When pf sends layer 2 traffic into dummynet it still marks IPv6 with
IPFW_ARGS_IPV6 (which dummynet translates to PROTO_V6). That in turn
results in it not matching the 'DIR_IN | PROTO_LAYER2' case, and
triggering the 'bad switch' error message.
Add extra cases for LAYER2 | PROTO_IPV6.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Do not assume that start_info will always be loaded at the highest
memory address, and instead check the position of all the loaded
elements in order to find the last loaded one, and thus a likely safe
place to use as early boot allocation memory space.
Reported by: markj, cperciva
Sponsored by: Citrix Systems R&D
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D35628
Add shm_remove_prison(), that removes all POSIX shared memory segments
belonging to a prison. Call it from prison_cleanup() so a prison
won't be stuck in a dying state due to the resources still held.
PR: 257555
Reported by: grembo
Currently, when a jail starts dying, either by losing its last user
reference or by being explicitly killed,
osd_jail_call(...PR_METHOD_REMOVE...) is called. Encapsulate this
into a function prison_cleanup() that can then do other cleanup.
The field values are only valid when the ID_AA64PFR0_EL1.SVE or
ID_AA64PFR1_EL1.SME vields are non-zero. When this is not the case
the register is reserved as zero so is safe to read, but the SVEver
field will be incorrect so only print the decoded register when
the SVE or SME fields indicate it is valid.
Sponsored by: The FreeBSD Foundation
On arm64 all registers have a name that encodes op0, op1, CRn, CRm, and
op2 that are used to encode the register in the instruction. As some
registers we need to access may not be supportedby older compilers, or
are only supported when specific extensions are enabled support this
alternative form.
Sponsored by: The FreeBSD Foundation
Instead of returning EMSGSIZE pass the error code from fdallocn() directly
to userland. That would be EMFILE, which makes much more sense. This
error code is not listed in the specification[1], but the specification
doesn't cover such edge case at all. Meanwhile the specification lists
EMSGSIZE as the error code for invalid value of msg_iovlen, and FreeBSD
follows that, see sys_recmsg(). Differentiating these two cases will make
a developer/admin life much easier when debugging.
[1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/recvmsg.html
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D35640
To keep the vfp thread creation code in one place move into vfp.c. This
will also help with adding SVE support as it depends on VFP.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35615
- Remove the variable set but not used to fix build on -CURRENT
- Remove bzero() on the space malloc'd with M_ZERO flag.
Signed-off-by: En-Wei Wu <enweiwu@FreeBSD.org>
Sponsored by: Google, Inc. (GSoC 2022)
Differential Revision: https://reviews.freebsd.org/D35624
Otherwise the mount point could be unmounted meantime.
Reported and tested by: pho
Reviewed by: jah
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D35638
Provide more robust parameter parsing in veriexec. Do a little cleanup as well.
Differential revision: https://reviews.freebsd.org/D33246
Obtained from: Semihalf
Reviewed by: sjg, sebastien.bini_stormshield.eu
If Trust Anchors are provided by UEFI and not compiled into
libsecureboot the segmentation fault occurs due to empty
or NULL string usage.
Obtained from: Semihalf
Reviewed by: sjg
Differential revision: https://reviews.freebsd.org/D35120
Writes to sysctls flagged with CTLFLAG_SECURE are blocked if the appropriate secure level is set. mac_veriexec does not behave this way, it blocks such sysctls in read-only mode as well.
This change aims to make mac_veriexec behave like secure levels, as it was meant by the original commit ed377cf41.
Reviewed by: sjg
Differential revision: https://reviews.freebsd.org/D34327
Obtained from: Stormshield
typecheck macro check if the type of a variable matches a type.
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D35569
Switch the driver to use device based functions which will work not
only with FDT but also ACPI.
While here make dr_mode a local variable as it is only used during
probe and not needed later in the softc.
MFC after: 2 weeks
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D33170
acpi_find_dsd() is not a bus function and we only need the acpi_device (ad).
The only caller has already looked up the ad (from ivars) for us.
Directly pass the ad to acpi_find_dsd() instead of bus, dev and remove
the extra call to device_get_ivars(); the changed argument also means we
now call AcpiEvaluateObject directly on the handle.
This optimisation was done a while ago while debugging a driver which
ended up with a bad bus, dev combination making the old version fail.
MFC after: 2 weeks
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D35558
This change is a continuation of 9c42645a1e4d workaround.
Apparently pytest argument parser is not happy when parsing values
with spaces or just more than one --atf-var argument.
Switch wrapper to send these kv pairs as env variables. Specifically,
use _ATF_VAR_key=value format to distinguish from the other vars.
Add the `atf_vars` fixture returning all passed kv pairs as a dict.
Reviewed by: lwhsu
Differential Revision: https://reviews.freebsd.org/D35625
MFC after: 2 weeks
NULL out src/dst and check them rather than relying of 'af' to indicate
these variables are valid.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35573
OpenVPN allows us to push routes for client networks with the 'iroute'
directive. Test that this works as expected.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In client mode (i.e. if there's only one peer) we should be able to
route to the correct peer even if the routing table is incorrect.
Sponsored by: Rubicon Communications, LLC ("Netgate")
