272899 Commits

Author SHA1 Message Date
Kristof Provost
ab2886f088 pfctl: Document ethernet rule configuration
Document how 'ether' rules can be set, and what options they support.

Reviewed by:	bcr
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31751
2022-03-02 17:00:06 +01:00
Kristof Provost
77207b6022 pfctl: Document displaying Ethernet rules
Document the new 'pfctl -s ether' functionality.

Reviewed by:	bcr
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31750
2022-03-02 17:00:06 +01:00
Kristof Provost
c696d5c72f pfctl: Don't print (ether) to / from if they're not set
If we're not filtering on a specific MAC address don't print it at all,
rather than showing an all-zero address.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31749
2022-03-02 17:00:05 +01:00
Kristof Provost
30087aa2e0 pf: Support clearing ether counters
Allow the evaluations/packets/bytes counters on Ethernet rules to be
cleared.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31748
2022-03-02 17:00:05 +01:00
Kristof Provost
feefb5625b pf tests: Test ether direction
Test that we correctly match inbound ('in') or outbound ('out') Ethernet
packets.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31747
2022-03-02 17:00:05 +01:00
Kristof Provost
792d7a5630 pf tests: Basic captive portal like test
Use the ether rules to selectively (i.e. per MAC address) redirect
certain connections. Test that tags carry over to the layer-3 pf code.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31746
2022-03-02 17:00:05 +01:00
Kristof Provost
4ffb7d1300 pf tests: Test EtherType filtering
Test filtering packets by their EtherType (i.e. ARP/IPv4/IPv6/...).

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31745
2022-03-02 17:00:05 +01:00
Kristof Provost
3a04f1d1ed pf tests: Test MAC address negation
Test that we can express 'ether block from ! 00:01:02:03:04:05'.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31744
2022-03-02 17:00:04 +01:00
Kristof Provost
d6fc3ee2e7 pf tests: MAC address filtering test
Test the MAC address filtering capability in the new 'ether' feature in
pf.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31743
2022-03-02 17:00:04 +01:00
Kristof Provost
6b7c268003 pf: Only hook the Ethernet pfil hook when we have rules
Avoid the overhead of the Ethernet pfil hooks if we don't have any
Ethernet rules.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31742
2022-03-02 17:00:04 +01:00
Kristof Provost
5c75dfdf60 pf: SDTs for ether rule matching
Add static DTrace probe points to allow debugging of ether rule
matching.

Reviewed by:	mjg
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31741
2022-03-02 17:00:04 +01:00
Kristof Provost
20c4899a8e pf: Do not hold PF_RULES_RLOCK while processing Ethernet rules
Avoid the overhead of acquiring a (read) RULES lock when processing the
Ethernet rules.
We can get away with that because when rules are modified they're staged
in V_pf_keth_inactive. We take care to ensure the swap to V_pf_keth is
atomic, so that pf_test_eth_rule() always sees either the old rules, or
the new ruleset.

We need to take care not to delete the old ruleset until we're sure no
pf_test_eth_rule() is still running with those. We accomplish that by
using NET_EPOCH_CALL() to actually free the old rules.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31739
2022-03-02 17:00:03 +01:00
Kristof Provost
2b29ceb86f pfctl: Print Ethernet rules
Extent pfctl to be able to read configured Ethernet filtering rules from
the kernel and print them.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31738
2022-03-02 17:00:03 +01:00
Kristof Provost
e732e742b3 pf: Initial Ethernet level filtering code
This is the kernel side of stateless Ethernel level filtering for pf.

The primary use case for this is to enable captive portal functionality
to allow/deny access by MAC address, rather than per IP address.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31737
2022-03-02 17:00:03 +01:00
Ed Maste
731a929ac9 vt_vga: Correct "plane" spelling
I suspect the variable names and comments were accidentally French.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2022-03-02 10:56:40 -05:00
Ed Maste
92ef98b8fa ssh: use standalone config file for security key support
An upcoming OpenSSH update has multiple config.h settings that change
depending on whether builtin security key support is enabled.  Prepare
for this by moving ENABLE_SK_INTERNAL to a new sk_config.h header
(similar to the approach used for optional krb5 support) and optionally
including that, instead of defining the macro directly from CFLAGS.

Reviewed by:	kevans
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34407
2022-03-02 09:35:12 -05:00
Hans Petter Selasky
d94d94e2c0 libusb(3): Ignore SIGPIPE when initializing the LibUSB v1.0 API.
The LibUSB v1.0 emulation layer uses pipes internally to signal between
threads. When USB devices are reset, as part of loading firmware, SIGPIPE
may happen, and that is expected and should be ignored.

PR:		261891
MFC after:	1 week
Sponsored by:	NVIDIA Networking
2022-03-02 12:33:40 +01:00
Warner Losh
369216b039 ath: fix older clang build.
Define NO_WUNUSED_BUT_SET_VARIABLE for newer clang, and use it in ATH_C
to account for different clang versions. Use it in Makefiles as well.

Sponsored by:		Netflix
Reviewed by:		kevans, jhb
Differential Revision:	https://reviews.freebsd.org/D34408
2022-03-01 22:55:34 -07:00
Warner Losh
3b17e19f02 bootstrap: bump minimum supported version
Bump the minimum supported version to build -current from to 11.3R in
preparation of removing support for older systems.  11.4R was selected
as the most recent version to go out of support.

Sponsored by:		Netflix
Reviewed by:		delphij, emaste
Differential Revision:	https://reviews.freebsd.org/D32444
2022-03-01 22:55:28 -07:00
Warner Losh
33550b4739 bootstrap: No need for kbdcontrol bootstrap anymore
We only need kbdcontrol when bootstrapping from FreeBSD 10 or
pre-FreeBSD 11.0 current. Since we can no longer build from these
versions of FreeBSD, remove the support for bootstrapping them.

Sponsored by:		Netflix
2022-03-01 22:55:24 -07:00
Warner Losh
d0e3860f70 heir: Document SYSROOT conventions
Define a place for sysroot trees to live. This assumes they come from
the base in some way, though there's not yet a build/install/etc sysroot
target. Include the FreeBSD version so multiple verrsions can be
installed on one system (it also includes the whole uname version, so
one could, in theory, install variants like CheriBSD or whatever on the
same system as FreeBSD). Use MACHINE.MACHINE_ARCH to be consistent with
the release practices, /usr/obj and other naming conventions.

Sponsored by:		Netflix
Reviewed by:		brooks
Differential Revision:	https://reviews.freebsd.org/D33754
2022-03-01 17:00:40 -07:00
Alfonso S. Siciliano
912df915c2
wlanconfig: allow to enter WiFi details if no networks found
Improve the installer: wlanconfig allows user to enter WiFi details
if no networks found, useful to connect to a hidden SSID.

PR:			246192
Reported by:		emaste
Approved by:		bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D34149
2022-03-02 00:04:57 +01:00
Li-Wen Hsu
adce4585ca
Revert "Temporarily skip usr.bin.diff.diff_test.functionname in CI"
This reverts commit 85eeb6ea62d45c5df893a16b87969bd7313a3dbb.

The issue has been fixed by 4be7d087c2b566f4910683836be279d55c1a81c6.

PR:		262086
2022-03-02 05:37:25 +08:00
Warner Losh
7dda139e6d ath: missed a chance to use ${ATH_C}
Fixes:		8881d206f4e6 (reviewed by scottl, markj in D34401)
Noticed by:	markj
Sponsored by:	Netflix
2022-03-01 14:00:14 -07:00
Mark Johnston
879b0604a8 proc: Remove assertion that P_WEXIT is not set in proc_rwmem()
exit1() sets P_WEXIT before waiting for holding threads to finish,
rather than after, so this assertion is racy.

Fixes:	12fb39ec3e6b ("proc: Relax proc_rwmem()'s assertion on the process hold count")
Reported by:	Jenkins
2022-03-01 15:09:45 -05:00
Mateusz Guzik
6882d53b7f zstd: build with C11
This enables thread-aware timers which in turn fixes benchmark result
reports.

Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D34238
2022-03-01 20:07:44 +00:00
Mark Johnston
3a56cfedbc fasttrap: Avoid creating WX mappings
fasttrap instruments certain instructions by overwriting them and
copying the original instruction to some per-thread scratch space which
is executed after the probe fires.  This trampoline jumps back to the
tracepoint after executing the original instruction.

The created mapping has both write and execute permissions, and so this
mechanism doesn't work when allow_wx is disabled.  Work around the
restriction by using proc_rwmem() to write to the trampoline.

Reviewed by:	vangyzen
Tested by:	Amit <akamit91@hotmail.com>
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34304
2022-03-01 12:40:35 -05:00
Mark Johnston
83958173eb fasttrap: Assert that fasttrap_fork() successfully unmaps scratch space
No functional change intended.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2022-03-01 12:40:35 -05:00
Mark Johnston
12fb39ec3e proc: Relax proc_rwmem()'s assertion on the process hold count
This reference ensures that the process and its associated vmspace will
not be destroyed while proc_rwmem() is executing.  If, however, the
calling thread belongs to the target process, then it is unnecessary to
hold the process.  In particular, fasttrap - a module which enables
userspace dtrace - may frequently call proc_rwmem(), and we'd prefer to
avoid the overhead of locking and bumping the hold count when possible.

Thus, make the assertion conditional on "p != curproc".  Also assert
that the process is not already exiting.  No functional change intended.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2022-03-01 12:40:35 -05:00
Ed Maste
f27fb06cad zfs: Update test format strings to match variable typtes
And drop stray 'd' from the end of some printed numbers.  I assume this
was the result of someone thinking u is a printf length modifier for d,
not a format specifier itself.

Reviewed by:	kevans, rew
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34387
2022-03-01 12:21:40 -05:00
Warner Losh
8881d206f4 ath: Suppress set but unused warnings
The ath driver has a lot of these warnings. It's an older driver, so
just supress these warnings until they can be fixed. They are a mix of
simple dead stores, debubgging output and stuff that would require
careful study to know if its safe to remove the access or not (there are
likely very few of the latter, but if there are any they are latent bugs
that compiler could optimize away). Since I have no ath hardware to test
on anymore, take the conservative approach.

Sponsored by:		Netflix
2022-03-01 08:06:42 -07:00
Warner Losh
094f1dc40e g_part: Allow attributes to be querried
Create g_part_getattr to allow gpart geoms to have their attributes queried.

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D32782
2022-03-01 08:06:42 -07:00
Warner Losh
9c750429af Add USB UEFI locator support
Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32788
2022-03-01 08:06:42 -07:00
Warner Losh
dbee7944ba acpi: Allow matching based on locators
Allow wiring of unit numbers based any of the standard locators that
match.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32787
2022-03-01 08:06:42 -07:00
Warner Losh
6837d9d7e8 acpi hints: Abstract out acpi_hint_device_matches_resources
Abstract out acpi_hint_device_matches_resources from
acpi_hint_device_unit to simplify that code. Continue matching like
we've always matched: no functional change.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32786
2022-03-01 08:06:42 -07:00
Warner Losh
3278bf9268 acpi_hint_device_unit: matches is a bool, make it one
"matches" is used as a bool and doesn't need to count anything. Convert
it to a bool.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32785
2022-03-01 08:06:42 -07:00
Warner Losh
25670e4612 pci: Add arbitrary locator support to pci.
If the pciX:Y:Z and pciW:X:Y:Z 'at' locations don't work, allow try the
LOCATOR:PATH syntax. Use dev_wired_cache to generically look them up.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32784
2022-03-01 08:06:41 -07:00
Warner Losh
b36bd3a906 bus: Create dev_wired_cache
A simple cache to cache differnet locators to the same device.

Sponsored by:		Netflix
Changes Suggested by:	jhb
Differential Revision:	https://reviews.freebsd.org/D32783
2022-03-01 08:06:41 -07:00
Warner Losh
b029685a3a pci: switch logic a little
If we find a match, then assign it. Flip the logic in the if and assign
the unit rather than continuing if it doesn't match. Will make it easier
to expand to other matching schemes.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32779
2022-03-01 08:06:41 -07:00
Warner Losh
d0a20e401e Add UEFI locator for bus_get_device_path, pci acpi
Add a UEFI locator type. It prints the UEFI device names for a FreeBSD
device_t name. It works with PCI and ACPI device nodes. USB forthcoming.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32749
2022-03-01 08:06:41 -07:00
Warner Losh
cae7d9ec83 bus: Add ACPI locator support
Add support for printing ACPI paths. This is a bit of a degenerate case
for this interface since it's always just the device handle if the
device has one. But it is illustrtive of how to do this for a few nodes
in the tree.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32748
2022-03-01 08:06:41 -07:00
Warner Losh
f5366026ad devctl: add getpath command
Retrieves that path for a device. Different methods to enumerat the path
are supported, called locators.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32747
2022-03-01 08:06:41 -07:00
Warner Losh
b01f409ffe libdevctl: Add devctl_getpath
Helper routine to call the kernel to get a path to the named device.
Different path enumeration methods (called locators) can be used
for different path types depending on what the kernel implements.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32746
2022-03-01 08:06:41 -07:00
Warner Losh
38e942a345 devctl: Add DEV_GET_PATH
DEV_GET_PATH will get the path to a device based on different locators.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32745
2022-03-01 08:06:41 -07:00
Warner Losh
e19db70769 bus: Introduce the bus interface get_device_path
This returns the full path of a the child device requested. Since
there's different ways to recon the entire path, include a 'locator'
method. The default 'FreeBSD' method uses a filesystem-like path name
with each device to the root node separated by /. Other locators will be
UEFI, ACPI and fdt, though others are possible in the future. Make the
locator a string to allow maximum flexibility.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32744
2022-03-01 08:06:40 -07:00
Warner Losh
78408171bd devctl2: Change to 644 protections
We make sure that we check for device privs (usually meaning root or
better) for everything. To allow other functions that don't require
this, default to 644 protection.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D32863
2022-03-01 08:06:40 -07:00
Ed Maste
f1421a8972 ssh: correct configure option name
The option is security-key-builtin not security-key-internal.  There is
no change to the generated config.h because the option defaults off
anyway.

MFC after:	3 days
Fixes:		87152f340549 ("ssh: disble internal security key...")
Sponsored by:	The FreeBSD Foundation
2022-03-01 09:41:51 -05:00
Mark Johnston
31218f3209 riscv: Add support for enabling SV48 mode
This increases the size of the user map from 256GB to 128TB.  The kernel
map is left unchanged for now.

For now SV48 mode is left disabled by default, but can be enabled with a
tunable.  Note that extant hardware does not implement SV48, but QEMU
does.

- In pmap_bootstrap(), allocate a L0 page and attempt to enable SV48
  mode.  If the write to SATP doesn't take, the kernel continues to run
  in SV39 mode.
- Define VM_MAX_USER_ADDRESS to refer to the SV48 limit.  In SV39 mode,
  the region [VM_MAX_USER_ADDRESS_SV39, VM_MAX_USER_ADDRESS_SV48] is not
  mappable.

Reviewed by:	jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34280
2022-03-01 09:39:44 -05:00
Mark Johnston
6ce716f7c3 riscv: Add support for dynamically allocating L1 page table pages
This is required in SV48 mode.

Reviewed by:	jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34279
2022-03-01 09:39:44 -05:00
Mark Johnston
1321117200 riscv: Handle four-level page tables in various pmap traversal routines
Reviewed by:	jhb
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34278
2022-03-01 09:39:44 -05:00