Commit Graph

250645 Commits

Author SHA1 Message Date
Ed Maste
4d13f78444 Correct terminology in vm.imply_prot_max sysctl description
As with r361769 (man page), PROT_* are properly called protections, not
permissions.

MFC after:	1 week
MFC with:	r361769
Sponsored by:	The FreeBSD Foundation
2020-06-04 01:49:29 +00:00
Rick Macklem
01f13218a3 Fix mountd to handle getgrouplist() not returning groups[0] == groups[1].
Prior to r174547, getgrouplist(3) always returned a groups list with
element 0 and 1 set to the basegid argument, so long as ngroups was > 1.
Post-r174547 this is not the case. r328304 disabled the deduplication that
removed the duplicate, but the duplicate still does not occur unless the
group for a user in the password database is also entered in the group
database.
This patch fixes mountd so that it handles the case where a user specified
with the -maproot or -mapall exports option has a getgrouplist(3) groups
list where groups[0] != groups[1].
Found while testing another mountd patch.

MFC after:	2 weeks
2020-06-04 00:28:20 +00:00
John Baldwin
8c27b7a98b Add opt_compat.h needed by r359374.
Reported by:	kevans
2020-06-03 23:21:44 +00:00
Adrian Chadd
e649b526cc [run] Fix up tx/rx frame size.
This specifically fixes that TX frames are large enough now to hold a 3900 odd
byte AMSDU (the little ones); me flipping it on earlier messed up transmit!

Tested:

* if_run, STA mode, TX/RX TCP/UDP iperf.  TCP is now back to normal and
  correctly does ~ 3200 byte AMSDU/fast frames (2x1600ish byte MSDUs).
2020-06-03 22:30:44 +00:00
John Baldwin
1a4a7e98eb Explicitly zero IVs on the stack.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:19:52 +00:00
John Baldwin
0065d9a47f Explicitly zero AES key schedules on the stack.
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:18:21 +00:00
Oleksandr Tymoshenko
eb5e1004e2 Add spigen overlay for Raspberry Pi 4
Submitted by:	gergely.czuczy@harmless.hu
2020-06-03 22:18:15 +00:00
John Baldwin
66f2e4b620 Explicitly zero on-stack IVs, tags, and HMAC keys.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:15:11 +00:00
John Baldwin
20c128da91 Add explicit bzero's of sensitive data in software crypto consumers.
Explicitly zero IVs, block buffers, and hashes/digests.

Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:11:05 +00:00
Oleksandr Tymoshenko
0897babceb Add dtb for Firefly RK3399 to the list of Rockchip dtbs 2020-06-03 21:19:57 +00:00
Konstantin Belousov
9bed49fea4 Add pthread_getname_np() and pthread_setname_np() aliases
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.

PR:	238404
Proposed and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25117
2020-06-03 20:54:36 +00:00
Ed Maste
3f65edb369 mmap.2: correct prot argument terminology
One of the error descriptions referred to permissions; in context the
meaning was probably clear, but the prot values are properly called
protections.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-03 20:42:52 +00:00
Adrian Chadd
53652fb94e [otus] enable 802.11n for 2GHz and 5GHz.
This flips on basic 11n for 2GHz/5GHz station operation.

* It flips on HT20 and MCS rates;
* It enables A-MPDU decap - the payload format is a bit different;
* It does do some basic checks for HT40 but I haven't yet flipped on
  HT40 support;
* It enables software A-MSDU transmit; I honestly don't want to make
  A-MPDU TX work and there are apparently issues with QoS and A-MPDU TX.
  So I totally am ignoring A-MPDU TX;
* MCS rate transmit is fine.

I haven't:

* A-MPDU TX, as I said above;
* made radiotap work fully;
* HT40;
* short-GI support;
* lots of other stuff that honestly no-one is likely to use.

But! Hey, this is another ye olde 11n USB NIC that now works pretty OK
in 11n rates. A-MPDU receive seems fine enough given it's a draft-n
device from before 2010.

Tested:

* Ye olde UB82 Test NIC (AR9170 + AR9104) - 2GHz/5GHz
2020-06-03 20:25:02 +00:00
John Baldwin
ae84ff9c47 Document SO_NO_OFFLOADS and SO_NO_DDP.
Reviewed by:	bcr, np
MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25043
2020-06-03 18:59:31 +00:00
Mitchell Horne
4a14dfcc11 Import edk2-stable202005
As with the previous import, only the MdePkg subdirectory has been
brought in. The line-endings were also converted using:

% find . -type f | xargs -n 1 sed -I.BAK -e `printf "s/\r//g"`
% find . -name \*.BAK | xargs rm
2020-06-03 18:44:51 +00:00
John Baldwin
093a8f8daf Revise r361712 to disable tcpmd5.ko for 'options TCP_SIGNATURE' 2020-06-03 18:42:28 +00:00
Kyle Evans
48260b4b53 lualoader: drop the filename and word "LUA" from errors
The filename is nearly always wrong since it's /boot/lua/loader.lua, which
is not useful for diagnostics. The actual errmsg will include a lua filename
if this is relevant.

Dropping "LUA" while we're here because that's almost universally
irrelevant to whatever error follows, unless the error states that it's
actually a lua problem.

Both of these are minor nits that just detract from identifying the
pertinent information.

MFC after:	3 days
2020-06-03 18:29:32 +00:00
Vincenzo Maffione
e8c07b1246 netmap: vtnet: clean up rxsync disabled logs
MFC after:	1 week
2020-06-03 17:47:32 +00:00
Vincenzo Maffione
1b6d5a80a6 netmap: vtnet: fix race condition in rxsync
This change prevents a race that happens when rxsync dequeues
N-1 rx packets (with N being the size of the netmap rx ring).
In this situation, the loop exits without re-enabling the
rx interrupts, thus causing the VQ to stall.

MFC after:	1 week
2020-06-03 17:46:21 +00:00
Vincenzo Maffione
2d769e25b1 netmap: vtnet: add vtnrx_nm_refill index to receive queues
The new index tracks the next netmap slot that is going
to be enqueued into the virtqueue. The index is necessary
to prevent the receive VQ and the netmap rx ring from going
out of sync, considering that we never enqueue N slots, but
at most N-1. This change fixes a bug that causes the VQ
and the netmap ring to go out of sync after N-1 packets
have been received.

MFC after:	1 week
2020-06-03 17:42:17 +00:00
Ryan Moeller
78a3645fd2 Fix typo in previous commit
Applied the wrong patch

Reported by:	Michael Butler <imb@protected-networks.net>
Approved by:	mav (mentor)
Sponsored by:	iXsystems.com
2020-06-03 17:26:00 +00:00
Ryan Moeller
f057d56c6c scope6: Check for NULL afdata before dereferencing
Narrows the race window with if_detach.

Approved by:	mav (mentor)
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25017
2020-06-03 16:57:30 +00:00
Mitchell Horne
cadd7992e2 gptboot.efi: align secbuf to 4K
The u-boot EFI implementation of the ReadBlocks and WriteBlocks methods
requires that the provided buffer meet the IO alignment requirements of
the underlying disk. Unlike loader.efi, gptboot.efi doesn't check this
requirement, and therefore fails to perform a successful read. Adjust
secbuf's alignment to 4K in hopes that we will always meet this
requirement.

Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D25111
2020-06-03 16:38:16 +00:00
Randall Stewart
2cf21ae559 We should never allow either the broadcast or IN_ADDR_ANY to be
connected to or sent to. This was fond when working with Michael
Tuexen and Skyzaller. Skyzaller seems to want to use either of
these two addresses to connect to at times. And it really is
an error to do so, so lets not allow that behavior.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D24852
2020-06-03 14:16:40 +00:00
Randall Stewart
f1ea4e4120 This fixes a couple of skyzaller crashes. Most
of them have to do with TFO. Even the default stack
had one of the issues:

1) We need to make sure for rack that we don't advance
   snd_nxt beyond iss when we are not doing fast open. We
   otherwise can get a bunch of SYN's sent out incorrectly
   with the seq number advancing.
2) When we complete the 3-way handshake we should not ever
   append to reassembly if the tlen is 0, if TFO is enabled
   prior to this fix we could still call the reasemmbly. Note
   this effects all three stacks.
3) Rack like its cousin BBR should track if a SYN is on a
   send map entry.
4) Both bbr and rack need to only consider len incremented on a SYN
   if the starting seq is iss, otherwise we don't increment len which
   may mean we return without adding a sendmap entry.

This work was done in collaberation with Michael Tuexen, thanks for
all the testing!
Sponsored by:	Netflix Inc
Differential Revision:	https://reviews.freebsd.org/D25000
2020-06-03 14:07:31 +00:00
Michael Tuexen
d442a65733 Restrict enabling TCP-FASTOPEN to end-points in CLOSED or LISTEN state
Enabling TCP-FASTOPEN on an end-point which is in a state other than
CLOSED or LISTEN, is a bug in the application. So it should not work.
Also the TCP code does not (and needs not to) handle this.
While there, also simplify the setting of the TF_FASTOPEN flag.

This issue was found by running syzkaller.

Reviewed by:		rrs
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D25115
2020-06-03 13:51:53 +00:00
Andrey V. Elsukov
dd4490fdab Add if_reassing method to all tunneling interfaces.
After r339550 tunneling interfaces have started handle appearing and
disappearing of ingress IP address on the host system.
When such interfaces are moving into VNET jail, they lose ability to
properly handle ifaddr_event_ext event. And this leads to need to
reconfigure tunnel to make it working again.

Since moving an interface into VNET jail leads to removing of all IP
addresses, it looks consistent, that tunnel configuration should also
be cleared. This is what will do if_reassing method.

Reported by:	John W. O'Brien <john saltant com>
MFC after:	1 week
2020-06-03 13:02:31 +00:00
Ryan Moeller
693d10a291 tmpfs: Preserve alignment of struct fid fields
On 64-bit platforms, the two short fields in `struct tmpfs_fid` are padded to
the 64-bit alignment of the long field.  This pushes the offsets of the
subsequent fields by 4 bytes and makes `struct tmpfs_fid` bigger than
`struct fid`.  `tmpfs_vptofh()` casts a `struct fid *` to `struct tmpfs_fid *`,
causing 4 bytes of adjacent memory to be overwritten when the struct fields are
set.  Through several layers of indirection and embedded structs, the adjacent
memory for one particular call to `tmpfs_vptofh()` happens to be the stack
canary for `nfsrvd_compound()`.  Half of the canary ends up being clobbered,
going unnoticed until eventually the stack check fails when `nfsrvd_compound()`
returns and a panic is triggered.

Instead of duplicating fields of `struct fid` in `struct tmpfs_fid`, narrow the
struct to cover only the unique fields for tmpfs and assert at compile time
that the struct fits in the allotted space.  This way we don't have to
replicate the offsets of `struct fid` fields, we just use them directly.

Reviewed by:	kib, mav, rmacklem
Approved by:	mav (mentor)
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25077
2020-06-03 09:38:51 +00:00
Vincenzo Maffione
06f6997eb5 netmap: vale: fix disabled logs
MFC after:	1 week
2020-06-03 05:49:19 +00:00
Vincenzo Maffione
81d2cade1c netmap: vtnet: remove leftover memory barriers
MFC after:	1 week
2020-06-03 05:48:42 +00:00
Vincenzo Maffione
f0d8d352c0 netmap: vtnet: call netmap_rx_irq() under VQ lock
The netmap_rx_irq() function normally wakes up user-space threads
waiting for more packets. In this case, it is not necessary to
call it under the driver queue lock. However, if the interface is
attached to a VALE switch, netmap_rx_irq() ends up calling rxsync
on the interface (see netmap_bwrap_intr_notify()). Although
concurrent rxsyncs are serialized through the kring lock
(see nm_kr_tryget()), the lock acquire operation is not blocking.
As a result, it may happen that netmap_rx_irq() is called on
an RX ring while another instance is running, causing the
second call to fail, and received packets stall in the receive VQ.
We fix this issue by calling netmap_irx_irq() under the VQ lock.

MFC after:	1 week
2020-06-03 05:27:29 +00:00
Vincenzo Maffione
1b89d00bd4 netmap: vtnet: honor NM_IRQ_RESCHED
The netmap_rx_irq() function may return NM_IRQ_RESCHED to inform the
driver that more work is pending, and that netmap expects netmap_rx_irq()
to be called again as soon as possible.
This change implements this behaviour in the vtnet driver.

MFC after:	1 week
2020-06-03 05:09:33 +00:00
Jason A. Harmening
1dccf71b4b Remove unnecessary WITNESS check in x86 bus_dma
When I did some bus_dma cleanup in r320528, I brought forward some sketchy
WITNESS checks from the prior x86 busdma wrappers, instead of recognizing
them as technical debt and just dropping them.  Two of these were removed in
r346351 and r346851, but one remains in bounce_bus_dmamem_alloc(). This check
could be constrained to only apply in the BUS_DMA_NOWAIT case, but it's cleaner
to simply remove it and rely on the checks already present in the sleepable
allocation paths used by this function.

While here, remove another unnecessary witness check in bus_dma_tag_create
(the tag is always allocated with M_NOWAIT), and fix a couple of typos.

Reported by:	cem
Reviewed by:	kib, cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D25107
2020-06-03 00:16:36 +00:00
Ed Maste
dfd4db9333 lld: Set DF_1_PIE for -pie
DF_1_PIE originated from Solaris[1].

GNU ld[2] sets the flag on non-Solaris platforms.

It can help distinguish PIE from ET_DYN.
eu-classify from elfutils uses this to recognize PIE[3].

glibc uses this flag to reject dlopen'ing a PIE[4]

[1] https://docs.oracle.com/cd/E36784_01/html/E36857/chapter6-42444.html
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5fe2850dd96483f176858fd75c098313d5b20bc2
[3] https://sourceware.org/git/?p=elfutils.git;a=commit;h=3f489b5c7c78df6d52f8982f79c36e9a220e8951
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=24323

Discussed with:	dim
Obtained from:	LLVM ee9a251caf1d
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:57:13 +00:00
Ed Maste
4e99f45480 llvm: Add DF_1_PIE
Discussed with:	dim
Obtained from:	LLVM d9943e7f0ce8
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-02 22:55:51 +00:00
Adrian Chadd
6bc40d8d83 [run] note that PHY_HT is for mixed mode.
Submitted by:	Ashish Gupta <ashishgu@andrew.cmu.edu>
Differential Revision:	https://reviews.freebsd.org/D25108
2020-06-02 22:37:53 +00:00
Adrian Chadd
bb7234be77 [run] Set the number of HT chains.
* Set the tx/rx chains based on the existing MIMO eeprom reads
* Add 3-chain rates

Tested:

* MAC/BBP RT5390 (rev 0x0502), RF RT5370 (MIMO 1T1R), 2g/5g STA
* MAC/BBP RT3593 (rev 0x0402), RF RT3053 (MIMO 3T3R), 2g/5g STA
2020-06-02 22:36:17 +00:00
Konstantin Belousov
daf5a897b9 Uppercase 'dso' to indicate that it is abbreviation.
Suggested by:	arichardson
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-06-02 17:33:10 +00:00
Doug Moore
9062e428f8 Remove from RB_REMOVE_COLOR some null checks where the pointer checked
is provably never null.  Restructure the surrounding code just enough
to make the non-nullness obvious.

Reviewed by:	markj
Tested by:	pho
Differential Revision:	https://reviews.freebsd.org/D25089
2020-06-02 17:18:16 +00:00
Adrian Chadd
8b05d37a76 [run] Add 11NA flags for 5G NICs that support HT.
Now that I'm a proud owner of an ASUS USB-N66, I can test 2G/5G and
3-stream configurations.

For now, just flip on 5G HT rates.  I've tested this in both
5G HT20 and 5G 11a modes.  It's still one stream for now until
we verify that the number of streams reported (ie the MIMO below)
is actually the number of 11n streams, NOT the number of antennas.
(They don't have to match! You can have more antennas than MIMO
streams!)

Tested:

* run0: MAC/BBP RT3593 (rev 0x0402), RF RT3053 (MIMO 3T3R)
2020-06-02 16:40:58 +00:00
Konstantin Belousov
c1a813209c Do not allow to load ET_DYN object with DF_1_PIE flag set.
Linkers are supposed to mark PIE binaries with DF_1_PIE, such binary
cannot be correctly and usefully loaded neither by dlopen(3) nor as a
dependency of other object.  For instance, we cannot do anything
useful with COPY relocations, among other things.

Glibc already added similar restriction.

Requested and reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25086
2020-06-02 16:20:58 +00:00
Hans Petter Selasky
d053391cd7 Implement __is_constexpr() function macro in the LinuxKPI.
Bump the FreeBSD version.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-06-02 12:23:04 +00:00
Hans Petter Selasky
ef5f8c18b5 Implement struct_size() function macro in the LinuxKPI.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-06-02 10:19:45 +00:00
Hans Petter Selasky
c185f13b92 Implement BUILD_BUG_ON_ZERO() in the LinuxKPI.
Tested using gcc and clang.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-06-02 09:45:43 +00:00
Cy Schubert
9543f281e8 Per-rule hit counts (-h) can be used with either -i (input) or -o (output)
filter rule lists.

MFC after:	3 days
2020-06-02 03:44:22 +00:00
Kyle Evans
cb99e93575 pkgbase: resolve mailer.conf conflict WITHOUT_SENDMAIL
When WITHOUT_SENDMAIL is set, we end up with two different mailer.conf that
conflict, and hilarity ensues. There's currently three different places that
we might install mailer.conf:

- ^/etc/Makefile (package=runtime, contingent on MK_MAIL != no)
- ^/libexec/dma/dmagent/Makefile (package=dma, contingent on MK_SENDMAIL !=
no)
- ^/usr.sbin/mailwrapper/Makefile (package=utilities, contingent on
not-installed)

The mailwrapper installation will effectively never happen because the ^/etc
one will first.

This patch simplifies the whole situation; remove the ^/etc/Makefile version
and install it primarily in mailwrapper if MK_MAILWRAPPER != "no". The
scenarios covered in mailwrapper are:

- sendmail(8) is installed, dma(8) may or may not be installed
- neither sendmail(8) nor dma(8) is installed

In the first scenario, sendmail(8) is dominant so we can go ahead and
install the version in ^/etc/mail. In the unlisted scenario, sendmail(8) is
not installed but dma(8) is, we'll let ^/libexec/dma/dmagent do the
installation. In the second listed scenario, we still want to install an
example mailer.conf so just install the base sendmail(8) version.

Reviewed by:	bapt
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D24924
2020-06-02 02:38:54 +00:00
Jason A. Harmening
ef1eabca5d vt(4): reset scrollback and cursor position after clearing history buffer
r361601 implemented basic support for cleaing the console history buffer.
But after clearing the history buffer, it's not especially useful to be
able to scroll back through that buffer, or for the cursor position to
remain at (very likely) the bottom of the screen.

PR:		224436
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D25079
2020-06-02 01:21:48 +00:00
Vladimir Kondratyev
ec45be6c36 [psm] Workaround active PS/2 multiplexor hang
which happens on some laptops after returning to legacy multiplexing mode
at initialization stage.

PR:		242542
Reported by:	Felix Palmen <felix@palmen-it.de>
MFC after:	1 week
2020-06-02 01:04:49 +00:00
Vladimir Kondratyev
8137fb2e38 [psm] Do not disable trackpoint when hw.psm.elantech.touchpad_off is enabled
PR:		246117
Reported by:	Alexander Sieg <ports@xanderio.de>
MFC after:	1 week
2020-06-02 00:53:39 +00:00
Ed Maste
8e1e3e1c5d bsd.prog.mk: split MK_PIE test for clarity
And a comment explaining why PIE flags are disabled for static binaries.
2020-06-02 00:46:15 +00:00