--Clearing cached subdirectories in unionfs_noderem() should be done
under the vnode interlock
--When preparing to switch the vnode lock in both unionfs_node_update()
and unionfs_noderem(), the incoming lock should be acquired before
updating the v_vnlock field to point to it. Otherwise we effectively
break the locking contract for a brief window.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D32629
Some NICs might have limited capabilities when Jumbo frames are used.
For exampe some neta interfaces only support TX csum offload when the
packet size is lower than a value specified in DT.
Fix it by re-reading capabilities of children interfaces after MTU
has been successfully changed.
Found by: Jerome Tomczyk <jerome.tomczyk@stormshield.eu>
Reviewed by: jhb
Obtained from: Semihalf
Sponsored by: Stormshield
Differential revision: https://reviews.freebsd.org/D32724
Previously we would only search for a PHY xref in node of the miibus
parent.
That didn't work very well with switches.
Fix that by searching through "ports" subnode, checking if any of its
children have a valid PHY xref.
Since switches tend to have multiple ports we also have multiple
candidates.
Use the PHY address read from mii_attach_args to find the right one.
Obtained from: Semihalf
Sponsored by: Alstom Group
Reviewed by: mw
Differential revision: https://reviews.freebsd.org/D32690
It adds the PIC functionality on top of qoriq_gpio driver.
We need a separate module since the powerpc PIC API is completely
different than on other architectures.
Two types of intr_map_data are supported:
INTR_MAP_DATA_GPIO and INTR_MAP_DATA_FDT.
This way interrupts can be allocated using the userspace gpio
interrupt allocation method, as well as directly from simplebus.
The latter can be used by devices that have its irq routed to a GPIO pin.
Obtained from: Semihalf
Sponsored by: Alstom Group
Expose softc and other necessary things in a separate header.
This is needed for an armv8 specific driver, that will inherit from this
one. Driver mutex was converted to a spin lock, so that it can be later
used in interrupt filter context.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential revision: https://reviews.freebsd.org/D32587
Now that the AES-CBC is supported we can handle ETA requests.
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: jhb(previous version)
Differential revision: https://reviews.freebsd.org/D32100
AES-CBC OpenSSL assembly is used underneath.
The glue layer(ossl_aes.c) is based on CHACHA20 implementation.
Contrary to the SHA and CHACHA20, AES OpenSSL assembly logic
does not have a fallback implementation in case CPU doesn't
support required instructions.
Because of that CPU caps are checked during initialization and AES
support is advertised only if available.
The feature is available on all architectures that ossl supports:
i386, amd64, arm64.
The biggest advantage of this patch over existing solutions
(aesni(4) and armv8crypto(4)) is that it supports SHA,
allowing for ETA operations.
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: jhb
Differential revision: https://reviews.freebsd.org/D32099
Consistently use `return ()'.
Fix some spacing issues with types formatting, and around binary ops.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
File descriptor we operate on might reference something that is not a
file, e.g. shmfd. In this case, we cannot check MNT_NOEXEC in
principle.
If fstatfs(2) caused some failure on normal filesystem, then typical
expectation is that read or mmap of this file would also fail. If not,
mmap(2) PROT_EXEC on MNT_NOEXEC filesystem returns EACCES.
Reported by: obiwac@gmail.com
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Default value for ld_dynamic_weak is true, non-default settings should
be activated for the false value.
Reported by: obiwac@gmail.com
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
These macros are not backend-specific but reference a
backend-independent field in struct icl_conn.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D32858
Although I was not able to cause a failure during testing, there
are places in nfscl_removedeleg() and nfscl_renamedeleg() where
I think a forced dismount could get hung. This patch fixes those.
This patch only affects forced dismount and only if the NFSv4
server is issuing delegations to the client.
Found by code inspection.
MFC after: 2 weeks
In ac76bc1145dd, I added a few volatiles to work around ctrig_test
failures with {inf,inf}. This is not necessary anymore now, since in
3b00222f156d we added -fp-exception-behavior=maytrap for clang >= 10 in
libm's Makefile. (The flag tells clang to use stricter floating point
semantics, which libm depends on.)
PR: 244732, 254911
Fixes: ac76bc1145dd
MFC after: 3 days
sched_throw() can no longer take a NULL thread, APs enter through
sched_ap_entry() instead. This completely removes branching in the
common case and cleans up both paths. No functional change intended.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D32829
You can wire da, ada and nda device units to serial numbers. sdda cannot
be wired like this because SD and MMC cards lack serial numbers (or at
the very least CAMMMC does not query or retain them).
Sponsored by: Netflix
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D32825
Unwired units start with the first avaialble unit that hasn't been
wired, not one greater than the largest wired unit. wired units are
skipped when assigning unwired units a number.
Sponsored by: Netflix
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D32824
The SanDisk SD8SB8U1 and likely others pad their serial number with
spaces on the end rather than the start (at least when connected to a
SAS3008). This makes them difficult to wire unit numbers to with the
serial because you have to specify the trailing spaces. Instead, strip
out the trailing spaces.
We already strip leading spaces both here. In addition, when glabel
creates the devfs device nodes, leading and trailing spaces are removed
already (so there will be no change there either).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32684
For scsi, ata and nvme, at least, we read a serial number from the
device (if the device supports it, some scsi drives do not) and record
it during the *_xpt probe device state machine before it posts the
AC_FOUND_DEVICE async event. For mmc, no serial number is ever
retrieved, so it's always NULL. Add the ability to match this serial
number during device wiring.
This mechanism is competely optional, and often times using a label
and/or some other attribute of the device is easier. However, other
times wiring a unit to a serial number simplifies management as most
monitoring tools require the *daX device and having it stable from boot
to boot helps with data continuity. It can be especially helpful for
nvme where no other means exists to reliably tie a ndaX device to an
underlying nvme drive and namespace.
A similar mechanism exists in Linux to mange device unit numbers with
udev.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32683
If we assigned just a lun as a wired unit (something that camperiphunit
will accept), we failed to properly skip over that unit when computing a
next unit number. Add lun so the code matches the comments that we have
to skip all the same criteria that camperiphunit uses to select wired
units for a driver.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32682
When scanning the resources that are wired for this driver, skip any
that whose number doesn't match newunit. They aren't relevant. Switch to
positive logic to break out of the loop (and thus go to the next unit)
if we find either a target resource or an at resource. This makes the
code easier to read and modify.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32681
The code in camperiphunit rejects "scbus" as an 'at' location that would
allow any other wiring to use that unit number. Yet in
camperiphunitnext, if we have a no target and the 'at' location of
'scbus' it would be excluded on the basis that it's a wiring
cadidate. This is improper and appears to be a hold-over of the
pre-hints / pre-newbus config system, so remove it.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32680
Upstream one-true-awk has two sets of tests. These are in addition to
NetBSD's tests we're using. The 'bugs-fixed' tests from upstream are
ready to use as-is (more or less). However, the 'tests' from upstream
are not, so for now we'll just use the netbsd and bugs-fixed tests.
They provide an OK workout and are better than nothing, though the tests
themselves are for specific esoteric things.
The upstream bugs-fixed tests are *ALMOST* a drop in. However, 3 test
for errors and the upstream test jig mashes stdout and stderr together,
which atf doesn't do, so make a tiny tweak to the upstream tests that I
hope to upstream. Plus upstream has ../a.out: instead of awk: in the
output. Not sure how to deal with this yet, so I've not proposed
anything upstream and have changed the test locally.
In addition, the system-status.awk test is not suitable to run in ATF.
It wants to force sh to dump core, but kyua doesn't seem to allow that
sometimes so the test will fail or pass based on whether or not a core
dump can be created. Since it's unstable, remove it.
This required moving the netbsd tests to a new direcotry, so update
mtree files as well. The change is useless for 'make check' without it.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D31376
The change implements cexpl() for both ld80 and ld128 architectures.
Testing was done on x86_64 and aarch64 systems.
Along the way sincos[fl]() use an optimization that reduces the argument
to being done one rather than twice. This optimization actually pointed
to a bug in the ld128 version of sincosl(), which is now fixed. In
addition, the minmax polynomial coefficients for sincosl() have been
updated.
A concise log of the file-by-file changes follows.
* include/complex.h:
. Add a prototype for cexpl().
* lib/msun/Makefile:
. Add s_cexpl.c to the build.
. Setup a link for cexpl.3 to cexp.3.
* lib/msun/Symbol.map:
. Expose cexpl symbol in libm shared library.
* lib/msun/ld128/s_cexpl.c:
* Implementation of cexpl() for 128-bit long double architectures.
Tested on an aarch64 system.
* lib/msun/ld80/s_cexpl.c:
* Implementation of cexpl() for Intel 80-bit long double.
* lib/msun/man/cexp.3:
. Document cexpl().
* lib/msun/man/complex.3:
. Add a BUGS section about cpow[fl].
* lib/msun/src/s_cexp.c:
. Include float.h for weak references on 53-bit long double targets.
. Use sincos() to reduce argument reduction cost.
* lib/msun/src/s_cexpf.c:
. Use sincosf() to reduce argument reduction cost.
* lib/msun/src/k_sincosl.h:
. Catch up with the new minmax polynomial coefficients for the kernel for
the 128-bit cosl() implementation.
. BUG FIX: *cs was used where *sn should have been. This means that sinl()
was no computed correctly when iy != 0.
* lib/msun/src/s_cosl.c:
. Include fpmath.h to get access to IEEEl2bits.
. Replace M_PI_4 with pio4, a 64-bit or 113-bit approximation for pi / 4.
PR: 216862
MFC after: 1 week
SDHCI controllers found in the QorIQ SoCs offer improved accuracy of
the clock frequency selection, compared to the SDHCI standard. Frequency
selection is performed using two divider registers, named prescaler and
divisor, according to the following formula:
frequency = base clock / (prescaler * divisor), where prescaler can be
bypassed (set to 1) and divisor permitted to take odd values.
Rather than depend on clock division precalculated by sdhci core, make
use of this property of the divider registers and achieve frequencies
closer to the ones requested.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential revision: https://reviews.freebsd.org/D32706
When performing software reset, this controller does not clear all the
required hw registers. In particular, tuning block is left in enabled
state, inhibiting operation of some eMMC cards. The existing solution
was to disable the ability to call SDHCI_RESET_ALL.
As this issue is now better understood, enable the SDHCI_RESET_ALL flag,
provide a custom reset devmethod and clear selected registers by hand.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential revision: https://reviews.freebsd.org/D32705
Some sdhci controllers require custom software reset logic. Accommodate
this need by introducing a new SDHCI_RESET devmethod. Move the existing
reset logic into sdhci_generic_reset and use it as a default for the
aforementioned method.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differeential revision: https://reviews.freebsd.org/D32704
Always use uint64_t over u_int64_t, for the sake of consistency.
No functional change.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Allow users to set a number on rules which will be exposed as part of
the pflog header.
The intent behind this is to allow users to correlate rules across
updates (remember that pf rules continue to exist and match existing
states, even if they're removed from the active ruleset) and pflog.
Obtained from: pfSense
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32750
When a mount with the "pnfs" and "nconnect" options specified
does an I/O operation, it erroneously uses a TCP connection
to the MDS when it is meant to be a DS operation and, as such,
needs to use a TCP connection to the DS. This patch fixes this.
When the "pnfs" and "nconnect" options are specified for a
NFSv4.1/4.2 mount, there probably should be N connections
established to each DS for I/O RPCs. This is a fair amount
of work and may be done in a future commit.
This problem was found during a recent IETF NFSv4 working
group testing event.
MFC after: 2 weeks
This define will later on be used by coming TLS RX hardware offload patches.
No functional change intended.
Reviewed by: jhb@
MFC after: 1 week
Sponsored by: NVIDIA Networking
The mbuf protocol flags get cleared between layers, and also it was discovered
that M_DECRYPTED conflicts with M_HASFCS when receiving ethernet patckets.
Add the proper CSUM_TLS_MASK and CSUM_TLS_DECRYPTED defines, and start using
these instead of M_DECRYPTED inside the TCP LRO code.
This change is needed by coming TLS RX hardware offload support patches.
Suggested by: kib@
Reviewed by: jhb@
MFC after: 1 week
Sponsored by: NVIDIA Networking
Description of FIDO/U2F support (from OpenSSH 8.2 release notes,
https://www.openssh.com/txt/release-8.2):
This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly
authorise operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will
usually require the user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any
other supported key in OpenSSH and may be listed in authorized_keys,
added to ssh-agent(1), etc. The only additional stipulation is that
the FIDO token that the key belongs to must be attached when the key
is used.
To enable FIDO/U2F support, this change regenerates ssh_namespace.h,
adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless building
WITHOUT_USB).
devd integration is not included in this change, and is under
investigation for the base system. In the interim the security/u2f-devd
port can be installed to provide appropriate devd rules.
Reviewed by: delphij, kevans
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32509
Turn the presence or absence of boot services into a positive bool (and
change its type to bool). Move declaration to efi.h in the global
variables section.
Sponsored by: Netflix
Reviewed by: tsoome, kib
Differential Revision: https://reviews.freebsd.org/D31814
* add the extres stuff into the build, I'm going to end up leveraging
all of it
* include the qcom-gcc-ipq4018 driver which currently implements the hwreset
side of the API.
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
This implements the "reset controller" side of the clock/reset controller.
It's a simple array of registers and bits to set.
The register table itself comes from Linux; the rest of the code is a
reimplementation.
It doesn't yet implement or expose the clock side - I have a lot of
reverse engineering to do before that!
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
Obtained from: Linux (registers)
This code implements the "kpssv2" flavour of CPU regulator/clock gating
in Linux. It's used by at least the ipq4018/4019 to power on and off
CPU cores.
This is based on the Linux implementation - the register definitions
and values are from Linux and I've reverse engineered the sequencing
requirements.
The MP bring-up is:
* set cold boot address via an SCM call - this is the address used
by the bootloader/TZ firmware to jump to when the CPUs boot
* power down the LDO feeding the CPU core and wait for it to settle
* program in the right set of LDO and power tree configuration for
the CPU regulator to power up the core. Unfortunately these are
magic numbers that I've not found documented anywhere.
* (I think) power up the shared L2 cache connect if it isn't.
* Clamp the power into the core down; put the core into reset
* Unclamp the power rail; release reset; and then set the core to boot.
The MP core will then boot the bootloader/TZ firmware and then
will wait until an incoming interrupt kicks it to start @ mpentry.
Tested:
* IPQ4019, 4 CPUs
Release APs
CPU(3) applied BP hardening: not necessary
CPU(1) applied BP hardening: not necessary
CPU(2) applied BP hardening: not necessary
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
This is a very simple implementation of Qualcomm's SCM API.
It is just the structure/field definitions and the atomic SCM
call which doesn't use the structs yet - it uses the field
definitions inside registers.
I've tested that setting the cold boot address via the atomic
API is fine - Linux does the same thing. But not all SCM calls
can be done via the legacy API.
This is a reimplementation based on the Linux qualcomm SCM legacy
code and definitions.
Tested:
* Qualcomm IPQ4018 AP, as part of other changes for doing SMP bring-up
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
Summary:
This is enough to allow this ASUS router to reboot successfully.
I tried the watchdog path and although it fires, it isn't rebooting!
It's just hanging, likely somewhere in TZ.
This is the MVP required to initialise and consume random data from
the QCA PRNG hardware found on the IPQ401x.
Test Plan: * ASUS RT-AC58U router, IPQ4019
Subscribers: imp, andrew
Differential Revision: https://reviews.freebsd.org/D32723
This is the MVP required to initialise and consume random data from
the QCA PRNG hardware found on the IPQ401x.
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
This is enough to allow this ASUS router to reboot successfully.
I tried the watchdog path and although it fires, it isn't rebooting!
It's just hanging, likely somewhere in TZ.
Tested:
* ASUS RT-AC58U router, IPQ4019
Reviewed by: andrew, manu, imp
Differential Revision: https://reviews.freebsd.org/D32723
Note that Dropbear supports ed25519 keys since version 2020.79.
See https://github.com/mkj/dropbear/pull/91
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: John Kennedy <john.kennedy@delphix.com>
Signed-off-by: Michael Franzl <michael@franzl.name>
Closes#12715
