256653 Commits

Author SHA1 Message Date
Mark Johnston
7509b677b4 armv8crypto: Extract GCM state into a structure
This makes it easier to refactor the GCM code to operate on
crypto_buffer_cursors rather than plain contiguous buffers, with the aim
of minimizing the amount of copying and zeroing done today.

No functional change intended.

Reviewed by:	jhb
MFC after:	1 week
Sponsored by:	Ampere Computing
Submitted by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D28500
2021-02-08 09:19:10 -05:00
Mark Johnston
0dc7076037 armv8crypto: Fix some edge cases in the AES-GCM implementation
- We were only hashing up to the first 16 bytes of the AAD.
- When computing the digest during decryption, handle the case where
  len == trailer, i.e., len < AES_BLOCK_LEN, properly.

While here:

- trailer is always smaller than AES_BLOCK_LEN, so remove a pair of
  unnecessary modulus operations.
- Replace some byte-by-byte loops with memcpy() and memset() calls.
  In particular, zero the full block before copying a partial block into
  it since we do that elsewhere and it means that the memset() length is
  known at compile time.

Reviewed by:	jhb
Sponsored by:	Ampere Computing
Submitted by:	Klara, Inc.
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28501
2021-02-08 09:19:07 -05:00
Mark Johnston
b5aa9ad43a ktls: Make configuration sysctls available as tunables
Reviewed by:	gallatin, jhb
Sponsored by:	Ampere Computing
Submitted by:	Klara, Inc.
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28499
2021-02-08 09:19:02 -05:00
Mark Johnston
1755b2b989 ktls: Use COUNTER_U64_DEFINE_EARLY
This makes it a bit more straightforward to add new counters when
debugging.  No functional change intended.

Reviewed by:	jhb
Sponsored by:	Ampere Computing
Submitted by:	Klara, Inc.
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28498
2021-02-08 09:18:51 -05:00
Lutz Donnerhacke
45d75e3ac3 netgraph/ng_base: Allow larger BINARY2ASCII conversions
Allocate the necessary memory for the conversion dynamically starting
with a value which is sufficient for almost all normal cases.

PR:		187835
Reviewed by:	kp
Differential Revision: https://reviews.freebsd.org/D23840
2021-02-08 14:31:58 +01:00
Edward Tomasz Napierala
fb8c2f743a arm64: optimize set_syscall_retval()
Microoptimize set_syscall_retval() for arm64 by predicting
the return value to be zero.  This is similar to what has
been done for other architectures

Reviewed By:	emaste, mhorne
Differential Revision: https://reviews.freebsd.org/D26991
2021-02-08 10:46:47 +00:00
Daniel Ebdrup Jensen
866c8b8d5d kldload(8): Add note about using kld_list in rc.conf(5)
While here, also recommend that loader.conf(5) should only be used in
order to get to mountroot, as rc(8) is less fragile, faster, and is
easier to fix by booting to single-user mode instead of having to
blacklist modules in the loader.

MFH:		2 weeks
2021-02-08 07:57:36 +01:00
Vladimir Kondratyev
b3c6fe663b epoll: Store epoll_event udata member in ext member of kevent.
Current epoll implementation stores udata fields of epoll_event
structure in special dynamically-sized table rather than in udata field
of backing kevent structure because of 2 reasons:
1. Kevent's udata size is smaller than epoll's on 32-bit archs.
2. Kevent's udata can be clobbered on execution EPOLL_CTL_ADD as kqueue
   modifies existing event while epoll returns error in this case.

After r320043 has introduced four new 64bit user data members (ext[]),
we can store epoll udata in one of them and drop aforementioned table.
According to kqueue_register() source code ext members are not updated
when existing kevent is modified that fixes p.2.

As a side effect the patch fixes PR/252582.

Reviewed by:	trasz
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D28169
2021-02-08 02:46:14 +03:00
Brandon Bergren
d26f2a50ff powerpc64: Fix boot on virtual-mode OF (PowerMac G5)
In 78599c32efed3247d165302a1fbe8d9203e38974, CFI endproc decoration was
added to locore64.S. However, it missed the subtle detail that
__restartkernel_virtual() falls through to __restartkernel(). This was
causing boot failure on PowerMac G5, as it tried to execute the
epilogue as code.

Fix this by branching to __restartkernel() instead of intentionally
running off the end of the function.

While here, add some additional notes on how the virtual mode restart
works.

MFC after:	3 days
2021-02-07 16:13:55 -06:00
Edward Tomasz Napierala
e44a78ce6f linux: add support for SO_PEERSEC getsockopt
It returns "unconfined", like Linux without SELinux would.

Sponsored By:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28164
2021-02-07 20:42:04 +00:00
Lutz Donnerhacke
6117aa58fa netgraph/ng_bridge: Make simple internal functions read-only
The data path in netgraph is designed to work on an read only state of
the whole netgraph network.  Currently this is achived by convention,
there is no technical enforcment.  In the case of NETGRAPH_DEBUG all
nodes can be annotated for debugging purposes, so the strict
enforcment needs to be lifted for this purpose.

This patch is part of a series to make ng_bridge multithreaded, which
is done by rewrite the data path to operate on const.

Reviewed By:	kp
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D28141
2021-02-07 20:31:33 +01:00
Lutz Donnerhacke
cef689f45b Revert "netgraph/ng_bridge: Make simple internal functions read-only"
Patch mass breaks LINT kernels.

This reverts commit bb67e52db143b699bdac1830717930b26a7b5766.
2021-02-07 17:39:35 +01:00
Lutz Donnerhacke
bb67e52db1 netgraph/ng_bridge: Make simple internal functions read-only
The data path in netgraph is designed to work on an read only state of
the whole netgraph network.  Currently this is achived by convetion,
there is no technical enforcment.  This patch is part of a series to
make ng_brigde multithreaded, which is done by rewrite the data path
to const handling.

Reviewed By:	kp
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D28141
2021-02-07 15:39:57 +01:00
Lutz Donnerhacke
ed0a152750 netgraph/ng_bridge: Remove old table ABI
This was announced to happen after the 12 relases.
Remove a depeciated ABI.

The complete removal is for HEAD only. I'll remove the #define in
stable/13 as MFC, so the code will still exist in 13.x, but will not
included by default. Earlier versions will not be affected.

Reviewed by:	kp
MFC after:	5 days
Differential Revision: https://reviews.freebsd.org/D28518
2021-02-07 15:29:07 +01:00
Nuno Eduardo Simões Leal Teixeira
7b51ac0275 Update Mentor and Mentee Information (eduardo) 2021-02-07 13:46:13 +00:00
Edward Tomasz Napierala
f6e8256a96 linux: fix handling of flags for 32 bit send(2) syscall
Previously the flags were passed as-is, which could resulted
in spurious EAGAIN returned for non-blocking sockets, which
broke some Steam games.

PR:		248065
Reported By:	Alex S <iwtcex@gmail.com>
Tested By:	Alex S <iwtcex@gmail.com>
Reviewed By:	emaste
MFC After:	3 days
Sponsored By:	The FreeBSD Foundation
2021-02-06 23:21:27 +00:00
Emmanuel Vadot
8af54bdfca lastcomm(1): Only install if MK_ACCT is on
MFC after:	3 days
2021-02-06 20:41:39 +01:00
Lutz Donnerhacke
66c72859f6 netgraph/ng_bridge: switch stats to counter framework
This is the first patch of a series of necessary steps
to make ng_bridge(4) multithreaded.

Reviewed by:	melifaro (network), afedorov
MFC after:	1 month
Differential Revision: https://reviews.freebsd.org/D28125
2021-02-06 18:14:23 +01:00
Lutz Donnerhacke
c869d905ba netgraph/ng_bridge: Derive forwarding mode from first attached hook
Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.

The classical approach is to broadcast unicast frames send to an
unknown MAC, because the unknown devices can be everywhere. This mode
is default for ng_bridge(4).

In the case of dedicated uplink ports, which prohibit learning of MAC
addresses in order to save memory and CPU cycles, the broadcast
approach is dangerous. All traffic to the uplink port is broadcasted
to every downlink port, too. In this case, it's better to restrict the
distribution of frames to unknown MAC to the uplink ports only.

In order to keep the chance small and the handling as natural as
possible, the first attached link is used to determine the behaviour
of the bridge: If it is an "uplink" port, then the bridge switch from
classical mode to restricted mode.

Reviewed By:	kp
Approved by:	kp (mentor)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D28487
2021-02-06 15:01:15 +01:00
Lutz Donnerhacke
689561d403 ng_bridge.4: Use more suitable mandoc macros
yuripv@ suggested to replace inapprobriate macros by better ones.

Reviewed by:	philip
Approved by:	philip (mentor)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D28510
2021-02-06 11:36:11 +01:00
Lutz Donnerhacke
f961caf218 netgraph/ng_bridge: Introduce "uplink" ports without MAC learning
The ng_bridge(4) node is designed to work in moderately small
environments. Connecting such a node to a larger network rapidly fills
the MAC table for no reason. It even become complicated to obtain data
from the gettable message, because the result is too large to
transmit.

This patch introduces, two new functionality bits on the hooks:
  - Allow or disallow MAC address learning for incoming patckets.
  - Allow or disallow sending unknown MACs through this hook.

Uplinks are characterized by denied learing while sending out
unknowns. Normal links are charaterized by allowed learning and
sending out unknowns.

Reviewed by:	kp
Approved by:	kp (mentor)
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D23963
2021-02-06 11:09:26 +01:00
Cy Schubert
344f1083e1 ipfilter: Use the softn (NAT softc) host map size in ip_nat6 calculation.
The ipfilter NAT table host map size is a tunable that defaults to
a macro value defined at build time. HOSTMAP_SIZE is saved in softn
(the ipnat softc) at initialization. It can be tuned (changed) at runtime
using the ipf -T command. If the hostmap_size tunable is adjusted the
calculation to determine where to put new entries in the table was
incorrect. Use the tunable in the NAT softc instead of the static build
time value.

MFC after:	1 week
2021-02-05 18:39:38 -08:00
Cy Schubert
10990cb460 Simplify FreeBSD check.
MFC after:	1 week
2021-02-05 18:39:38 -08:00
Cy Schubert
e673debe7d Simplify BSD macro tests.
All FreeBSD and NetBSD are BSD >= 199306 and have been for a long time.

MFC after:	1 week
2021-02-05 18:39:38 -08:00
Piotr Kubaj
8b804ee616 powerpc64le: readd COMPAT_FREEBSD11 and COMPAT_FREEBSD12
lang/rust needs COMPAT_FREEBSD11 to build, even though powerpc64le itself is supported only since 13.0.
I also corrected a comment, because if we ever have lib32 for powerpc64le, it will be for powerpcle.

Reviewed by:	bdragon (on IRC)
2021-02-06 03:21:55 +01:00
Mateusz Guzik
2f8a844635 cache: remove the largely obsolete general description
Examples of inconsistencies with the current state:
- references LRU of all entries, removed years ago
- references a non-existent lock (neglist)
- claims negative entries have a NULL target

It will be replaced with a more accurate and more informative
description.

In the meantime take it out so it stops misleading.
2021-02-06 00:28:40 +01:00
Mateusz Guzik
0e1594e60e cache: fix vfs:namecache:lookup:miss probe call sites 2021-02-06 00:28:40 +01:00
Mateusz Guzik
2e96132a7d cache: drop spurious arg from panic in cache_validate
vp is already reported when noting mismatch
2021-02-06 00:28:39 +01:00
Mateusz Guzik
b54ed778fe cache: comment on FNV 2021-02-06 00:13:57 +01:00
Alexander Motin
92d0d6bb14 Print DeviceHandle and PhysicalId in hex.
The first is actually a bitfield.  The second is printed in hex by
dmidecode, so uniformidy should be good.

MFC after:	1 week
2021-02-05 16:15:53 -05:00
Alfredo Dal'Ava Junior
eaffd270d8 [POWERPC64LE] add mrsas to GENERIC64LE
Reviewed by:	bdragon
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28475
2021-02-05 19:47:57 -03:00
Alfredo Dal'Ava Junior
20e1817f9a mrsas: update man page
update mrsas(4) since big-endian is supported since
e34a057ca6ebdf8e30ec8b0dc21d18eb450bf36a

Reviewed by:    bdragon, gbe
Sponsored by:   Eldorado Research Institute (eldorado.org.br)
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D28475
2021-02-05 19:47:45 -03:00
Glen Barber
7b1d1a1658 release: disable the 'reldoc' target after the ASCIIDoctor switch
The 'reldoc' target includes release-related documentation on
installation medium.  Since the switch from XML to ASCIIDoctor,
the file locations have moved, and it will take some time to sort
out how this target should work now.

MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-02-05 11:47:15 -05:00
Mark Johnston
90da2c797b truss: Decode sendfile(2) arguments
MFC after:	2 weeks
2021-02-05 11:28:29 -05:00
Alfredo Dal'Ava Junior
59fffbcf46 mrsas: unbreak i386 build
Fix build regression introduced by
e34a057ca6ebdf8e30ec8b0dc21d18eb450bf36a

Reviewed by:	jhibbits
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D28494
2021-02-05 15:43:48 -03:00
Alexander Motin
35e39fd95f Improve ACPI_NFIT_CONTROL_REGION formatting.
MFC after:	1 week
2021-02-05 10:08:34 -05:00
Mark Johnston
3279329b2d tools/git: Add git-arc
This is a handy script for creating and updating Differential revisions
from git commits.  It tries to avoid forcing the user to manage their
git tree in any particular way, but makes two major assumptions:
- there is a one-to-one mapping between git commits and Differential
  revisions,
- the title of a Differential revision is the same as the summary line
  of the corresponding commit.

A verbose description of the script's functionality is provided in its
usage message, which should probably be converted to a man page.

A description of workflows using git-arc is here:
https://lists.freebsd.org/pipermail/freebsd-hackers/2021-January/056979.html

There are some loose ends but this is functional enough to be useful.

Discussed with:	jhb
Differential Revision:	https://reviews.freebsd.org/D28334
2021-02-05 09:47:05 -05:00
Andrew Turner
13ec5a6da0 Add support for arm64 nGnRE device memory
On arm64 we can select how strongly we order device memory. Currently
we use the strongest type of non-Gathering, non-Reordering, no Early
write acknowledgement. This is equivalent to VM_MEMATTR_SO in the 32-bit
arm code.

Create a new memory type to remove the no Early write acknowledgement
option to create a memory attribute that is equivalent to the arm
VM_MEMATTR_DEVICE.

Keep the the old nGnRnE memory as what we provide for VM_MEMATTR_DEVICE
until we can test nGnRE on more hardware. A method for dynamically
switching back may be needed as at least one vendor is known to have
broken nGnRE memory.

Sponsored by:	Innovate UK
2021-02-05 12:25:56 +00:00
Kyle Evans
2373acbbb7 grep: turn off -w if -x is specified
-x overcomes -w in gnugrep, and it should here as well.  Flip it off as
needed to avoid confusing other parts of grep.
2021-02-04 20:59:43 -06:00
Kyle Evans
f823c6dc73 grep: fix null pattern and empty pattern file behavior
The null pattern semantics were terrible because I tried to match gnugrep,
but I got it wrong.  Let's unwind that:

- The null pattern should match every line if neither -w nor -x.
- The null pattern should match empty lines if -x.
- The null pattern should not match any lines if -w.

The first two will stop processing (shortcut) even if additional patterns
are specified. In any other case, we will continue processing other
patterns.  If no other patterns are specified beside a null pattern, then
we match if neither -w nor -x or set and do not match if either of those
are specified.

The justification for -w is that it should match on a whole word, but the
null pattern deos not have a whole word to match on.

Empty pattern files should never match anything, and more importantly, -v
should cause everything to be written.

PR:		253209
MFC-after:	4 days
2021-02-04 20:59:42 -06:00
Konstantin Belousov
856789c123 cpucontrol(8): Fix display.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2021-02-05 03:22:26 +02:00
Konstantin Belousov
5832a3e398 amd64 GENERIC: compile in mlx5en(4)
Reviewed by:	hselasky, manu
Sponsored by:	NVidia Networking/Mellanox Technologies
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28469
2021-02-05 03:22:26 +02:00
Ed Maste
375d797b81 Enable pvscsi and vmx in arm64 GENERIC
FreeBSD pvscsi and vmx work with VMware ESXi Arm "Fling"; provide these
in GENERIC for a convenient out-of-the-box experience.

PR:		253202
Reported by:	Vincent Milum Jr
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2021-02-04 19:21:38 -05:00
Krzysztof Galazka
7d4dceec10 ixl(4): Fix VLAN HW filtering
X700 family of controllers has limited number of available VLAN
HW filters. Driver did not handle properly a case when user
assigned more VLANs to the interface which had all filters
already in use. Fix that by disabling HW filtering when
it is impossible to create filters for all requested VLANs.
Keep track of registered VLANs using bitstring to be able
to re-enable HW filtering when number of requested VLANs
drops below the limit.

Also switch all allocations to use M_IXL malloc type
to ease detecting memory leaks in the driver.

Reviewed by:	erj
Tested by:	gowtham.kumar.ks@intel.com
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28137
2021-02-04 15:33:42 -08:00
Toomas Soome
2bd4ff2d89 loader.efi: There are systems without ConOut, also use ConOutDev
Conout does contian the default output device name.
ConOutDev does contain all possible output device names, so we can
use it as fallback, when there is no ConOut.

PR: 253253
2021-02-04 23:29:38 +02:00
Muhammad Moinur Rahman
aa77662373 Add a comment notifying that "device axp" requires miibus for build.
Although if RJ-45 interface is not being used the miibus is not required
but miibus is a build time dependency.

Reviewed by:    imp, manu, rajesh1.kumar@amd.com
Approved by:    imp, manu, rajesh1.kumar@amd.com
Differential Revision:  https://reviews.freebsd.org/D28465
2021-02-04 21:05:47 +00:00
Ryan Stone
8a06ca2f73 Fix mismerge in OFED update
When OFED was upgraded to Linux v4.9, a bunch of Linux-specific
netlink changes were dropped.  Unfortunately, there was a mismerge
in this process and as a result ib_sa_cancel_query() would fail to
cancel an outstanding MAD.

This was causing rdma_destroy_id() to hang indefinitely waiting
for the MAD to complete and release the final reference.

Sponsored by: Dell Inc.
Differential Revision:	https://reviews.freebsd.org/D28421
Reviewed by: hselasky, kib
MFC after: 2 months
2021-02-04 13:58:24 -05:00
Ryan Stone
b58cf1cb35 Fix race condition in linuxkpi workqueue
Consider the following scenario:

1. A delayed_work struct in the WORK_ST_TIMER state.
2. Thread A calls mod_delayed_work()
3. Thread B (a callout thread) simultaneously calls
linux_delayed_work_timer_fn()

The following sequence of events is possible:

A: Call linux_cancel_delayed_work()
A: Change state from TIMER TO CANCEL
B: Change state from CANCEL to TASK
B: taskqueue_enqueue() the task
A: taskqueue_cancel() the task
A: Call linux_queue_delayed_work_on().  This is a no-op because the
state is WORK_ST_TASK.

As a result, the delayed_work struct will never be invoked.  This is
causing address resolution in ib_addr.c to stop permanently, as it
never tries to reschedule a task that it thinks is already scheduled.

Fix this by introducing locking into the cancel path (which
corresponds with the lock held while the callout runs).  This will
prevent the callout from changing the state of the task until the
cancel is complete, preventing the race.

Differential Revision:	https://reviews.freebsd.org/D28420
Reviewed by: hselasky
MFC after: 2 months
2021-02-04 13:54:53 -05:00
Alex Richardson
1eec5861d5 tests/sys/vfs/lookup_cap_dotdot: No longer aborts after ATF update
It appears this test no longer fails after c203bd70b5957f85616424b6fa374479372d06e3.

PR:		215690
2021-02-04 17:57:27 +00:00
Alex Richardson
72692dfdfe usr.bin/jail: Fix tests when using kyua -v parallelism=N
These tests create jails with the same name, so they cannot be run in
parallel.

Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D28482
2021-02-04 17:56:55 +00:00