This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.
Note that TLS 1.3 only supports TX offload.
A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support. It defaults to enabled on amd64 and disabled on all
other architectures.
Reviewed by: jkim (earlier version)
Approved by: secteam
Obtained from: OpenSSL (patches from master)
MFC after: 1 week
Relnotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D28273
The file already includes sys/param.h and should use that definition.
I found this while testing D28332.
Reviewed By: bapt
Differential Revision: https://reviews.freebsd.org/D28331
This changes the behaviour to a 30s total timeout (needed when running
on slow emulated uniprocessor systems) and timing out after 10s without
any input. This also uses timespecsub() instead of ignoring the
nanoseconds field.
After this change the tests runs more reliably on QEMU and time out less
frequently.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28391
SVN r343917 fixed this for in-tree clang, but when building with a newer
out-of-tree clang the test was still marked as XFAIL.
Reviewed By: dim
Differential Revision: https://reviews.freebsd.org/D28390
auditd creates a pidfile so we should use it for status checks.
This also seems to speed up the frequent onestatus checks used in
tests/sys/audit.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28389
tree that fix the ratelimit code. There were several bugs
in tcp_ratelimit itself and we needed further work to support
the multiple tag format coming for the joint TLS and Ratelimit dances.
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D28357
This code implements a version of the devres framework found
working for various iwlwifi use cases and also providing functions
for ttm_page_alloc_dma.c from DRM.
Part of the framework replicates the consumed KPI, while others
are internal helper functions.
In addition the simple devm_k*malloc() consumers were implemented
and kvasprintf() was enhanced to also work for the devm_kasprintf()
case.
Addmittingly lkpi_devm_kmalloc_release() could be avoided but for
the overall understanding of the code and possible memory tracing
it may still be helpful.
Further devsres consumer are implemented for iwlwifi but will follow
later as the main reason for this change is to sort out overlap with
DRM.
Sponsored-by: The FreeBSD Foundation
Obtained-from: bz_iwlwifi
MFC After: 3 days
Reviewed-by: hselasky, manu
Differential Revision: https://reviews.freebsd.org/D28189
In pci_domain_nr() directly return the domain which got set in
lkpifill_pci_dev() in all cases. This was missed between D27550
and 105a37cac76b971f7a94409fbdc4f508a7e97fa0 .
In order to implement pci_dev_put() harmonize further code
(which was started in the aforementioned commit) and add kobj
related bits (through the now common lkpifill_pci_dev() code)
to the DRM specific calls without adding the DRM allocated
pci devices to the pci_devices list.
Add a release for the lkpinew_pci_dev() (DRM) case so freeing
will work.
This allows the DRM created devices to use the normal kobj/refcount
logic and work with, e.g., pci_dev_put().
(For a slightly more detailed code walk see the review).
Sponsored-by: The FreeBSD Foundation
Obtained-from: bz_iwlwifi (partially)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28188
The upcoming in-kernel implementations for LinuxKPI based on work on
iwlwifi (and other wireless drivers) conflicts in a few places with
the drm-kmod graphics work outside the base system.
In order to transition smoothly extract the conflicting bits.
This included "unaligned" accessor functions, sg_pcopy_from_buffer(),
IS_*() macros (to be further restricted in the future), power management
bits (possibly no longer conflicting with DRM), and other minor changes.
Obtained-from: bz_iwlwifi
Sponsored-by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: kib, hselasky, manu, bdragon (looked at earlier versions)
Differential Revision: https://reviews.freebsd.org/D26598
Implement linux firmware KPI compat code.
This includes: request_firmware() request_firmware_nowait(),
request_firmware_direct(), firmware_request_nowarn(),
and release_firmware().
Given we will try to map requested names from natively ported
or full-linuxkpi-using drivers to a firmware(9) auto-loading
name format (.ko file name and image name matching),
we quieten firmware(9) and print success or failure (unless
the _nowarn() version was called) in the linuxkpi implementation.
At the moment we try up-to 4 different naming combinations,
with path stripped, original name, and requested name with '/'
or '.' replaced.
We do not currently defer loading in the "nowait" case.
Sponsored-by: The FreeBSD Foundation
Sponsored-by: Rubicon Communications, LLC ("Netgate")
(firmware(9) nowarn update from D27413)
MFC after: 3 days
Reviewed by: kib, manu (looked at older versions)
Differential Revision: https://reviews.freebsd.org/D27414
This is a regression issue after the new UAR API was introduced
by f8f5b459d21e .
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
This is all code only run on ARMv4 and ARMv5. Support for these have
been dropped from FreeBSD.
Differential Revision: https://reviews.freebsd.org/D28314
This was only used when building for ARMv4 or some ARMv5 or when
_STANDALONE is defined. As ARMv4 and ARMv5 support has been removed,
and we only define _STANDALONE in the bootloader where we don't use
this version of memcpy we can remove it.
Differential Revision: https://reviews.freebsd.org/D28313
While loading kernel, we check if vt/vbe backend support is included in
kernel and set the tg_kernel_supported flag in gfx_state. unload
command needs to reset this flag to allow next load to perform
this check with new kernel.
Reported by: jhb
Make the installer more useful, by allowing it to create a bootable
installation. Also, enable the menu option for ZFS-on-root.
Like arm64, RISC-V boots by UEFI only, so arm64's partedit
implementation is renamed and shared among the two platforms.
Reviewed by: gjb
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D28180
If the installer is creating a new ESP, then this directory will not
exist and the subsequent cp will fail silently. This is usually of no
consequence if /efi/freebsd/loader.efi is set up correctly.
Reviewed by: imp
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D28176
The System Reset extension provides functions to shutdown or reboot the
system via SBI firmware. This newly defined extension supersedes the
functionality of the legacy shutdown extension.
Update the SBI code to use the new System Reset extension when
available, and fall back to the legacy one.
Reviewed By: kp, jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28226
On i386, after 6c7a932d0b8baaaee16eca0ba061bfa6e0e57bfd, the vbefb vt
driver was no longer detected by the loader, if any kernel module was
loaded after the kernel itself.
This was caused by the parse_vt_drv_set() function being called multiple
times, resetting the detection flag. (It was called multiple times,
becuase i386 .ko files are shared objects like the kernel proper, while
this is not the case on amd64.)
Fix this by skipping the set_vt_drv_set lookup if vbefb was already
detected.
Reviewed by: tsoome
- Document a constraint on the AAD size for AES-GCM.
- Note that the list of supported platforms and add-on devices is not
complete and indicate that QAT devices will show up in pciconf
output. [1]
PR: 252984 [1]
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Chained policing should be able to reuse the classification of
traffic. A new mbuf_tag type is defined to handle gereral QoS
marking. A new subtype is defined to track the color marking.
Reviewed by: manpages (bcr), melifaro, kp
Approved by: kp (mentor)
Sponsored by: IKS Service GmbH
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D22110
The OID is saved when we encounter CTLFLAG_SKIP so that descendants can
be skipped as well. We then must not update the skip OID until we are
out of the node. This was achieved by resetting the skip OID once the
prefix no longer matches, but the case where the OID we reset on has
CTLFLAG_SKIP was not accounted for.
Reported by: mav
Reviewed by: mav
MFC after: 2 days
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D28364
When building natively on RISC-V, linking the bootstrap clang-tblgen
fails with:
ld: error: undefined symbol: llvm::EnableABIBreakingChecks
>>> referenced by PrettyStackTrace.cpp
>>> PrettyStackTrace.o:(.sdata+0x0) in archive
/usr/obj/usr/src/freebsd-src/riscv.riscv64/tmp/obj-tools/lib/clang/libllvmminimal/libllvmminimal.a
>>> referenced by Signals.cpp
>>> Signals.o:(.sdata+0x8) in archive
/usr/obj/usr/src/freebsd-src/riscv.riscv64/tmp/obj-tools/lib/clang/libllvmminimal/libllvmminimal.a
>>> referenced by Timer.cpp
>>> Timer.o:(.sdata+0x28) in archive
/usr/obj/usr/src/freebsd-src/riscv.riscv64/tmp/obj-tools/lib/clang/libllvmminimal/libllvmminimal.a
This is likely due to Error.h's inclusion of abi-breaking.h. It's
unclear why this only affects RISC-V, but perhaps relates to its more
eager use of .sdata due to the ABI's support for linker relaxations.
Regardless, this is theoretically an issue for all architectures.
Reported by: Dennis Clarke <dclarke@blastwave.org>
Reviewed by: dim
Tested by: mhorne
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28367
A struct recource already contains the bus_space_tag_t and
bus_space_handle_t. There is no neec to read them and store them again
in the drivers softc. Remove them and use the struct resource directly
with bus_read_* and bus_write_*.
Reviewed by: mmel
Differential Revision: https://reviews.freebsd.org/D28339
efi, like the various ${MACHINE} directories, should have a dependency on
the enabled interpreters.
The general rule here is that any top-level directory that has a program at
any depth within that includes loader.mk should add ${INTERP_DEPENDS} added
to its dependencies so that the appropriate ficl/lua bits are ready before
they begin.
Note that the only directories in-tree that require it but will not get it
in a more appropriate manner are i386 (on amd64), efi, and userboot. i386
and userboot are handled explicitly in Makefile.amd64 where they are added
to S.yes.
Reported-by: bcran
MFC-after: 3 days
we need to make sure that the m_nextpkt field is NULL
else the lower layers may do unwanted things.
Reviewed By: gallatin, melifaro
Differential Revision: https://reviews.freebsd.org/D28377
Building the kerberos5 subdirectory currently produces lots of warnings.
Since there are many instances of these warnings and it's contrib code,
this change silences the warnings instead of fixing them.
Reviewed By: jhb, cy, bjk
Differential Revision: https://reviews.freebsd.org/D28025
With the upcoming usage from LinuxKPI but also from drivers
ported natively we are seeing more probing of various
firmware (names).
Add the ability to firmware(9) to silence the
"firmware image loading/registering errors" by adding a new
firmware_get_flags() functions extending firmware_get() and
taking a flags argument as firmware_put() already does.
Requested-by: zeising (for future LinuxKPI/DRM)
Sponsored-by: The FreeBSD Foundation
Sponsored-by: Rubicon Communications, LLC ("Netgate")
MFC after: 3 days
Reviewed-by: markj
Differential Revision: https://reviews.freebsd.org/D27413