Commit Graph

267969 Commits

Author SHA1 Message Date
Franco Fichtner
5851803f4b dhclient: remove patching of static values in BPF programs
Reviewed by:	markj
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31502
2021-08-19 09:10:42 -04:00
Luiz Otavio O Souza
1a4d7030bb rtsold: make it work on if_vlan interfaces
Reviewed by:	kp
Obtained from:	pfsense
MFC after:	1 week
2021-08-19 14:31:13 +02:00
Ka Ho Ng
a54abe119e truncate(1): Fix missing -d option manpage
Mention that either one of the -r, -s and -d options must be specified.

Sponsored by:	The FreeBSD Foundation
2021-08-19 18:45:25 +08:00
Ka Ho Ng
5ee2c35751 truncate(1): Add hole-punching support
This commit adds hole-punching support to the truncate(1) utility. If
the option -d is specified, truncate(1) performs zeroing, and if
possible hole-punching in case the operation is supported by the
underlying file system of the specified files.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D31556
2021-08-19 18:30:41 +08:00
Ka Ho Ng
78267c2e70 md: Replace BIO_DELETE emulation with vn_deallocate(9)
Both zero-filling and/or deallocation can be done with vn_deallocate(9).

Sponsored by:	The FreeBSD Foundation
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D28899
2021-08-19 18:30:13 +08:00
Samuel Robinette
0a7d1fc6f6 pf: implement set-tos for IPv6
Extend the existing set-tos keyword to also be able to set traffic class
on IPv6 traffic.
Add tests for this as well.

Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D31564
2021-08-19 10:07:56 +02:00
Luiz Otavio O Souza
c138424148 lagg: don't update link layer addresses on destroy
When the lagg is being destroyed it is not necessary update the
lladdr of all the lagg members every time we update the primary
interface.

Reviewed by:	scottl
Obtained from:	pfSense
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31586
2021-08-19 10:49:32 +02:00
Luiz Otavio O Souza
20ffd88ed5 ipfw: use unsigned int for dummynet bandwidth
This allows the maximum value of 4294967295 (~4Gb/s) instead of previous
value of 2147483647 (~2Gb/s).

Reviewed by:	np, scottl
Obtained from:	pfSense
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D31582
2021-08-19 10:48:53 +02:00
Piotr Pawel Stefaniak
35b253d9d2 sh: fix NO_HISTORY build
Move code added in b315a7296d ("autocomplete commands") to
conditionally compiled part under #ifndef NO_HISTORY.

Reported by:	bdrewery
Fixes:		b315a7296d
2021-08-19 06:57:06 +02:00
Michael Tuexen
eba8e643b1 sctp: improve handling of INIT chunks with invalid parameters
MFC after:	3 days
2021-08-19 00:33:28 +02:00
Alexander Motin
c7cf100aaf geli(8): Do not report error on resize to the same size.
Just validate the old metadata and exit.  Originally the check was
added to not thash the only copy of metadata, but we can achieve the
same just by skipping the writing/trashing.  The metadata validation
should protect user from wrongly specifying new size instead of old.

MFC after:	1 month
Sponsored by:	iXsystems, Inc.
2021-08-18 17:11:03 -04:00
John Baldwin
c261b6ea4e iscsi: Teach the iSCSI stack about "large" received PDUs.
When using iSCSI PDU offload (cxgbei) on T6 adapters, a burst of
received PDUs can be reported via a single message to the driver.

Previously the driver passed these multi-PDU bursts up to the iSCSI
stack up as a single "large" PDU by rewriting the buffer offset, data
segment length, and DataSN fields in the iSCSI header.  The DataSN
field in particular was rewritten so that each of the "large" PDUs
used consecutively increasing values.  While this worked, the forged
DataSN values did not match the ExpDataSN value in the subsequent SCSI
Response PDU.  The initiator does not currently verify this value, but
the forged DataSN values prevent adding a check.

To avoid this, allow a logical iSCSI PDU (struct icl_pdu) to describe
a burst of PDUs via a new 'ip_additional_pdus' field.  Normally this
field is set to zero when 'struct icl_pdu' represents a single PDU.
If logical PDU represents a burst of on-the-wire PDUs, then 'ip_npdus'
contains the count of additional on-the-wire PDUs.  The header of this
"large" PDU is still modified, but the DataSN field now contains the
DataSN value of the first on-the-wire PDU in the burst.

Reviewed by:	mav
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31577
2021-08-18 10:56:28 -07:00
Kyle Evans
d7e1bdfeba uipc: avoid circular pr_{slow,fast}timos
domain_init() gets reinvoked for each vnet on a system, so we must not
alter global state.  Practically speaking, we were creating circular
lists and tying up a softclock thread into an infinite loop.

The breakage here was most easily observed by simply creating a jail
in a new vnet and watching the system suddenly become erratic.

Reported by:	markj
Fixes:	e0a17c3f06 ("uipc: create dedicated lists for fast ...")
Pointy hat:	kevans
2021-08-18 12:46:54 -05:00
Cyril Zhang
a85404906b vmm: Add credential to cdev object
Add a credential to the cdev object in sysctl_vmm_create(), then check
that we have the correct credentials in sysctl_vmm_destroy(). This
prevents a process in one jail from opening or destroying the /dev/vmm
file corresponding to a VM in a sibling jail.

Add regression tests.

Reviewed by:	jhb, markj
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31156
2021-08-18 13:41:33 -04:00
Fabian Kurtz
0a539a0f00 dhclient: support supersede statement for option 54
PR:		217978
Reported by:	Franco Fichtner <franco@opnsense.org>
Reviewed by:	markj
Obtained from:	OPNsense
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31503
2021-08-18 10:15:28 -07:00
Franco Fichtner
bb250fae9e gre: simplify RSS ifdefs
Use the early break to avoid else definitions. When RSS gains a
runtime option previous constructs would duplicate and convolute
the existing code.

While here init flowid and skip magic numbers and late default
assignment.

Reviewed by:	melifaro, kbowling
Obtained from:	OPNsense
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31584
2021-08-18 10:05:29 -07:00
Ka Ho Ng
89c0d2b190 truncate(1): main() return statement style fix
Sponsored by:	The FreeBSD Foundation
2021-08-18 23:45:59 +08:00
Mateusz Guzik
aec8ad8a9e arm: hide busdma statistics behind ifdef ARM_BUSDMA_MAPLOAD_STATS
Stat collection using counter(9) is quite expensive on this platform and
these counters are normally not needed.

In particular we see about 1.5% bump in packet rate using Cortex-A9

Reviewed by:	ian
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Different Revision:	https://reviews.freebsd.org/D31592
2021-08-18 17:24:53 +02:00
Hans Petter Selasky
8a46f021c2 Make sure the uftdi(4) driver doesn't start a USB transfer when being cancelled.
MFC after:	1 week
Sponsored by:	NVIDIA Networking
2021-08-18 11:42:37 +02:00
Kristof Provost
07edc89c39 witness: remove ifnet_rw
This lock no longer exists. It was removed in
a60100fdfc (if: Remove ifnet_rwlock, 2020-11-25)

Reviewed by:		mjg
Pointed out by:		Dheeraj Kandula <dheerajk@netapp.com>
Different Revision:	https://reviews.freebsd.org/D31585
2021-08-18 08:51:26 +02:00
Kristof Provost
a051ca72e2 Introduce m_get3()
Introduce m_get3() which is similar to m_get2(), but can allocate up to
MJUM16BYTES bytes (m_get2() can only allocate up to MJUMPAGESIZE).

This simplifies the bpf improvement in f13da24715.

Suggested by:	glebius
Differential Revision:	https://reviews.freebsd.org/D31455
2021-08-18 08:48:27 +02:00
Stephan de Wit
66fa12d8fb iflib: emulate counters in netmap mode
When iflib devices are in netmap mode the driver
counters are no longer updated making it look from
userspace tools that traffic has stopped.

Reported by:	Franco Fichtner <franco@opnsense.org>
Reviewed by:	vmaffione, iflib (erj, gallatin)
Obtained from:	OPNsense
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31550
2021-08-18 00:17:43 -07:00
Wojciech Macek
e3500c602b ipmi: fix negative logic in watchdog control flag
Use wd_enable instead of wd_disable
2021-08-18 08:21:14 +02:00
Scott Long
045001075e - Fix the growfs rc script to cope with diskid labels.
- Fix a warning in growfs. gpart commit is supposed to be called on disk
  device.
- Silence a gpart commit warning in growfs.

Submitted by: loos
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D31587
Sponsored by: Rubicon Communications, LLC ("Netgate")
2021-08-17 21:50:18 +00:00
John Baldwin
671a35b176 UPDATING: Add a note about OpenSSL defaulting KTLS to off.
Sponsored by:	Netflix
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D31444
2021-08-17 14:43:46 -07:00
John Baldwin
6372fd253e OpenSSL: Add support for Chacha20-Poly1305 to kernel TLS on FreeBSD.
FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.

NB: This commit has not yet been merged upstream as it is deemed a new
feature and did not make the feature freeze cutoff for OpenSSL 3.0.

Reviewed by:	jkim
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31443
2021-08-17 14:41:42 -07:00
John Baldwin
d6e78ecb0b OpenSSL: Refactor KTLS tests to better support TLS 1.3.
Most of this upstream commit touched tests not included in the
vendor import.  The one change merged in is to remove a constant
only present in an internal header to appease the older tests.

Reviewed by:	jkim
Obtained from:	OpenSSL (e1fdd5262e4a45ce3aaa631768e877ee7b6da21b)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31442
2021-08-17 14:41:37 -07:00
John Baldwin
a208223130 OpenSSL: Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.

Reviewed by:	jkim
Obtained from:	OpenSSL (6878f4300213cfd7d4f01e26a8b97f70344da100)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31441
2021-08-17 14:41:31 -07:00
John Baldwin
62ca9fc1ad OpenSSL: Only enable KTLS if it is explicitly configured
It has always been the case that KTLS is not compiled by default. However
if it is compiled then it was automatically used unless specifically
configured not to. This is problematic because it avoids any crypto
implementations from providers. A user who configures all crypto to use
the FIPS provider may unexpectedly find that TLS related crypto is actually
being performed outside of the FIPS boundary.

Instead we change KTLS so that it is disabled by default.

We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather
than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and
SSL_MODE_NO_KTLS_TX).

Reviewed by:	jkim
Obtained from:	OpenSSL (a3a54179b6754fbed6d88e434baac710a83aaf80)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31440
2021-08-17 14:41:24 -07:00
John Baldwin
63c6d3e283 OpenSSL: ktls: Initial support for ChaCha20-Poly1305
Linux kernel is going to support ChaCha20-Poly1305 in TLS offload.
Add support for this cipher.

Reviewed by:	jkim
Obtained from:	OpenSSL (3aa7212e0a4fd1533c8a28b8587dd8b022f3a66f)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31439
2021-08-17 14:41:19 -07:00
John Baldwin
334d228a20 OpenSSL: Correct the return value of BIO_get_ktls_*().
BIO_get_ktls_send() and BIO_get_ktls_recv() are documented as
returning either 0 or 1.  However, they were actually returning the
internal value of the associated BIO flag for the true case instead of
1.

Also trim redundant ternary operators.

Reviewed by:	jkim
Obtained from:	OpenSSL (f16e52b67c9261bdc7e1284a50502a802921ac6d)
MFC after:	5 days
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D31438
2021-08-17 14:41:12 -07:00
Alexander V. Chernikov
36e15b717e routing: Fix crashes with dpdk_lpm[46] algo.
When a prefix gets deleted from the RIB, dpdk_lpm algo needs to know
 the nexthop of the "parent" prefix to update its internal state.
The glue code, which utilises RIB as a backing route store, uses
 fib[46]_lookup_rt() for the prefix destination after its deletion
 to fetch the desired nexthop.
This approach does not work when deleting less-specific prefixes
 with most-specific ones are still present. For example, if
 10.0.0.0/24, 10.0.0.0/23 and 10.0.0.0/22 exist in RIB, deleting
 10.0.0.0/23 would result in 10.0.0.0/24 being returned as a search
 result instead of 10.0.0.0/22. This, in turn, results in the failed
 datastructure update: part of the deleted /23 prefix will still
 contain the reference to an old nexthop. This leads to the
 use-after-free behaviour, ending with the eventual crashes.

Fix the logic flaw by properly fetching the prefix "parent" via
 newly-created rt_get_inet[6]_parent() helpers.

Differential Revision: https://reviews.freebsd.org/D31546
PR:	256882,256833
MFC after:	1 week
2021-08-17 20:46:22 +00:00
Randall Stewart
5baf32c97a tcp: Add support for DSACK based reordering window to rack.
The rack stack, with respect to the rack bits in it, was originally built based
on an early I-D of rack. In fact at that time the TLP bits were in a separate
I-D. The dynamic reordering window based on DSACK events was not present
in rack at that time. It is now part of the RFC and we need to update our stack
to include these features. However we want to have a way to control the feature
so that we can, if the admin decides, make it stay the same way system wide as
well as via socket option. The new sysctl and socket option has the following
meaning for setting:

00 (0) - Keep the old way, i.e. reordering window is 1 and do not use DSACK bytes to add to reorder window
01 (1) - Change the Reordering window to 1/4 of an RTT but do not use DSACK bytes to add to reorder window
10 (2) - Keep the reordering window as 1, but do use SACK bytes to add additional 1/4 RTT delay to the reorder window
11 (3) - reordering window is 1/4 of an RTT and add additional DSACK bytes to increase the reordering window (RFC behavior)

The default currently in the sysctl is 3 so we get standards based behavior.
Reviewed by: tuexen
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D31506
2021-08-17 16:29:22 -04:00
Mateusz Guzik
3e875f952a pf: assert dir state on pf_test{,6}
The intent is to line up various enums so that branching in the lines of:

idx = (dir == PF_IN ? PF_SK_WIRE : PF_SK_STACK);

is avoided.

Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-17 21:56:50 +02:00
Mateusz Guzik
5091ca2650 pf: save on branching in the common case in pf_test
Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-17 21:56:33 +02:00
Mateusz Guzik
e0a17c3f06 uipc: create dedicated lists for fast and slow timeout callbacks
This avoids having to walk all possible protocols only to check if they
have one (vast majority does not).

Original patch by kevans@.

Reviewed by:	kevans
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-08-17 21:56:05 +02:00
Bryan Drewery
4b7bf84248 bootstrap-tools: Don't copy host tools with make -n 2021-08-17 12:26:03 -07:00
Martin Matuska
2faf504d1a zfs: merge openzfs/zfs@8ae86e2ed (master) into main
Notable upstream pull request merges:
  #12422 Fix/improve dbuf hits accounting
  #12406 Increase default volblocksize from 8KB to 16KB
  #12398 Remove b_pabd/b_rabd allocation from arc_hdr_alloc()
  #12397 Run arc_evict thread at higher priority
  #12297 Avoid vq_lock drop in vdev_queue_aggregate()
  #12161 Restore FreeBSD sysctl processing for arc.min and arc.max

Obtained from:	OpenZFS
OpenZFS commit:	8ae86e2edc
2021-08-17 21:10:44 +02:00
Bryan Drewery
a3ddd7c92b _worldtmp: Fix some sub-makes not working with make -n 2021-08-17 12:06:40 -07:00
John Baldwin
d75b0870e5 cxgbei: Restrict received PDUs to 4 DDP pages in length.
Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31576
2021-08-17 11:14:37 -07:00
John Baldwin
f28715fdc1 cxgbei: Only round PDU data segment lengths down by 512 on T5.
Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31575
2021-08-17 11:14:29 -07:00
John Baldwin
cbc186360c cxgbei: Restructure how PDU limits are managed.
- Compute data segment limits in read_pdu_limits() rather than PDU
  length limits.

- Add back connection-specific PDU overhead lengths to compute PDU
  length limits in icl_cxgbei_conn_handoff().

Reviewed by:	np
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D31574
2021-08-17 11:14:11 -07:00
Ryan Moeller
8ae86e2edc ZTS: Add tests for creation time
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Reviewed-by: Allan Jude <allan@klarasystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Ryan Moeller <ryan@iXsystems.com>
Closes #12432
2021-08-17 10:25:58 -07:00
Richard Yao
abbf0bd4eb Linux 4.11 compat: statx support
Linux 4.11 added a new statx system call that allows us to expose crtime
as btime. We do this by caching crtime in the znode to match how atime,
ctime and mtime are cached in the inode.

statx also introduced a new way of reporting whether the immutable,
append and nodump bits have been set. It adds support for reporting
compression and encryption, but the semantics on other filesystems is
not just to report compression/encryption, but to allow it to be turned
on/off at the file level. We do not support that.

We could implement semantics where we refuse to allow user modification
of the bit, but we would need to do a dnode_hold() in zfs_znode_alloc()
to find out encryption/compression information. That would introduce
locking that will have a minor (although unmeasured) performance cost.
It also would be inferior to zdb, which reports far more detailed
information. We therefore omit reporting of encryption/compression
through statx in favor of recommending that users interested in such
information use zdb.

Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Reviewed-by: Allan Jude <allan@klarasystems.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Signed-off-by: Richard Yao <ryao@gentoo.org>
Closes #8507
2021-08-17 10:25:58 -07:00
Piotr Pawel Stefaniak
c66e9307ea mount.h: improve a comment about flags
The comment only specifies MNT_ROOTFS - which is set by the kernel when
mounting its root file system. So it's not clear if any other flags
are not quite right and for what reason.
2021-08-17 19:08:33 +02:00
Piotr Pawel Stefaniak
f49931c142 style.9: remove an outdated comment about indent(1)
indent(1) has had -ncs and -nbs for some time now.
2021-08-17 19:06:24 +02:00
Gordon Bergling
0f402668f9
zfs.4: Fix typo s/compatiblity/compatibility/
Reviewed-by: George Melikov <mail@gmelikov.ru>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Signed-off-by: Gordon Bergling <gbergling@googlemail.com>
Closes #12464
2021-08-17 11:01:07 -06:00
Alex Richardson
d9f25575a2 Mark LLDB/CLANG_BOOTSTRAP/LLD_BOOTSTRAP as broken on non-FreeBSD for now
I enabled these options again in 31ba4ce889,
but unfortunately only my specific build configuration worked whereas the
build with default options is still broken.
2021-08-17 17:44:52 +01:00
Piotr Pawel Stefaniak
0e92585cde fstyp: add BeFS support
A simple support for detecting BeFS (BeOS) filesystem

Submitted by:	Miguel Gocobachi
Differential Revision:	https://reviews.freebsd.org/D29917
2021-08-17 18:16:07 +02:00
Alexander Motin
6b88b4b501
Remove b_pabd/b_rabd allocation from arc_hdr_alloc()
When a header is allocated for full overwrite it is a waste of time
to allocate b_pabd/b_rabd for it, since arc_write() will free them
without ever being touched.  If it is a read or a partial overwrite
then arc_read() and arc_hdr_decrypt() allocate them explicitly.

Reduced memory allocation in user threads also reduces ARC eviction
throttling there, proportionally increasing it in ZIO threads, that
is not good.  To minimize or even avoid it introduce ARC allocation
reserve, allowing certain arc_get_data_abd() callers to allocate a
bit longer in situations where user threads will already throttle.

Reviewed-by: George Wilson <gwilson@delphix.com>
Reviewed-by: Mark Maybee <mark.maybee@delphix.com>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored-By: iXsystems, Inc.
Closes #12398
2021-08-17 10:15:54 -06:00