The module is designed for modification of a packets of any protocols.
For now it implements only TCP MSS modification. It adds the external
action handler for "tcp-setmss" action.
A rule with tcp-setmss action does additional check for protocol and
TCP flags. If SYN flag is present, it parses TCP options and modifies
MSS option if its value is greater than configured value in the rule.
Then it adjustes TCP checksum if needed. After handling the search
continues with the next rule.
Obtained from: Yandex LLC
MFC after: 2 weeks
Relnotes: yes
Sponsored by: Yandex LLC
No objection from: #network
Differential Revision: https://reviews.freebsd.org/D10150
This opcode can be used to attach some data to external action opcode.
And unlike to O_EXTERNAL_INSTANCE opcode, this opcode does not require
creating of named instance to pass configuration arguments to external
action handler. The data is coming just next to O_EXTERNAL_ACTION opcode.
The userlevel part currenly supports formatting for opcode with ipfw_insn
size, by default it expects u16 numeric value in the arg1.
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
mode. This works around bugs in at least 2 Intel BIOSes for our
subsequent setting of the DAC back to 8-bit mode. The bug caused dark
(mostly 1/4-intensity) colors for all except the first setting to a
VESA graphics mode (including for settings to the current mode).
Remove restoration (with less bits) of the palette in vesa_unload()
after resetting the DAC to 6-bit mode. Depend on the BIOS to keep
the palette consistent with the DAC for the simpler reset case like
we do everywhere else in places that are actually important.
Setting the video mode should reset everything to defaults, although
we usually don't want that. Even the buggy BIOSes set the DAC to the
default 6-bit mode, and set the palette to a default that matches the
DAC. We don't undo the reset for most things, but we do undo it for
the DAC (more precisely, we change to an 8-bit DAC if possible, and
this is the only way that we set to an 8-bit DAC; it is accidental
that if the DAC was in 8-bit mode from a previous mode switch then
setting it to 8-bit mode is an undo). The buggy BIOSes are confused
by our setting of the DAC to 8-bit mode in the "undo" case. They
should multiply palette entries by 4 to match, but they actually leave
all palette entries except #2 (green) and #248-255 (unused) untouched.
Green is mysteriously scaled from 0x2a to 0x6a, and #248-255 are scaled
correctly.
Our support for the 8-bit DAC had almost no effect except to enable
bugs. Syscons barely supports 16 colors, so it doesn't benefit much
from having a palette with 16 million colors instead of only 256K.
Applications can manage the palette using FBIO_{GET,SET}PALETTE, but
the palette managed by this is only used in the less interesting modes
(text and non-truecolor graphics modes up to 8 bits wide), and the
kernel loses the changes on any mode switch (including to another vt
in a different mode).
so overflow can still occur. Fix that. Also remove the extra check for
tv_sec size as under COMPAT_LINUX32 it is always true.
Pointed out by: bde@
MFC after: 1 week
Many devices are clocked from the SoC's platform clock / 2. Some device nodes
include their own clock-frequency property, while others are dependent on the
SoC's bus-frequency property instead. To simplify, add a helper function to get
this clock.
passed in from u-boot across the call to self_reloc and any other early-init
code, and restore them before calling main().
The self_reloc() routine uses r0 and r1 (and calling it uses lr), and
depending on what values get left in them, main() would intermittantly lock
up trying to interpret them as argc and argv values. This problem affected
the self-relocatable ubldr.bin but not ubldr (the elf version).
FreeBSD's DTS contained only one PL050 node and driver considered it to
be PS/2 keyboard. In reality PL050 is a PS/2 port that pushes bytes to/from
the periphers connected to it. New DTS contains two nodes and QEMU emulates
keyboard connected to port #0 and mouse connected to port #1. Since there
is no way to say what's connected to port by checking DTS we hardcode
this knowledge in the driver: it assumes keyboard on port #0 and ignores
port #1 altogether.
Also QEMU defaults emulated keyboard to scan code set 2 while driver used
to work with scan code set 1 so when initializing driver make sure keyboard
is switched to scan code set 1
Scope of this change is somewhat larger than just converting to INTRNG.
The reason for this is that INTRNG support required switching from custom
to upstream DTS because custom DTS didn't have interrup routing information.
This switch caused rewrite of PCI and CLCD drivers and adding SCM module.
List of changes in this commit:
- Enable INTRNG and switch to versatile-pb.dts
- Add SCM driver that controls various peripheral devices like LCD or
PCI controller. Previously registers required for power-up and
configuring peripherals were part of their respective nodes. Upstream
DTS has dedicated node for SCM
- Convert PL190 driver to INTRNG
- Convert Versatile SIC (secondary interrupt controller) to INTRNG
- Refactor CLCD driver to use SCM API to power up and configuration
- Refactor PCI driver to use SCM API to enable controller
- Refactor PCI driver to use interrupt map provided in DTS for
interrupt routing. As a result it fixes broken IRQ routing and
it's no longer required to run QEMU with "-global versatile_pci.broken-irq-mapping=1"
command-line arguments
This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.
This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.
Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.
Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.
GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.
Submitted by: Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by: oshogbo (earlier version), cem (earlier version)
MFC after: 3 weeks
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D9575
Improve existing BGX detection and adjust it to support both
new and older ThunderX firmwares. Match BGX FDT nodes by name
and reg. Match PHY instances by qlm-mode and name.
Tested on Firmware Version: 2016-09-30 09:12:11
Obtained from: Semihalf
Differential Revision: https://reviews.freebsd.org/D9863
As posix_fadvise() does not lock the vnode argument, don't capture
detailed vnode information for the time being.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
This requires minor changes to the audit framework to allow capturing
paths that are not filesystem paths (i.e., will not be canonicalised
relative to the process current working directory and/or filesystem
root).
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
external action is completed, but the rule search is continued.
External action handler can change the content of @args argument,
that is used for dynamic state lookup. Enforce the new lookup to be able
install new state, when the search is continued.
Obtained from: Yandex LLC
MFC after: 1 week
Sponsored by: Yandex LLC
If a jail has an explicitly assigned IPv6 loopback address then allow it
to be used instead of remapping requests for the loopback adddress to the
first IPv6 address assigned to the jail.
This fixes issues where applications attempt to detect their bound port
where they requested a loopback address, which was available, but instead
the kernel remapped it to the jails first address.
This is the same fix applied to IPv4 fix by: r316313
Also:
* Correct the description of prison_check_ip6_locked to match the code.
MFC after: 2 weeks
Relnotes: Yes
Sponsored by: Multiplay
If a jail has an explicitly assigned loopback address then allow it to be
used instead of remapping requests for the loopback adddress to the first
IPv4 address assigned to the jail.
This fixes issues where applications attempt to detect their bound port
where they requested a loopback address, which was available, but instead
the kernel remapped it to the jails first address.
A example of this is binding nginx to 127.0.0.1 and then running "service
nginx upgrade" which before this change would cause nginx to fail.
Also:
* Correct the description of prison_check_ip4_locked to match the code.
MFC after: 2 weeks
Relnotes: Yes
Sponsored by: Multiplay
In GELI, anywhere we are zeroing out possibly sensitive data, like
the metadata struct, the metadata sector (both contain the encrypted
master key), the user key, or the master key, use explicit_bzero.
Didn't touch the bzero() used to initialize structs.
Reviewed by: delphij, oshogbo
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D9809
Make sure sensitive memory is properly cleared when finished with it
Reviewed by: Eric McCorkle <eric@metricspace.net>
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D9798
Fallback to Linux video interface bindings introduced in r313068 worked
with then current DTS but that DTS turned out to be not conformant to
the the bindings spec. DTS import in r314854 fixed the conformancy but
broke the functionality. This commit syncs up functionality to the actual
spec.
Reported by: manu@
AUE_PROCCTL, AUE_SENDFILE, AUE_ACL_*, and AUE_POSIX_FALLOCATE.
Audit AUE_SHMUNLINK path in the path token rather than as a
text string, and AUE_SHMOPEN flags as an integer token rather
than a System V IPC address token.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
We have parallel NFSv2 and NFSv3 reader implementations, only configurable at
build time, defaulting to v3. Remove v2.
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D10206
resulting in a process dumping core in the corefile.
Also extend procstat to view select members of 'struct ptrace_lwpinfo'
from the contents of the note.
Sponsored by: Dell EMC Isilon
The current efi_zfs_probe() is overcomplicated and can be made
simpler. Still we need to pick up the device handle for our boot
disk first, because the ESP does not have to be the first partition on the
disk.
Once we do have the handle for boot disk, we probe that disk with
pointer for pool GUID.
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D10198
While testing 32bit UEFI OVMF (which has bug about how the disk size
is presented), I did witness the errors from blkio->ReadBlocks().
It became apparent we can not entirely trust UEFI interfaces either,
so additional checks are needed.
So we use disk_ioctl(DIOCGMEDIASIZE) for disks, with fallback of
Media->LastBlock for other media.
In addition, we need to check if there is media present.
+ small fixes for error printout, and avoiding multiple blk * 512.
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D10197
definitions for the DTrace audit provider, so that the dtaudit module
can compile in the absence of kernel DTrace support. This doesn't
really make run-time sense (since the binary dependencies for the
module won't be present), but it allows the dtaudit module to compile
successfully regardless of the kernel configuration.
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
Reported by: kib
The prerequisite for '#if __EXT1_VISIBLE' functionality is the
inclusion of sys/cdefs.h. errno.h only auto-includes the header for
non-kernel environment, and EXT1 block only useful for non-kernel as
well.
Reported by: lwhsu
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
9899:2011 Appendix K 3.7.4.1.
Other needed supporting types, defines and constraint_handler
infrastructure is added as specified in the C11 spec.
Submitted by: Tom Rix <trix@juniper.net>
Sponsored by: Juniper Networks
Discussed with: ed
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D9903
Differential revision: https://reviews.freebsd.org/D10161
The goal of this work is to remove the explicit dependency for ctl(4)
on iscsi(4), so end-users without iscsi(4) support in the kernel can
use ctl(4) for its other functions.
This allows those without iscsi(4) support built into the kernel to use
ctl(4) as a test mechanism. As a sidenote, this was possible around the
10.0-RELEASE period, but made impossible for end-users without iscsi(4)
between 10.0-RELEASE and 11.0-RELEASE.
Automatically load cfiscsi(4) from ctladm(8) and ctld(8) for backwards
compatibility with previously releases. The automatic loading feature is
compiled into the beforementioned tools if MK_ISCSI == yes when building
world.
Add a manpage for cfiscsi(4) and refer to it in ctl(4).
Differential Revision: D10099
MFC after: 2 months
Relnotes: yes
Reviewed by: mav, trasz
Sponsored by: Dell EMC Isilon
map the 'which' argument into a suitable audit event identifier for the
specific operation requested.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Sponsored by: DARPA, AFRL
instrument security event auditing rather than relying on conventional BSM
trail files or audit pipes:
- Add a set of per-event 'commit' probes, which provide access to
particular auditable events at the time of commit in system-call return.
These probes gain access to audit data via the in-kernel audit_record
data structure, providing convenient access to system-call arguments and
return values in a single probe.
- Add a set of per-event 'bsm' probes, which provide access to particular
auditable events at the time of BSM record generation in the audit
worker thread. These probes have access to the in-kernel audit_record
data structure and BSM representation as would be written to a trail
file or audit pipe -- i.e., asynchronously in the audit worker thread.
DTrace probe arguments consist of the name of the audit event (to support
future mechanisms of instrumenting multiple events via a single probe --
e.g., using classes), a pointer to the in-kernel audit record, and an
optional pointer to the BSM data and its length. For human convenience,
upper-case audit event names (AUE_...) are converted to lower case in
DTrace.
DTrace scripts can now cause additional audit-based data to be collected
on system calls, and inspect internal and BSM representations of the data.
They do not affect data captured in the audit trail or audit pipes
configured in the system. auditd(8) must be configured and running in
order to provide a database of event information, as well as other audit
configuration parameters (e.g., to capture command-line arguments or
environmental variables) for the provider to operate.
Reviewed by: gnn, jonathan, markj
Sponsored by: DARPA, AFRL
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D10149
A request may be queued while the queue lock is dropped when the mirror is
being destroyed. The corresponding wakeup would be lost, possibly resulting
in an apparent hang of the mirror worker thread.
Tested by: pho (part of a larger patch)
MFC after: 1 week
Sponsored by: Dell EMC Isilon
The worker thread will destroy the mirror provider as part of its teardown
sequence. The call made sense in the initial revision of gmirror, but
became unnecessary in r137248.
Tested by: pho (part of a larger diff)
MFC afteR: 2 weeks
Sponsored by: Dell EMC Isilon
doesn't help clang, but buys us another 32 bytes for gcc 4.2.1. It
also eliminates a warning from gcc 6.3.0 that says inlining this would
be unhelpful.
position. Especially the screen size, and potentially everything except
the input state and attributes. Do this by changing the cursor position
setting method to a general syncing method.
Use proper constructors instead of copying to create kernel terminal
contexts. We really want clones and not new instances, but there is
no method for cloning and there is nothing in the active instance that
needs to be cloned exactly.
Add proper destructors for kernel terminal contexts. I doubt that the
destructor code has every been reached, but if it was then it leaked the
memory of the clones.
Remove freeing of statically allocated memory for the non-kernel terminal
context for the same terminal as the kernel. This is in the nearly
unreachable code. This used to not happen because delicate context
swapping made the user context use the dynamic memory and kernel
context the static memory. I didn't restore this swapping since it
would have been unnatural to have all kernel contexts except 1 dynamic.
The constructor for terminal context has bad layering for reasons
related to the bug. It has to return static memory early before
malloc() works. Callers also can't allocate memory until after the
first constructor selects an emulator and tells upper layers the size
of its context. After that, the cloning hack required the cloning
code to allocate the memory, but for all other constructors it would
be better for the terminal layer to allocate and deallocate the
memory in all cases.
Zero the memory when allocating terminal contexts dynamically.
This is being done to make it easier to change in the future--this action might be
needed sooner rather than later because of gcc 6.3.0 bailing, stating that there
is negative free space left (deficit) in the boot2 bootloader.
MFC after: 2 months
Sponsored by: Dell EMC Isilon
self_reloc.c doesn't initialize `rel` in all cases in the C code, however, the value
might be initialized properly on the stack in the assembly code.
For right now (because this doesn't seem to be breaking anything and my initializing
the stack value could break something since it's called from assembly code) disable
the warning for self_reloc.c. More investigation should be done to determine the
appropriate response to this warning (either intialize the value or find a smarter
way to deal with the warning).
A long MFC timeout is being set for this change to allow a better solution for the
issue to be developed in that time period.
MFC after: 2 months
Reported by: Jenkins (FreeBSD-head-amd64-gcc job)
Tested with: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
With some file system the ls is unable to display file types.
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D10066
Move the time related function into time.c, keep the same logic as libefi.
Reviewed by: allanjude
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D10058
`-Wno-missing-variable-declarations` is a clang-specific flag,
so gcc (not 4.2.1, in particular 6.3.0 in my case) dies when
it's passed the flag.
X-MFC with: r304321
Reported by: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
This is a better pattern to follow when creating the bootloaders and doing
the relevant space checks to make sure that the sizes aren't exceeded (and
thus, copy-pasting is a bit less error prone).
MFC after: 3 days
Sponsored by: Dell EMC Isilon
This variable has been unused since its inception in r40106.
MFC after: 3 days
Reported by: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
zfssubr.c already defines this statically. Besides, zfsimpl.c defined it, but
didn't use it.
This fixes a -Wredundant-decls warning.
MFC after: 3 days
Reported by: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
This fixes several -Wshadow warnings introduced in r192194, but now errors
with gcc 6.3.0.
MFC after: 3 days
Reported by: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
This fixes a -Wempty-body warning with gcc 6.3.0 when PART_DEBUG is undefined.
MFC after: 3 days
Reported by: Jenkins (FreeBSD-head-amd64-gcc job)
Tested with: amd64-gcc-6.3.0 (devel/amd64-xtoolchain-gcc)
Sponsored by: Dell EMC Isilon
bde enabled -fno-guess-branch-probability in 2003, well before our
current compiler was imported. At the time it produced weirdly orded
code. It no longer does that. It also saves 0-4 bytes depending on
other options.
kan disabled unit-at-a-time in 2004 because it badly mangled boot2 so
it wouldn't work. That too was before the 4.2.1 compiler, where it no
longer does that. This saves 44 bytes.
I had planned to document why they were needed, but when I discovered
their antiquity, I removed them and boot2 still works and is
smaller. In qemu, the old and new boot2's behaved identically.
These are gcc specific hacks, and won't affect clang-built boot2
at all.
Don't compile geliargs into the image and don't pass geliargs to the respective
bootloader code via __exec(..).
This saves a negligible amount of memory/disk space.
X-MFC with: r296963
Obtained from: Isilon OneFS
Sponsored by: Dell EMC Isilon
cfumass(4) is not usable if usfs(4) is loaded or compiled into the
kernel. Remove usfs so that the user may kldload the USB mass storage
target they prefer.
PR: 218169
Reviewed by: trasz, hselasky (no objection)
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10153
tcp_output.c was using a route on the stack for IPv6, which does not
allow route caching or LLE/ndp caching. Switch to using the route
(v6 flavor) in the in_pcb, which was already present, which caches
both L3 and L2 lookups.
Reviewed by: gnn hiren
MFC after: 2 weeks
clang is now inserting .file directives with the entire path in
them. This is fine, except that our sed peephole optimizer removes
them if ${SRCTOP} or ${OBJTOP} contains 'align' or 'nop', leading to
build failures. The sed peephole optimizer removes useful things for
boot2 when used with clang, so restrict its use to gcc. Also, gcc no
longer generates nops to pad things, so there's no point in removing
it. Specialize the optimization to just removing the .align 4 lines to
preclude inadvertant path matching.
Sponsored by: Netflix
Commit brought to you the path: /home/xxx/NCD-3592-logsynopts/FreeBSD
the thread that deals with socket state changes. This eliminates
various bad races with the ithread.
Submitted by: KrishnamRaju ErapaRaju @ Chelsio (original version)
MFC after: 3 days
Sponsored by: Chelsio Communications
This patch brings 802.1q support for Marvell 88E606x ethernet switches.
Test is done on 88E6065 chip (Aterm WR1200).
Submitted by: Hiroki Mori <yamori813@yahoo.co.jp>
Reviewed by: mizhka
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D10144
7603 xuio_stat_wbuf_* should be declared (void)
illumos/illumos-gate@99aa8b550599aa8b5505https://www.illumos.org/issues/7603
The funcs are declared k&r style, where the args are not specified:
void xuio_stat_wbuf_copied();
They should be declared to take no arguments:
void xuio_stat_wbuf_copied(void);
Need to change both .c and .h.
Author: Prashanth Sreenivasa <pks@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
the LinuxKPI for accessing user-space memory in the kernel.
Add functions to hold and wire physical page(s) based on a given range
of user-space virtual addresses.
Add functions to get and put a reference on, wire, hold, mark
accessed, copy and dirty a physical page.
Add new VM related structures and defines as a preparation step for
advancing the memory map capabilities of the LinuxKPI.
Add function to figure out if a virtual address was allocated using
malloc().
Add function to convert a virtual kernel address into its physical
page pointer.
Obtained from: kmacy @
MFC after: 1 week
Sponsored by: Mellanox Technologies
- Don't execute any of g_mirror_shutdown_post_sync() when panicking. We
cannot safely idle the mirror or stop synchronization in that state, and
the current attempts to do so complicate debugging of gmirror itself.
- Check for a non-NULL panicstr instead of using SCHEDULER_STOPPED(). The
latter was added for use in the locking primitives.
Reviewed by: mav, pjd
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
The change introduced a dependency between genassym.c and header files
generated from .m files, but that dependency is not specified in the
make files.
Also, the change could be not as useful as I thought it was.
Reported by: dchagin, Manfred Antar <null@pozo.com>, and many others
that used to work via the bold hack).
Fix the table entry for bright black. Fix spelling of plain black in
nearby table entries (use the macro for black everywhere everywhere).
Fix the currently-unused non-bright color table to not have bright
colors in entries 9-15.
Improve nearby comments. Start converting to the xterm terminology
and default rendering of "bright" instead of "light" for bright
colors.
Syscons wasn't affected by the bug since I optimized it a little by
converting colors 0-15 directly. This also fixes the layering of
the conversion for these colors.
Apply the same optimization to vt (actually the layer above it). This
also moves the conversion 1 closer to the correct layer for colors
0-15.
The optimization of just avoiding 2 calls to a trivial function is worth
about 10% for simple output to the virtual buffer with occasional
rendering. The optimization is so large because the 2 calls are done
on every character, so although there are too many other calls and
other instructions per character, there are only about 10 times as
many. Old versions of syscons were about 10 times faster for simple
output, by using a fast path with about 12 instructions per character.
Rendering to even slow hardware takes relatively little time provided
it is rarely actually done.
database in the kernel audit implementation, similar the exist
class mapping database. This will be used by the DTrace audit
provider to map audit event identifiers originating in the
system-call table back into strings for the purposes of setting
probe names. The database is initialised and maintained by
auditd(8), which reads values in from the audit_events
configuration file, and then manages them using the A_GETEVENT
and A_SETEVENT auditon(2) operations.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, AFRL
MFC after: 3 weeks
The change seems to be more in the nomenclature than in the way the
topology is advertised by the hardware.
Tested by: truckman (earlier version of the change)
MFC after: 2 weeks
Implement timeouts for register-based DMAR commands. Tunable/sysctl
hw.dmar.timeout specifies the timeout in nanoseconds, set it to zero
to allow infinite wait. Default is 1ms.
Runtime modification of the sysctl is not safe, it is allowed for
debugging.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
system calls including those for asynchronous I/O, thread management, SCTP,
jails, multi-FIB support, and misc. POSIX interfaces such as
posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).
Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch. This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, AFRL
MFC after: 3 weeks
I fixed this in 1997, but the fix was over-engineered and fragile and
was broken in 2003 if not before. i386 parameters were copied to 8
other arches verbatim, mostly after they stopped working on i386, and
mostly without the large comment saying how the values were chosen on
i386. powerpc has a non-verbatim copy which just changes the uncritical
parameter and seems to add a sign extension bug to it.
Just treat negative offsets as offsets if they are no more negative than
-db_offset_max (default -64K), and remove all the broken parameters.
-64K is not very negative, but it is enough for frame and stack pointer
offsets since kernel stacks are small.
The over-engineering was mainly to go more negative than -64K for the
negative offset format, without affecting printing for more than a
single address.
Addresses in the top 64K of a (full 32-bit or 64-bit) address space
are now printed less well, but there aren't many interesting ones.
For arches that have many interesting ones very near the top (e.g.,
68k has interrupt vectors there), there would be no good limit for
the negative offset format and -64K is a good as anything.
1) They are using wrong tag (Tx) + map (Rx) combination.
2) Rx descriptor is already synchronized in iwn_notif_intr()
3) It's not needed for transmitted data since device does not change
mbuf contents.
Tested with Intel 6205 (amd64), STA mode.
Newer VGAs don't support any mono modes, but bugs in the tables created
2 virtual mono modes (#45 90x43 and #112 80x43) that behaved more
strangely than crashing. 90-column modes are tweaked 80-column ones
and also fail to work on newer VGAs. #45 did crash (hang) on some
hardware.
it to a separate state for each CPU.
Terminal "input" is user or kernel output. Its state includes the current
parser state for escape sequences and multi-byte characters, and some
results of previous parsing (mainly attributes), and in teken the cursor
position, but not completed output. This state must be switched for kernel
output since the kernel can preempt anything, including itself, and this
must not affect the preempted state more than necessary. Since vty0 is
shared, it is necessary to affect the frame buffer and cursor position and
history, but escape sequences must not be affected and attributes for
further output must not be affected.
This used to work. The syscons terminal state contained mainly the parser
state for escape sequences and attributes, but not the cursor position,
and was switched. This was first broken by SMP and/or preemptive kernels.
Then there should really be a separate state for each thread, and one more
for ddb, or locking to prevent preemption. Serialization of printf() helps.
But it is arcane that full syscons escape sequences mostly work in kernel
printf(), and I have never seen them used except by me to test this fix.
They worked perfectly except for the races, since "input" from the kernel
was not special in any way.
This was broken to use teken. The general switch was removed, and the
kernel normal attribute was switched specially. The kernel reverse
attribute (config option SC_CONS_REVERSE_ATTR) became unused, and is
still unusable because teken doesn't support default reverse attributes
(it used to only be used via the ANSI escape sequence to set reverse
video).
The only new difficulty for using teken seems to be that the cursor
position is in the "input" state, so it must be updated in the active
input state for each half of the switch. Do this to complete the
restoration.
The per-CPU state is mainly to make per-CPU coloring work cleanly, at
a cost of some space. Each CPU gets its own full set of attribute
(not just the current attribute) maintained in the usual way. This
also reduces races from unserialized printf()s. However, this gives
races for serialized printf()s that otherwise have none. Nothing
prevents the CPU doing the a printf() changing in the middle of an
escape sequence.
optimization.
This fixes building with gcc-4.2.1 (it doesn't support SSE4).
gas-2.17.50 [FreeBSD] supports SSE4 instructions, so this doesn't
need using .byte directives.
This fixes depending on host user headers in the kernel.
Fix user includes (don't depend on namespace pollution in <nmmintrin.h>
that is not included now).
The instrinsics had no advantages except to sometimes avoid compiler
pessimixations. clang understands them a bit better than inline asm,
and generates better looking code which also runs better for cem, but
for me it just at the same speed or slower by doing excessive
unrollowing in all the wrong places. gcc-4.2.1 also doesn't understand
what it is doing with unrolling, but with -O3 somehow it does more
unrolling that helps.
Reduce 1 of the the compiler pessimizations (copying a variable which
already satisfies an "rm" constraint in a good way by being in memory
and not used again, to different memory and accessing it there. Force
copying it to a register instead).
Try to optimize the inner loops significantly, so as to run at full
speed on smaller inputs. The algorithm is already very MD, and was
tuned for the throughput of 3 crc32 instructions per cycle found on
at least Sandybridge through Haswell. Now it is even more tuned for
this, so depends more on the compiler not rearranging or unrolling
things too much. The main inner loop for should have no difficulty
runing at full speed on these CPUs unless the compiler unrolls it too
much. However, the main inner loop wasn't even used for buffers smaller
than 24K. Now it is used for buffers larger than 384 bytes. Now it
is not so long, and the main outer loop is used more. The new
optimization is to try to arrange that the outer loop runs in parallel
with the next inner loop except for the final iteration; then reduce
the loop sizes significantly to take advantage of this.
Approved by: cem
Not tested in production by: bde
Some code was additionally moved for (future) lock splitting.
Tested with Intel 6205, STA mode.
Differential Revision: https://reviews.freebsd.org/D10106
We don't have enouch space to store full VFP context within mcontext
stucture. Due to this:
- follow i386/amd64 way and store VFP state outside of the mcontext_t
but point to it. Use the size of VFP state structure as an 'magic'
indicator of the saved VFP state presence.
- teach set_mcontext() about this external storage.
- for signal delivery, store VFP state to expanded 'struct sigframe'.
Submited by: Andrew Gierth (initial version)
PR: 217611
MFC after: 2 weeks
Kernel environment variable hw.busdma.default can take values 'bounce'
and 'dmar' and selects corresponding busdma backend as default.
Per-device environment variable hw.busdma.pci<domain>.<bus>.<slot>.<func>
takes the same values and overrides hw.busdma.default for the given device.
Note that even with hw.busdma.default=bounce, DMA translation engines
are still started if DMARs are enabled, to disable them use
hw.dmar.dma tunable, as before.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
FreeBSD uses upstream DTB for RPi3 build and compatibility string for
i2c device is different there. Add this new string to compatibility data.
Reported by: Karl Denninger
MFC after: 3 days
Do not try to use errno(2) codes here; instead, just return unique
value (1) when radio is disabled via hardware switch and another
one (-1) for any other error in initialization path.
Tested with Intel 6205, STA mode.
The change is more intrusive than I would like because the feature
requires that a vector number is written to a special register.
Thus, now the vector number has to be provided to lapic_eoi().
It was readily available in the IO-APIC and MSI cases, but the IPI
handlers required more work.
Also, we now store the VMM IPI number in a global variable, so that it
is available to the justreturn handler for the same reason.
Reviewed by: kib
MFC after: 6 weeks
Differential Revision: https://reviews.freebsd.org/D9880
ip_forward, TCP/IPv6, and probably SCTP leaked references to L2 cache
entry because they used their own routes on the stack, not in_pcb routes.
The original model for route caching was callers that provided a route
structure to ip{,6}input() would keep the route, and this model was used
for L2 caching as well. Instead, change L2 caching to be done by default
only when using a route structure in the in_pcb; the pcb deallocation
code frees L2 as well as L3 cacches. A separate change will add route
caching to TCP/IPv6.
Another suggestion was to have the transport protocols indicate willingness
to use L2 caching, but this approach keeps the changes in the network
level
Reviewed by: ae gnn
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D10059
As noted in the comment, nothing special needs to be done to destroy
the unneeded context after the allocation race, but the context memory
itself still should to be freed.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
It does not make sense since identity mapping already provides the
required mapping for RMRR ranges. More, since identity page tables do
not reflect content of map entries for id domains, creating RMRR
entries makes domain data inconsistent.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This can significantly reduce scan duration thus saving time and power.
EBS failure reported by FW disables EBS for current connection. It is
re-enabled upon new connection attempt on any WLAN interface.
Obtained from: dragonflybsd.git 89f579e9823a5c446ca172cf82bbc210d6a054a4
If this is the last running vap wait until device will be powered off
(fixes panic when 'ifconfig wlan0 destroy' is executed for running iwn(4)
interface).
Tested with:
- Intel 6205, STA mode.
- RTL8188EU, STA / IBSS modes.
- RTL8821AU, STA / HOSTAP modes.
