty files and empty directories), so etcupdate needs
its own flag.
Reviewed by: jhb, pauamma
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35857
This is in preparation for building an etcupdate tree on non-FreeBSD
when building release images. The -d option is documented as a
BSD-specific equivalent to the POSIX -depth primary. Whilst GNU find
sort of accepts it in an attempt to be compatible, it still doesn't
permit it coming before the paths, unlike BSD find, and prints a
deprecation warning either way. Thus, use the equivalent POSIX -depth to
ensure it works correctly and without warning everywhere.
Reviewed by: jhb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35856
This will allow release/Makefile to forward on ${MAKE} to allow building
on non-FreeBSD systems where ${MAKE} is something other than make, as
make is typically GNU make in such situations.
Reviewed by: jhb, pauamma
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35854
This allows one to take a staged directory tree and create a file
consisting of a ZFS pool with one or more datasets that contain the
contents of the directory tree. This is useful for creating virtual
machine images without using the kernel to create a pool; "zpool create"
requires root privileges and currently is not permitted in jails.
makefs -t zfs also provides reproducible images by using a fixed seed
for pseudo-random number generation, used for generating GUIDs and hash
salts. makefs -t zfs requires relatively little by way of machine
resources.
The "zpool_reguid" rc.conf setting can be used to ask a FreeBSD guest to
generate a unique pool GUID upon first boot.
A small number of pool and dataset properties are supported. The pool
is backed by a single disk vdev. Data is always checksummed using
Fletcher-4, no redundant copies are made, and no compression is used.
The manual page documents supported pool and filesystem properties.
The implementation uses a few pieces of ZFS support from with the boot
loader, especially definitions for various on-disk structures, but is
otherwise standalone and in particular doesn't depend on OpenZFS.
This feature should be treated as experimental for now, i.e., important
data shouldn't be trusted to a makefs-created pool, and the command-line
interface is subject to change.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35248
Rather than trying to shoehorn flags into the requested superblock
address, create a separate flags parameter to the ffs_sbget()
function in sys/ufs/ffs/ffs_subr.c. The ffs_sbget() function is
used both in the kernel and in user-level utilities through export
to the sbget() function in the libufs(3) library (see sbget(3)
for details). The kernel uses ffs_sbget() when mounting UFS
filesystems, in the glabel(8) and gjournal(8) GEOM utilities,
and in the standalone library used when booting the system
from a UFS root filesystem.
The ffs_sbget() function reads the superblock located at the byte
offset specified by its sblockloc parameter. The value UFS_STDSB
may be specified for sblockloc to request that the standard
location for the superblock be read.
The two existing options are now flags:
UFS_NOHASHFAIL will note if the check hash is wrong but will still
return the superblock. This is used by the bootstrap code to
give the system a chance to come up so that fsck can be run to
correct the problem.
UFS_NOMSG indicates that superblock inconsistency error messages
should not be printed. It is used by programs like fsck that
want to print their own error message and programs like glabel(8)
that just want to know if a UFS filesystem exists on a partition.
One additional flag is added:
UFS_NOCSUM causes only the superblock itself to be returned, but does
not read in any auxiliary data structures like the cylinder group
summary information. It is used by clients like glabel(8) that
just want to check for possible filesystem types. Using UFS_NOCSUM
skips the superblock checks for csum data which allows superblocks
that have corrupted csum data to be read and used.
The validate_sblock() function checks that the superblock has not
been corrupted in a way that can crash or hang the system. Unless
the UFS_NOMSG flag is specified, it will print out any errors that
it finds. Prior to this commit, validate_sblock() returned as soon
as it found an inconsistency so would print at most one message.
It now does all its checks so when UFS_NOMSG has not been specified
will print out everything that it finds inconsistent.
Sponsored by: The FreeBSD Foundation
They might belong to kernel modules not currently loaded, or to other
kernel versions. Ignoring them allows the configuration to be shared
between multiple hosts.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D35540
The last number of unbound upgrades failed to manually update the
version strings in usr.sbin/unbound/config.h. This commit fixes that.
Reported by: "Herbert J. Skuhra" <herbert@gojira.at>
Fixes: 0a92a9fca7a39a5a69059cf5bc93f6273016e83624e36522005469a99530
MFC after: 3 days
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
Reviewed by: kevans
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35808
Copy the ENVIRONMENT section from df(1) to swapinfo(8), except
that the --si option is removed for swapinfo.
PR: 235225
Reported by: 0mp
MFC after: 3 days
The original code had used a fixed-size buffer for ioctl(SIOCGIFCONF),
that might cause the target ifreq spilled from the buffer. Use the handy
getifaddrs(3) to fix the problem.
Reviewed by: glebius
Differential revision: https://reviews.freebsd.org/D35536
pmcstat has been broken for analyzing logs since D35342 / b6e28991bf.
This is because the pmc for the first CPU is not added when reading logs
because unlike its clones, its event id is not invalid. That causes us
to fail the assertion at lib/libpmcstat/libpmcstat_logging.c:293
when encountering samples from cpu0.
Fix this by removing the check that the PMC is invalid
Reviewed by: tsoome
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35709
As of hostap 2.10, WEP is disabled by default. This of course is not a
bad thing but requires some planning and an announcment to remove WEP
support by default. A possible src.conf knob or letting users know they
should use the port instead might different options.
MFC after: 3 days
Surrently virtio-net uses the prefix of the backing interface to
choose the backend. This patch adds an additional option "type" to
choose the backend type explicitly. This allows greater flexibility
for end users to manage bhyve specific resources (such as by naming
the tap interfaces to more descriptive names). The option "type" is
optional. When it is not presented, the backend is derived from the
name of the backend interface.
For example, the line `-s 3,virtio-net,bsdvm0,type=tap` will create a
virtio-net device for the guest using the tap interface "bsdvm0".
Adding a new "type" option preserves the current legacy format in which
the first value after virtio-net names an instance of a backend.
Note that tap interfaces not following the pattern "tap*" will not be
created on demand via devfs cloning but must be created explicitly.
Reviewed by: vmaffione, jhb
Differential Revision: https://reviews.freebsd.org/D35143
Describe explicitly the handling of TCP endpoints in the TIME-WAIT and
SYN-RCVD state.
Reported by: glebius@
Reviewed by: glebius@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D35651
named(8) hasn't been in base for some time. Remove all references to it in
manual pages.
Approved by: manpages (Pau Amma)
Differential Revision: https://reviews.freebsd.org/D35586
Add support for system wide and NUMA domain wide counters support.
Add 3 new PMC classes for ARM DMC-620 and CMN-600 controllers PMU.
Reviewed by: mhorne
Sponsored By: ARM
Sponsored By: Ampere Computing
Differential Revision: https://reviews.freebsd.org/D35342
When pausing a block I/O device model as part of suspending a VM, wait
for all active block I/O requests to finish before saving snapshot
data. This avoids having to save information about in-flight requests
both in the block_if layer and in storage device models.
For the AHCI device model, the queues are now guaranteed to be idle
when taking a snapshot, so remove the code to save queue state and
rely on the initial state in a resumed VM having all queues already
idle.
This will also simplify adding NVMe snapshot support in the future.
Reviewed by: jhb
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D26267
Currently we only set canmount=noauto on the root of the BE, this
change makes it so we set it on all datasets under the BE as well.
Reviewed by: allanjude
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35422
Disable P2P in WPS as it is not supported by FreeBSD. Also, it is not
enabled in wpa_supplicant so the WPS P2P code is redundant.
PR: 264238
Reported by: adrian
MFC after: 3 days
The current situation is fairly confusing, where an integer is interpreted
as a percent until you slap a decimal on it and magically it becomes an
absolute value.
Let's have a flag day in 14.0 and remove this shim entirely. Setting with
percent can still be useful, so allow a trailing '%' to indicate as such.
As a side effect, we tighten down the format allowed in the volume a little
bit by ensuring there's no trailing garbage after the value once it's
separated into left and right components.
Reviewed by: christos, hselasky, pauamma_gundo.com (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D35101
libpmc already returns an end address that is after the end of the
last instruction of a function (on both amd64 and arm64) as the end
address written to the annotate map file is computed as the start
address of the symbol plus the size.
Adding one could result in a curious failure where an entire
function's contents in assembly was reduced instead to only the first
instruction. The reason is that when the end instruction is bumped by
one, objdump -d can append the first instruction of the next function
in its output. However, since pmcannotate concatenates all of the
objdump -d output from various functions into a single file which it
then searches to find the assembly for a given file, if this
additional trailer was earlier in the file than the full function, the
trailer was chosen to represent the entire function resulting in the
truncated listing of the function.
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D35399
They are no longer needed, but were likely missed simply because they
don't show up in a grep for 'mips'.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35475
If installing from the DVD, mount its packages in the chroot at
/dist/packages. That way they'll be accessible to an install script.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: gjb
Differential Revision: https://reviews.freebsd.org/D35330
As with i386 and amd64, "latest" packages are available on stable
branches for arm64/aarch64.
Reviewed by: manu
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35445
Addition to D31491 in order to actually resolve the top root cause.
Currently rpcbind gets contact address from connectionless xprt->xp_p2
member of a transport and will fail to get it when working over
connection oriented transport, leading to a guess game in terms of
contact address on rpcinfo requests like RPCBPROC_GETVERSADDR or
RPCBPROC_GETADDRLIST and poor returns which may influence a user
of a call and specifically reported on OSX clients, which tend to
not provide address hint from rpcinfo request to a server.
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D35220
This allows building a container image with enough functionality for
downloading and installing packages without having to include the
utilities package.
Reviewed by: manu
MFC after: 2 weeks
Some software uses SMBIOS entries to identify the system on which it's
running. In order to make it possible to use such software inside a VM,
SMBIOS entries should be configurable. Therefore, bhyve_config can be
used. While only a few SMBIOS entries might be of interest, it makes
sense that all SMBIOS entries are configurable. This way all SMBIOS
tables are build the same way and there's no special handling for some
tables.
Reviewed by: jhb
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34465
Don't shadow an already-local variable with another local declaration.
Reported by: dteske
MFC after: 13 days
MFC with: caf73e5857
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D35331
If the ZFSBOOT_DISKS variable is set to one or more disk names, then
those disks should be preselected in the disk menu. However, the code
wasn't correctly setting the variable, leaving all disks unselected.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: dteske
Differential Revision: https://reviews.freebsd.org/D35331
Similar to the change in 1a04446f08, use
cat to overwrite the contents of the existing file rather than cp so
that metadata of the existing file such as permissions and ownership
is preserved.
PR: 255514
Reported by: uqs
MFC after: 1 week
When performing a dry run, remove the temporary tree created rather
than rotating the trees. Rotating the trees meant that etcupdate
thought the latest changes were already merged and would not merge
them on the next real run.
PR: 260281
Reported by: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Fixes: 0611aec3cf etcupdate: Always extract to a temporary tree.
MFC after: 1 week
Otherwise, boot will hang if the numbering of disks has changed since
initial install.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: brd
Differential Revision: https://reviews.freebsd.org/D35309
Replace (LGPL) dialog utility with (BSD-2-Clause) bsddialog utility.
Add --hline info because bsddialog requires TAB to switch the focus on
buttons for an inputbox, dialog differs.
Delete f_dialog_inputbox_size() using libbsddialog autosizing.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35285
Commit 72bf76d6b8 added the -2 option to use
TLS 1.2 NFS-over-TLS mounts. It did not add -2
to the usage message.
This patch adds -2 to the usage message.
MFC after: 2 weeks
Commit 0637b12b13 added the -2 option to allow
TLS 1.2 NFS-over-TLS mounts. It did not add -2
to the usage message.
This patch adds -2 to the usage message.
MFC after: 2 weeks
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBSD 13,0, 13,1 uses TLS1.2 for
NFS-over-TLS, the "-2" option is added to both daemons
for compatibility with FreeBSD 13.0, 13.1.
This patch updates the man pages for this.
This is a content change.
Reviewed by: pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35290
Since the KTLS now supports TLS1.3, the daemons default
to version 1.3, since the draft (to be an RFC someday)
requires TLS1.3.
However, since FreeBSD 13,0, 13,1 uses TLS1.2 for
NFS-over-TLS, the "-2" option is added to both daemons
for compatibility with FreeBSD 13.0, 13.1.
This patch updates the man pages for this.
This is a content change.
Reviewed by: pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35290
Commit f5b40aa0de modifies the -C command line option
for rpc.tlsclntd to use the TLS 1.3 SSL_CTX_set_ciphersuites().
This patch updates the man page for this modified command
line option.
This is a content change.
Reviewed by: jhb, pauamma_gundo.com (same change for rpc.tlsservd.8)
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page will be updated in a separate commit.
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
This patch replaces SSL_CTX_set_cipher_list() with
SSL_CTX_set_ciphersuites(), since that is the function
that is used for TLS1.3.
The man page has already been updated.
MFC after: 2 weeks
Commit 712aac1389 adds a new -C command line option
to rpc.tlsservd.
This patch updates the man page for this new command
line option.
This is a content change.
Reviewed by: jhb, pauamma_gundo.com
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35136
bsdinstall(8) has an option to enable moused support.
However, if it is not selected, moused is still started
through the configuration of nondefault devices.
So, automatically add the moused_nondefault_enable="NO"
setting to rc.conf unless moused support is selected.
PR: 227999
Reported by: bcran
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35193
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
Since FreeBSD 13.0, 13.1 use TLS version 1.2 for
NFS-over-TLS mounts, this command line option
may be used so that NFS-over-TLS mounts to 13.0, 13.1
servers will still work.
Without the command line option, NFS-over-TLS mounts
will use TLS version 1.3.
The man page update will be a separate commit.
MFC after: 2 weeks
Commit 0b4f2ab0e9 fixes the krpc so that it can use TLS
version 1.3 for NFS-over-TLS, as required by
the draft (someday to be an RFC).
Since FreeBSD 13.0, 13.1 use TLS version 1.2 for
NFS-over-TLS mounts, this command line option
may be used so that mounts from 13.0, 13.1 will still work.
Without the command line option, only TLS version 1.3
mounts are permitted.
The man page update will be a separate commit.
MFC after: 2 weeks
Add a sentence that explains that PATH is set to `/bin:/usr/bin`.
I had to dive into `jexec.c` to find this out.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D35251
Makefile.arm64 relies on being included via Makefile.${MACHINE}. This
only works when arm64 is the only aarch64 architecture. Switch to
Makefile.aarch64 so downstream CheriBSD can use the file when building
for Morello which uses a differen ${MACHINE} value.
Sponsored by: Innovate UK
When a new FS image is created we need to calculate how much space each
file is going to consume.
Fix two bugs in that logic:
1) Count the space needed for indirect blocks for large files.
1) Normally the trailing data of a file is written to a block of frag
size, 4 kB by default.
However for files that use indirect blocks a full block is allocated,
32kB by default. Take that into account.
Adjust size calculations to match what is done in ffs_mkfs routine:
* Depending on the UFS version the superblock is stored at a different
offset. Take that into account.
* Add the cylinder group block size.
* All of the above has to be aligned to the block size.
Finally, Remove "ncg" variable. It's always 1 and it was used to
multiply stuff.
PR: 229929
Reviewed by: mckusick
MFC after: 2 weeks
Sponsored by: Semihalf
Submitted by: Kornel Dulęba <mindal@semihalf.com>
Differential Revision: https://reviews.freebsd.org/D35131
Differential Revision: https://reviews.freebsd.org/D35132
Override OSNAME to change the name of the OS in the installer.
This is a first step, the shell changes will be separate.
Reviewed by: allanjude
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D34878
Sponsored by: Rubicon Communications, LLC ("Netgate")
Devices that cannot be opened are most likely the install media and
should not be listed as destinations.
Reviewed by: allanjude
Approved by: allanjude
Differential Revision: https://reviews.freebsd.org/D34879
Sponsored by: Rubicon Communications, LLC ("Netgate")
Leave -Wcast-align disabled, at least for now, since there are numerous
instances of that warning in places where buffer pointers are cast to
pointers to various filesystem structures. Fixing this properly would
be too much work for too little gain.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
This patch adds logging of the version of TLS and cipher
negotiated successfully by the TLS handshake for each client,
if the "-v" command line option has been specified.
This information may be useful for monitoring and debugging
NFS-over-TLS mounts.
MFC after: 2 weeks
virtio-console is currently missing .pe_legacy_config, which prevents any
portN configuration from being parsed, and therefore no sockets will be
created.
Reviewed by: khng
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35142
The "C" option in the argument to getopt_long() was
missing a ":" for both rpc.tlsclntd.c and rpc.tlsservd.c.
This patch fixes this.
MFC after: 2 weeks
rpc.tlsclntd has a -C command line option for setting
preferred_ciphers. Testing at a recent IETF NFSv4 testing
event showed that setting preferred_ciphers is not normally
needed for the rpc.tlsservd.
This patch modifies rpc.tlsservd to not specify preferred_ciphers
by default, but provides the same -C option as rpc.tlsclntd to
set preferred_ciphers, in case it is needed.
The man page update will be done as a separate commit.
MFC after: 2 weeks
When running zpool export first, boot/efi and dev is still mounted so
zpool export fails. By running bsdinstall umount first the pool can be
cleanly exported.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35114
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC After: 3 days
Throughout the bsdinstall script fd 3 is used by f_dprintf (set through
$TERMINAL_STDOUT_PASSTHRU). By closing file descriptor 3 here, the
final f_dprintf "Installation Completed ... does not work anymore.
By putting the code into a subshell, file descriptors can be edited
without interference with the calling script.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D35113
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 3 days
Sometimes the parent-child sshd protocol changes during an upgrade, and
when this happens sshd will not accept new connections until it is
restarted.
PR: 263489
Reviewed by: kevans, gjb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35109
After an installation restart (for error or choice) dhclient does not
rebuild resolv.conf so `dialog --mixedform' of "Resolver Configuration"
in bsdinstall/scripts/netconfig draws empty forms. It causes a bad UX,
to see PR262262. Fixed resetting the interface before to run dhclient.
PR: 262262
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35094
Fix bsdinstall "Auto (UFS) Guided Disk Setup" and sade(8) "Auto".
The problem is a string comparison failure, it arose during the
dialog(3)/bsddialog(3) form conversion:
* dialog uses only form.text while bsdialog differentiates between
form.init and form.value.
* dialog always allocates memory for form values while bsddialog only
when a button is pressed.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D35033
Now that nvlist_send()/nvlist_recv() are being used, ditch the datagram
socket.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D34863
When invoked by inetd, ctlstat -P will now produce output suitable for
ingestion into Prometheus.
It's a drop-in replacement for https://github.com/Gandi/ctld_exporter,
except that it doesn't report the number of initiators per target, and
it does report time and dma_time.
MFC after: 2 weeks
Sponsored by: Axcient
Relnotes: yes
Reviewed by: bapt, bcr
Differential Revision: https://reviews.freebsd.org/D29901
When exporting sysctls to Prometheus, the exporter replaces "." with
"_". This caused several metrics to alias, confusing the Prometheus
server. Fix it by:
* Renaming the "tcp_log_bucket" UMA zone to "tcp_log_id_bucket". Also,
rename "tcp_log_node" to "tcp_log_id_node" for consistency.
* Not exporting sysctls with "(LEGACY)" in the description. That is
used by ZFS sysctls that have been replaced by others, many of which
alias to the same Prometheus metric name (like "vfs.zfs.arc_max" and
"vfs.zfs.arc.max").
PR: 259607
Reported by: delphij
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: delphij,rew,thj
Differential Revision: https://reviews.freebsd.org/D34952
cxgbei needs the ability to return different limits based on the
connection (e.g. if the connection is over a T5 adapter or a T6
adapter as well as factoring in the MTU).
This change plumbs through the changes in the ioctls without changing
any of the backends. The limits callback passed to icl_register now
accepts a second socket argument which holds the integer file
descriptor. To support ABI compatiblity for old binaries, the
callback should return "global" values if the socket fd is zero.
The CTL_ISCSI_LIMITS argument used with CTL_ISCSI by ctld(8) now
accepts the socket fd in a field that was previously part of a
reserved spare field. Old binaries zero this request which results in
passing a socket fd of 0 to the limits callback.
The ISCSIDREQUEST ioctl no longer returns limits. Instead, iscsid(8)
invokes a new ISCSIDLIMITS ioctl after establishing the connection via
connect(2). For ABI compat, if the old ISCSIDREQUEST is invoked, the
global limits are still fetched (with a socket fd of 0) and returned.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34928
This reduces duplication in the two lists and makes it clearer which
ioctls are needed in the ICL_KERNEL_PROXY case.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34927
Since the first unattributed commit in 1981, lpr has attempted to
prevent users from printing executables (and in earlier versions
archives). Archive detection was lost in 1992 when lpr gained a
dependency on a.out.h. No corresponding support was added for ELF files
with the full transiation to ELF in 1998, but a.out support has been
dragged forward to and contaminated platforms that never supported
a.out.
While this feature isn't unuseful, preventing the printing of
a single file format we stopped producing ~20 years ago isn't worth
the costs (however minimal).
Reviewed by: gad, imp, emaste
Differential Revision: https://reviews.freebsd.org/D34901
Queue "roundrobin" in a COP rule means the driver should select queues
for new tids in a round-robin manner.
Reviewed by: jhb@
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34922
-A and -m select different output modes output modes for diff3. When
both flags are present gnu diff3 prefers -m, drop the extra -A flag in
etcupdate.
Reviewed by: pstef, 0mp
MFC after: 3 days
Sponsored by: Klara Inc
Differential Revision: <https://reviews.freebsd.org/D###>
Little refactoring to complete the conversion to bsddialog(3),
not functional changes:
* Delete: remaining code for autosizing using BSDDIALOG_AUTOSIZE.
* Add: constants to delete magical numbers and to avoid unclear
returned values.
* Delete: redundant 'conf.button.default_cancel=false', performed by
bsddialog_initconf().
* Add: a new function message_zoneinfo_file() to merge features.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34862
These options use the CONS_SCRSHOT ioctl to capture the contents of the
current console, which is not yet supported by vt(4). Disable the
options when vt(4) is in use rather than emitting a possibly confusing
error message.
This change should be reverted if CONS_SCRSHOT is implemented for vt(4).
PR: 263099
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
bsdinstall/partedit: Replace (LGPL) libdialog with (BSD-2-Clause)
libbsddialog. Rewrite diskeditor.c and rename diskmenu.c because
it uses an API for menu totally incompatible with libbsddialog.
This is a User Interface change everything else is unchanged.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34639
Arguments passed to flags like -d and -k had ambiguous names like "dir".
Change that to more descriptive names like "homedir".
Also, clarify that -u min,max is for UIDs and -i min,max for GIDs.
MFC after: 1 week
pci_parse_legacy_config splits the options string by comma characters.
strchr returns a pointer to the first occurence of a character. In that
case, it's a comma. So, pci_parse_legacy_config will stop at the first
character and creates a new config node with a name of NULL.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D34600
At the moment, writes to BAR registers that aren't 4 byte aligned are
ignored. So, there's no overflow yet. Nevertheless, if this behaviour
changes in the future, it could unintentionally, introduce a buffer
overflow. Additionally, some compiler or tools will detect this
potential overflow and complain about it.
Reviewed by: markj
Signed-off-by: Corvin Köhne <c.koehne@beckhoff.com>
Reported-by: Andy Fiddaman <andy@omniosce.org>
Differential Revision: https://reviews.freebsd.org/D34689
fstyp looks for a 0x55 0xAA signature at offset 510, but this is not
required by specifications and is not proivded by the Raspberry Pi Nano
bootloader.
We should really remove the signature check and implement a more
comprehensive BPB validation instead, but it will require more
investigation and testing. For now just add a special case for the
Raspberry Pi Nano bootloader, to avoid introducing regressions or new
false positives.
PR: 262896
Reviewed by: delphij
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34699
Avoid a null dereference when a value-less jailsys parameter is passed
to "jail -m". There was already code to handle boolean parameters,
but in reality any parameter could be passed without a value.
The order of arguments in the example does not work, because tar thinks
the directory is named -C, which does not exist and reports:
tar: Error opening archive: Failed to open '-C'
Approved by: rpokala@ (src) on IRC
Differential Revision: https://reviews.freebsd.org/D34649
Replace (LGPL) dialog utility with (BSD-2-Clause) bsddialog utility,
'dialog --calendar' is replaced by 'bsddialog --datebox' with same
features but different User Interface.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34583
The initial patch had a bug where the full volume syntax, floating point values,
:, + and -, wasn't accepted.
While at it move some defines to enum's.
Fixes: da3d4469ef
Submitted by: christos@
Differential Revision: https://reviews.freebsd.org/D34617
Sponsored by: NVIDIA Networking
dev.volume=X[.X] can now also be written as dev=X[.X] .
Requested by: hselasky@ and bsduck (FreeBSD forums)
Submitted by: christos@
Differential Revision: https://reviews.freebsd.org/D34612
Sponsored by: NVIDIA Networking
NAME_MAX is a better fit since strcat_extension() constructs the
filename of the snapshot file.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D34291
Allows callers of vm_get_name() to retrieve the vm name without having
to allocate a buffer.
While in the vicinity, do minor cleanup in vm_snapshot_basic_metadata().
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D34290
When scan_ssid=1 the list of configured SSIDs is available to
eavesdroppers. Note this in the man page.
PR: 194122
Reviewed by: debdrup, Pau Amma
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34576
Explicitly initialize the mutex that a PCI virtio module passes back to
virtio.
It so happens that these mutexes were being initialized regardless, no
functional change intended.
Reviewed by: chuck, jhb
Differential Revision: https://reviews.freebsd.org/D34372
Replace (LGPL) libdialog with (BSD-2-Clause) libbsddialog,
while here diversify error messages to find quickly the exact point
of failure.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34464
- Use correct macros (e.g., Pa for paths, Ar for arguments, Cm for
command modifiers).
- Pet igor and mandoc -Tlint (e.g., start sentences after a newline).
- Use Ta instead of a tab character in tables.
- Stylize all table headers with Sy consistency.
- Add a missing "vol" variant to the synopsis of "dev.volume".
- Sort dev.recsrc command modifiers consistency.
- Use "Bd -literal" for code blocks in the examples. "Bl -tag" is not
the right macro for that.
Fixes: 903873ce15 Implement and use new mixer(3) library for FreeBSD.
The variable was used in an #if 0 block; just move the variable
definition and setting into the same block since Firewire is mainly of
historical interest and is unlikely to see ongoing development in
FreeBSD.
Sponsored by: The FreeBSD Foundation
The Li macro is deprecated. Also, the Cm macro should be used here
instead for consistency with the rest of the manual and style.mdoc(5).
Fixes: e47fe3183e bhyve: add ROM emulation
MFC after: 1 month
The security/520-pfdenied script only reports blocked packets from the
main ruleset or any blocklistd(8) anchor.
Add an option to periodic.conf(5) to make it possible to specify
additional anchors to report.
PR: 262446
Reviewed by: kp
For backward compatibility, the memory size will be interpreted in MB if
it's smaller than1 MB and has no suffix. Nowadays, the -m switch accepts
more than just MB. Respect it in the usage message.
Differential Revision: https://reviews.freebsd.org/D34506
Reviewed by: grehan
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 1 month
Some PCI devices especially GPUs require a ROM to work properly.
The ROM is executed by boot firmware to initialize the device.
To add a ROM to a device use the new ROM option for passthru device
(e.g. -s passthru,0/2/0,rom=<path>/<to>/<rom>).
It's necessary that the ROM is executed by the boot firmware.
It won't be executed by any OS.
Additionally, the boot firmware should be configured to execute the
ROM file.
For that reason, it's only possible to use a ROM when using
OVMF with enabled bus enumeration.
Differential Revision: https://reviews.freebsd.org/D33129
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 1 month
Export functions for reading and writing the pci config space from passthru
device to be used by other devices.
This is required for lpc devices to set their vendor/device ids to their
physical values.
Otherwise, GPU passthrough for integrated Intel GPUs won't work properly.
Differential Revision: https://reviews.freebsd.org/D33769
Reviewed by: markj
Sponsored by: Beckhoff Automation GmbH & Co. KG
MFC after: 1 month
Even today it is possible to specify pinning for a vCPU higher than
the configured number of CPUs but lower than VM_MAXCPU without raising
an error.
Reviewed by: grehan
Differential Revision: https://reviews.freebsd.org/D34492
Use basl_ncpu instead of VM_MAXCPU in MADT_SIZE. Since several of the
offsets are no longer compile time constants, unroll the loop
generating ACPI tables.
Reviewed by: grehan
Differential Revision: https://reviews.freebsd.org/D34490
With the initial import of 386BSD 0.1 in 1993, the daily execution of
/etc/news.expire was introduced (see commit 1bf9d5d951).
In 1997, this was brought into periodic resulting in daily/330.news
(see commit 28dce04d19). But as far as I see, /etc/news.expire has
never existed.
PR: 256238
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30631
Make gctl_add_param() API public, allowing more precise control over
parameter flags. Previously it was impossible to properly declare
write-only ASCII parameters, used for result reporting, they were
declared as read-write binary instead, that was not nice.
MFC after: 1 month
Use seperate nvlist entries for the romfile and the varfile.
While here, don't leak varfd in bootrom_loadrom().
Reviewed by: jhb, markj
Differential Revision: https://reviews.freebsd.org/D33433
Improve the installer: wlanconfig allows user to enter WiFi details
if no networks found, useful to connect to a hidden SSID.
PR: 246192
Reported by: emaste
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D34149
Retrieves that path for a device. Different methods to enumerat the path
are supported, called locators.
Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D32747
During distributeworld we call distribute on subdirectories, which in
turn calls installconfig. However, this recursive installconfig call
appends the distribution name (in these cases, "base") to DESTDIR. For
install(1) this works fine as its -D argument comes from the top-level
Makefile.inc1, which passes the original DESTDIR, thereby resulting in
the METALOG entry having the distribution name as a prefix representing
its true installed path relative to the root, but for the hand-rolled
entries they do not use install(1) and thus do not have access to what
the original DESTDIR was, resulting in the METALOG missing this prefix.
Thus, pass down the name of the distribution via a new variable DISTBASE
(chosen as Makefile.inc1 already uses that to convey this exact same
information to etc's distrib-dirs during distributeworld) and prepend
this to the handful of manually-generated METALOG entries. For the
installworld case this variable will be empty and so this behaves as
before.
Note that we need to be careful to avoid double slashes in the METALOG;
distributeworld uses find | awk to split the single METALOG up into
multiple dist.meta files, and this relies on the paths in the METALOG
having the exact prefix ./dist (or ./dist/usr/lib/debug).
Reviewed by: brooks, emaste
Differential Revision: https://reviews.freebsd.org/D33997
libopts uses generated format string tables that contain embedded NULs.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34386
The OID "kern.iscsi.login_timeout" references an integer and
not a string.
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D34380
The result of read() was stored in an unsigned variable, so the
test for a negative value would never work.
While I'm here, print a better error message for an empty file,
omitting the misleading errno message.
Reported by: Coverity
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Since commit 04e9edb544, rtsold has leaked the memory for the
argument vector of every script it runs.
Reported by: Coverity
Reviewed by: markj
Fixes: 04e9edb544
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D34355
Set errno to EINVAL if the name overflows the buffer, as was done
before commit ecce515d54.
Reviewed by: dab, markj
Fixes: ecce515d54
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D34354
Add per-Session configurable ping (SCSI NOP) and login timeouts.
Remove the torn down, old iSCSI session quickly, when performing a reconnect.
Reviewed By: trasz
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D34198
Advertise Namespace Attribute Notices events in the Optional
Asynchronous Events Supported (OAES) field of the Identify Controller
data structure. Additionally, rename the enums and macros to clarify
these are AEN's related to Notices and not generic information.
Reported by: andy@omniosce.org
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D34331
UI fix not related to the real fetching process, use 'nfiles'
(instead of 'total files size') to compute main bar percentage
if an error occurs:
- fix: main bar greater than 100%, if an error occurs before fetching
- fix: main bar less than 100%, if an error occurs during fetching
- add: last mixedgauge, at least one dialog if a total failure occurs
PR: 164094, 169748
Approved by: bapt (mentor)
Review: https://reviews.freebsd.org/D33978
This is a small program that when invoked will create start and stop
boottrace entries via sysctl, and execute the desired command. Having
this as an executable -- as opposed to some shell script invoking
sysctl(8) -- allows the total resource usage recorded by the trace
entries to include the child process.
Reviewed by: 0mp, trasz (older version)
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D31929
The nvlist for a checkpoint request will now look like:
{ cmd="checkpoint", suspend="true/false", filename="afilename" }
Reviewed by: jhb
Suggested by: jhb
Differential Revision: https://reviews.freebsd.org/D34237
This addresses one nit and one bug in the BE creation feature of
freebsd-update:
The nit addressed is that it currently only names the BEs after the
userland version, but the kernel version may be higher. After this
change, we request both and pass them through sort(1) to choose the
highest. This is especially helpful if a freebsd-update patch touched
one but not the other.
The bug fixed is that roots updated that are not located at '/', e.g.,
by using -b or -j, will no longer create boot environments
automatically. There's a very low chance these will actually change the
BE in any meaningful way, anyways. It could make sense in the future
to allow an argument-override to create the BE anyways if someone comes
up with a non-standard setup, e.g., where a jail is an important part of
their boot environment on an appliance or some such setup.
Half of this patch is submitted by delphij@, the other half kevans@.
PR: 261446
MFC after: 3 days
Reviewed by: delphij, emaste, Dave Fullard <dave_fullard.ca>
Differential Revision: https://reviews.freebsd.org/D34257
In GNU ld and ld.lld, -dc is used with -r to allocate space to COMMON
symbols. It is presumably to work around legacy code which cannot
handle COMMON symbols in relocatable output. ld.lld may remove -dc or
make it a no-op for the 15.0.0 release.
As of 7420b323a0 crunch/crunchide does not require -dc, as the symbol
hiding technique no longer relied on making symbols local.
In addition -fno-common is now the default in Clang and GCC, so -dc
serves no purpose as the compiler does not generate COMMON symbols
anyway.
See https://maskray.me/blog/2022-02-06-all-about-common-symbols for more
detail on common symbols.
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34215
tcpsso is a command line tool to apply a socket option to an
existing TCP endpoint, which is identified by the inp_gencnt.
tcpsso can be used, for example, to switch the congestion control
module or the TCP stack.
Reviewed by: rrs, rscheff, debdrup, pau amma
Relnotes: yes
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D34139
