Use this in GELI to print out a different message when accelerated
software such as AESNI is used vs plain software crypto.
While here, simplify the logic in GELI a bit for determing which type
of crypto driver was chosen the first time by examining the
capabilities of the matched driver after a single call to
crypto_newsession rather than making separate calls with different
flags.
Reviewed by: delphij
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25126
Properly handle reference counts in the 64-bit pmap page directories.
Otherwise all page table pages would leak due to over-referencing. This
would cause a quick enter to swap on a desktop system (AmigaOne X5000) when
quitting and rerunning applications, or just building world.
Add an INVARIANTS check to validate no leakage at pmap release time.
Introducing flags to track the initial Wmax dragging and exit
from slow-start in TCP Cubic. This prevents sudden jumps in the
caluclated cwnd by cubic, especially when the flow is application
limited during slow start (cwnd can not grow as fast as expected).
The downside is that cubic may remain slightly longer in the
concave region before starting the convex region beyond Wmax again.
Reviewed by: chengc_netapp.com, tuexen (mentor)
Approved by: tuexen (mentor), rgrimes (mentor, blanket)
MFC after: 3 weeks
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D23655
In the recent dts sync the name of the aips-bus@ changed to bus@. Reflect
this change and add an additional OF_finddevice in fix_fdt_interrupt_data()
and in fix_fdt_iomuxc_data() with bus@ only. Iow, keep the old naming for
compatibility.
Discussed with: ian@
significant bit in the pointer to the node from its parent to indicate
that the node is red. Have the tree rotation macros leave the
old-parent/new-child node red and the new-parent/old-child node black.
This change makes RB_LEFT and RB_RIGHT no longer assignable, and
RB_COLOR no longer defined. Any code that modifies the tree or
examines a node color would have to be modified after this change.
Reviewed by: markj
Tested by: pho
Differential Revision: https://reviews.freebsd.org/D25105
In the receive interrupt routine, always call netmap_rx_irq().
The latter function will return != NM_IRQ_PASS if netmap is not
active on that specific receive queue, so that the driver can go
on with iflib_rxeof(). Note that netmap supports partial opening,
where only a subset of the RX or TX rings can be open in netmap mode.
Checking the IFCAP_NETMAP flag is not enough to make sure that the
queue is indeed in netmap mode.
Moreover, in case netmap_rx_irq() returns NM_IRQ_RESCHED, it means
that netmap expects the driver to call netmap_rx_irq() again as soon
as possible. Currently, this may happen when the device is attached
to a VALE switch.
Reviewed by: gallatin
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D25167
Specifically, add LIBUSB_CLASS_PHYSICAL and the libusb_has_capability API.
Descriptions and functionality for these derived from the
documentation at [0]. The current set of capabilities are all supported by
libusb.
These were detected as missing after updating net/freerdp to 2.1.1, which
attempted to use both.
[0] http://libusb.sourceforge.net/api-1.0/group__libusb__misc.html
Reviewed by: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25194
Add a freebsd32_ptrace() and move as many freebsd32 shims as possible
to freebsd32_ptrace(). Aside from register sets, freebsd32 passes
pointers to native structures to kern_ptrace() and converts to/from
native/32-bit structure formats in freebsd32_ptrace() outside of
kern_ptrace().
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D25195
The lock-protected iteration is trivially avoidable.
This removes a serialisation point from Linux binaries (which end up calling
here from the sysinfo syscall).
DEBUG is a kernel configuration flag and if used cpufreq_dt.c will fail the
build of kernel.
PR: 246867
Submitted by: Oskar Holmund (oskar.holmlund@ohdata.se)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25080
Upstream commit message:
[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Obtained from: https://w1.fi/security/2020-1/\
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
Upstream commit message:
[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
Upstream commit message:
[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after: 3 days
Security: VU#339275 and CVE-2020-12695
r361780 fixed the code so that it would only remove the duplicate when
it actually existed. However, that might have resulted in XU_NGROUPS + 1
groups being copied, running off the end of the array. This patch fixes
the problem.
Spotted during code inspection for other mountd changes.
MFC after: 2 weeks
The previous code was computing an incorrect value in a very expensive
manner. "sharedram" is supposed to be the amount of memory used by
named swap objects, which on FreeBSD basically corresponds to memory
usage by shared memory objects (including, for example, GEM objects) and
tmpfs. We currently have no cheap way to count such pages. The
previous code tried to determine the number of copy-on-write pages
shared between processes.
Just replace the computed value with 0. illumos reportedly does the
same thing. Linux itself did not populate this field until a 2014
commit, "mm: export NR_SHMEM via sysinfo(2) / si_meminfo() interfaces".
Reported by: mjg
MFC after: 1 week
The non-legacy interface always defines num_buffers in the header,
regardless of whether VIRTIO_NET_F_MRG_RXBUF, just leaving it unused. We
also need to ensure our virtqueue doesn't filter out VIRTIO_F_VERSION_1
during negotiation, as it supports non-legacy transports just fine. This
fixes network packet transmission on TinyEMU.
Reviewed by: br, brooks (mentor), jhb (mentor)
Approved by: br, brooks (mentor), jhb (mentor)
Differential Revision: https://reviews.freebsd.org/D25132
The feature bits are exposed as a 32-bit register with 2 banks, so we
should negotiate both halves. Notably, VIRTIO_F_VERSION_1 is in the
upper half, and will be used in an upcoming commit.
The PCI bus driver also has this bug, but the legacy BAR layout did not
include selector registers and is rather different from the modern
layout, so it remains solely as legacy.
Reviewed by: br, brooks (mentor), jhb (mentor)
Approved by: br, brooks (mentor), jhb (mentor)
Differential Revision: https://reviews.freebsd.org/D25131
Add ICL_NOCOPY flag to icl_pdu_append_data(), specifying that the method
can just reference the data buffer instead of immediately copying it.
Extend the offload KPI with optional PDU queue method, allowing to specify
completion callback, called when all the data referenced by above has been
transferred and won't be accessed any more (the buffers can be freed).
Implement the above functionality in software iSCSI driver using mbufs
with external storage and reference counter. Note that some NICs (ixl(4))
may keep the mbuf in TX queue for a long time, so CTL has to be ready.
Add optional method to struct ctl_scsiio for buffer reference counting.
Implement it for CTL block backend, allowing to delay free of the struct
ctl_be_block_io and memory it references as needed. In first reincarnation
of the patch I tried to delay whole I/O as it is done for FibreChannel,
that was cleaner, but due to the above callback delays I had to rewrite
it this way to not leave LUN referenced potentially for hours or more.
All together on sequential read from ZFS ARC this saves about 30% of CPU
time and memory bandwidth by avoiding one of 3 memory copies (the other
two are from ZFS ARC to DMU cache and then from DMU cache to CTL buffers).
On tests with 2x Xeon Silver 4114 this allows to reach full line rate of
100GigE NIC. Tests with Gold CPUs and two 100GigE NICs are stil TBD,
but expectations to saturate them are pretty high. ;)
Discussed with: Chelsio
Sponsored by: iXsystems, Inc.
[PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
properly
While it is appropriate to try to retransmit the event to another
callback URL on a failure to initiate the HTTP client connection, there
is no point in trying the exact same operation multiple times in a row.
Replve the event_retry() calls with event_addr_failure() for these cases
to avoid busy loops trying to repeat the same failing operation.
These potential busy loops would go through eloop callbacks, so the
process is not completely stuck on handling them, but unnecessary CPU
would be used to process the continues retries that will keep failing
for the same reason.
Obtained from: https://w1.fi/security/2020-1/\
0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
Security: VU#339275 and CVE-2020-12695
[PATCH 2/3] WPS UPnP: Fix event message generation using a long URL path
More than about 700 character URL ended up overflowing the wpabuf used
for building the event notification and this resulted in the wpabuf
buffer overflow checks terminating the hostapd process. Fix this by
allocating the buffer to be large enough to contain the full URL path.
However, since that around 700 character limit has been the practical
limit for more than ten years, start explicitly enforcing that as the
limit or the callback URLs since any longer ones had not worked before
and there is no need to enable them now either.
Obtained from: https://w1.fi/security/2020-1/\
0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
Security: VU#339275 and CVE-2020-12695
[PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
other networks
The UPnP Device Architecture 2.0 specification errata ("UDA errata
16-04-2020.docx") addresses a problem with notifications being allowed
to go out to other domains by disallowing such cases. Do such filtering
for the notification callback URLs to avoid undesired connections to
external networks based on subscriptions that any device in the local
network could request when WPS support for external registrars is
enabled (the upnp_iface parameter in hostapd configuration).
Obtained from: https://w1.fi/security/2020-1/\
0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
MFC after: 1 week
Security: VU#339275 and CVE-2020-12695
VHDX is the successor of Microsoft's VHD file format. It increases
maximum capacity of the virtual drive to 64TB and introduces features
to better handle power/system failures.
VHDX is the required format for 2nd generation Hyper-V VMs.
Reviewed by: marcel
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D25184
Rework to simplify and impose sane url syntax.
That is we allow for file://[devname[:fstype]]/package
Reviewed by: stevek
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org//D25134
Currently we only call sbi_shutdown in cpu_reset, which means we reach
"Please press any key to reboot." even when RB_POWEROFF is set, and only
once the user presses a key do we then shutdown. Instead, register a
shutdown_final event handler and make an SBI shutdown call if
RB_POWEROFF is set.
Reviewed by: br, jhb (mentor), kp
Approved by: br, jhb (mentor), kp
Differential Revision: https://reviews.freebsd.org/D25183
As of r359457 we removed the GDB_LIBEXEC option, always installing in-tree
gdb into /usr/libexec/. Thus, there is now no need for crashinfo to include
/usr/bin/gdb in the list of pathnames to check when looking for gdb.
is to know the time to first byte in and time to first byte out. Currently we
have no way to know these all we have is t_starttime. That (t_starttime) tells us
what time the 3 way handshake completed. We don't know when the first
request came in or how quickly we responded. Nor from a client perspective
do we know how long from when we sent out the first byte before the
server responded.
This small change adds the ability to track the TTFB's. This will show up in
BB logging which then can be pulled for later analysis. Note that currently
the tracking is via the ticks variable of all three variables. This provides
a very rough estimate (hz=1000 its 1ms). A follow-on set of work will be
to change all three of these values into something with a much finer resolution
(either microseconds or nanoseconds), though we may want to make the resolution
configurable so that on lower powered machines we could still use the much
cheaper ticks variable.
Sponsored by: Netflix Inc.
Differential Revision: https://reviews.freebsd.org/D24902
This can happen with very large kernels (e.g. ones embedding a root
filesystem). The DTB written by OpenSBI/BBL is quite small so this is
unlikely to hit important data, but if it does this can result in very
confusing and hard-to-debug crashes. Add a KASSERT() and a verbose print
to catch this problem with debug kernels.
While this will not print any output by default if it fails (that would
depend on EARLY_PRINTF), at least the kernel now halts reliably instead
of randomly crashing.
Reviewed By: mhorne
Differential Revision: https://reviews.freebsd.org/D25153
By default OpenSBI and BBL will pass the DTB at a 2MB-aligned address.
However, by default there are no 2MB aligned regions between the SBI and
the kernel, so we have to choose a 2MB aligned region after the kernel.
OpenSBI defaults to placing the DTB 32MB after the start of the kernel but
this is not sufficient for a kernel with a large MFS embedded.
We could increase this offset to a larger number (e.g. 64/128/256) but that
imposes restrictions on the minimum RAM size.
Another solution would be to place the DTB between OpenSBI and the kernel
at 1MB alignment, but current locore.S code assumes 2MB alignment.
With this change I can now boot on QEMU with an OpenSBI configured to
store the DTB at an offset of 1MB.
See also https://github.com/riscv/opensbi/issues/169
Reviewed By: mhorne
Differential Revision: https://reviews.freebsd.org/D25151
If the POWER firmware detects a bad CPU core, it will "GUARD" it out,
marking it disabled. Any attempt to spin up a bad CPU will trigger a panic
later on when waiting for threads on said core to wake up. Support limping
along on fewer cores instead.
x86 boot uses loader(8) and the boot2-direct-to-kernel process is not
supported. Remove the documentation, which doesn't document a working
process and leads to confusion.
PR: 247074
Reported by: Alex K.
This was intended to test the locking used in the MacOS X kernel on a
FreeBSD system, to make use of WITNESS and other debugging infrastructure.
This hasn't been used for ages, to take it out to reduce the #ifdef
complexity.
MFC after: 1 week