On systems where mac_veriexec is enforced, init should run its scripts in verified mode.
This relies on the verify shell option introduced by D30464. init will detect if the shell
is /bin/sh, and in which case, add the verify option to the argument vector.
The verify option propagates to all files sourced by the shell, ensuring a better
protection than if the script was tested against an open(O_VERIFY) before running it.
This security can be bypassed with the kenv which overloads the shell to use.
However we feel confident that on systems running with mac_veriexec, this kenv will be blocked somehow.
Also, the verify option has no effect on systems where mac_veriexec is not loaded nor enforced.
Differential revision: https://reviews.freebsd.org/D34622
Reviewed by: sjg, wma
Adapt 2796f7cab1 to igc(4)
* Don't reset the entire adapter for vlan changes, fix up the problems
* Remove the VFTA, this hardware doesn't seem to implement it
Approved by: grehan
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31979
Like many of the other encodings here, none of these are actually used
by our tables. However, defining the EVENT_xH names allows them to be
used by the user (e.g. when trying to use an implementation-defined
event that they know about from their core's documentation but we don't)
and allows us to define PMC_EV_ARMV8_LAST appropriately.
Some of these are also used downstream in CheriBSD on Morello.
Reviewed by: andrew, tsoome
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D36926
The documented encoding space for Armv8 was only 8 bits, but v8.0 has
always had a 10-bit encoding space for its events, and downstream in
CheriBSD we relied on this full space. This worked until the DMC-620 and
CMN-600 events were added, trampling on what should have been reserved
for Armv8.0 right from the start. Thus, renumber the DMC-620 and CMN-600
events to not do this before they make it into a stable release,
allowing for the full Armv8.0 encoding space to be used without having
to split it across two different regions.
Note that Armv8.1 grows the encoding space to 16 bits, which doesn't fit
well with our current approach. No attempt is made to allow for these
events in this change, only the ones that have always been valid (according to
the hardware) from the first commit of Armv8 support to hwpmc.
Reviewed by: arichardson, tsoome
Differential Revision: https://reviews.freebsd.org/D36925
Buggy SMM implementations can hang while processing CPPC notifications.
This leads to some laptops (notably Thinkpads) hanging when the
hwpstate_intel driver is loaded.
Tell the SMM that we will handle CPPC notifications as described in:
- Intel® Processor Vendor-Specific ACPI
- Intel® 64 and IA-32 Architectures Software Developer’s Manual
CPPC events default to masked (disabled) so while we do not do any
handling right now this does not seem to lead to any issues.
This approach was found via this Linux Kernel patch:
https://lkml.org/lkml/2016/3/17/563
PR: 253288
Reviewed by: imp, jhb
Sponsored by: Modirum
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D36699
Add TCP_BLACKBOX to the remaining platforms (arm64, RISC-V) and add
TCP_RFC7413 to the remaining platform (RISC-V).
Reviewed by: rscheff@
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36918
I225 devices have only one PHY vendor. There is unnecessary to check
_I_PHY_ID during the link establishment and auto-negotiation process,
the checking also caused devices like i225-IT failed. This patch is to
remove the mentioned unnecessary checking.
Cc: stable@dpdk.org
Signed-off-by: Mah Yock Gen <yock.gen.mah@intel.com>
Signed-off-by: Taripin Samuel <samuel.taripin@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
Approved by: grehan
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36923
This will resolve a reference and return the appropriate handle, a node
on the simplebus or an ACPI_HANDLE for ACPI. For now we do not try to
further abstract the return type.
MFC after: 2 weeks
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D36793
During discussions with someone that was doing NFS-over-TLS
development for Solaris, we had a concern that the server might
become overloaded after rebooting, due to a large number of
TLS handshake requests from clients.
To alleviate this potential problem, this patch modifies rpc.tlsservd
so that it supports the "-N/--numdaemons" command line option,
which specifies that up to RPCTLS_SRV_MAXNPROCS (currently defined
as 16 in the patch) may be started.
When there are multiple daemons, one is selected by the patched kernel
in a round-robin fashion, to serve a TLS handshake request.
The man page update will be done in a future commit.
Reviewed by: emaste, karels
Differential Revision: https://reviews.freebsd.org/D35886
Similar to 2cd6ad766e for inet6 drop ifma_restart use, creating more
problems than solving. It is no longer needed after epoch introduction.
While there, add NULL check for ifma_ifp in igmp_change_state(), that
sometimes caused panics on interface destruction.
MFC after: 2 weeks
Rather than using a per-cpu state counter, and adding in the CPU id we
can atomically increment the number.
This has the advantage of removing the assumption that the CPU ID fits
in 8 bits.
Event: Aberdeen Hackathon 2022
Reviewed by: mjg
Differential Revision: https://reviews.freebsd.org/D36915
This reverts commit 1c2be25f60.
kib@ pointed out that it is perfectly fine to write at arbitrary regular
file offsets. For example, in a 4K block size character device, geom
doesn't support writing / reading 515 byte blocks. The description is
perhaps not applicable to all EINVALs returned.
The load address computations are highly architecture specific. There
are generic ways that are augmented by specific constraints of specific
way things work on each architecture. Move the current load segment
computations into a MD routine load_addr.
As part of the move, I'm marking kboot_get_kernel_machine_bits as
unused. This arrived in a prior commit, but never seems to have been
connected, suggesting an incomplete merge at the time, or a path not yet
taken.
Create a stub for amd64 that will be filled in with a later commit.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D36603
For CAM, move to the FreeBSD standard copyright rather than the 'put it
at the front' variation. This variaiton has been flagged as potentially
problematic in other contexts. Since this variation wasn't a conscious
decision on our part, use the standard license from src/COPYRIGHT.
Also, remove the -FreeBSD suffix in SPDX-License-Identifier. It's
obsolete at SPDX and even the original text didn't match it.
MFC After: 3 days
Sponsored by: Netflix
Use uintmax_t cast to print the size of the device for the non-humanize
case to avoid issues with 32-bit longs.
Fixes: 9c1bec9c21
Sponsored by: Netflix
In virtual machines with virtual UARTs which have fictitious baud
rates, it may be possible to drain the receive queue very quickly,
without needing to DELAY after each character. Attempt to read
(and discard) the receive queue as fast as possible, stopping for
a DELAY only when LSR_RXRDY is no longer asserted; assume that we
have finished draining the queue when LSR_RXRDY is asserted both
before and after a DELAY.
This speeds up the boot process in FreeBSD/Firecracker by 27 ms.
Reviewed by: imp, jrtc27
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D36184
Add an option of -h --human to output human readable size unit instead
of the fixed unit (MB).
Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com>
Reviewed by: imp, bcr
Differential Revision: https://reviews.freebsd.org/D32957
Maintaining a comprehensive list of event handlers in this man page is a
futile endeavor. It is entirely detached from the source code, and
therefore requires that anyone adding/removing an event handler have
prior knowledge of the list. Many do not, so it will naturally become
stale (and is).
This is demonstrated by the fact that there are currently 88 instances
of EVENTHANDLER_DECLARE() in the source tree, but the list contains 66
items.
Many of the descriptions do not offer much detail that could not be
gleaned from the handler name alone. It is a more effective strategy to
document the purpose/details of the event handler in a comment alongside
its declaration.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36895
Describe more clearly the purpose of these flags and where they are
used.
Remove grog's comment about revisiting the flags. At this point it does
not make sense to change this long-standing API, especially in light of
2cf7870864 ("Collapse interrupt thread priorities").
Give a better example of a bus modifying these flags; I did not find any
existing instance where a bus changes the interrupt's type.
Reviewed by: imp, markj, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36896
Add a <sys/_pv_entry.h> intended for use in <machine/pmap.h> to
define struct pv_entry, pv_chunk, and related macros and inline
functions.
Note that powerpc does not yet use this as while the mmu_radix pmap
in powerpc uses the new scheme (albeit with fewer PV entries in a
chunk than normal due to an used pv_pmap field in struct pv_entry),
the Book-E pmaps for powerpc use the older style PV entries without
chunks (and thus require the pv_pmap field).
Suggested by: kib
Reviewed by: kib
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D36685
netisr_dispatch() can fail, especially when under high traffic loads.
This isn't a fatal error, so simply don't check the return value.
Sponsored by: Rubicon Communications, LLC ("Netgate")
If we're writing structured output (i.e. json or xml) we shouldn't worry
about terminal width, and instead always output full width information.
This means that, for example, if we're called from crontab with 'w
--libxo json' we'll provide full the command field rather than
pointlessly truncating it.
Suggested by: Phil Shafer
Event: Aberdeen Hackathon 2022
Differential Revision: https://reviews.freebsd.org/D25013
2449b9e5fe introduced API changes
that require ensuring that loadable MAC modules use the matching API.
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
When multiple <SYN> segments are received, update the <SYN,ACK>
sent in response to the latest IP ECN and TCP ECN information.
On retransmitting the <SYN,ACK>, once ECN maxtries are done, not
only disable RFC3168 ECN, but AccECN also.
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36875
On passive sessions, honor the local settings disabling or
enabling window scaling and timestamp options.
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36874
The vxlan interface encapsulates the Ethernet frame by prepending IP/UDP
and vxlan headers. For statistics, only the payload, i.e. the
encapsulated (inner) frame should be counted.
Event: Aberdeen Hackathon 2022
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D36855
The read system call will return EINVAL if the current file offset is
not a multiple of the block size. This also applies to write(2). Add an
entry for EINVAL about this error to both man pages.
PR: 91149
Event: Aberdeen Hackathon 2022
Differential Revision: https://reviews.freebsd.org/D24617
Mechanically cleanup INP_TIMEWAIT from the kernel sources. After
0d7445193a, this commit shall not cause any functional changes.
Note: this flag was very often checked together with INP_DROPPED.
If we modify in_pcblookup*() not to return INP_DROPPED pcbs, we
will be able to remove most of this checks and turn them to
assertions. Some of them can be turned into assertions right now,
but that should be carefully done on a case by case basis.
Differential revision: https://reviews.freebsd.org/D36400