1. 15 Oct, 2021 9 commits
    • Rick Macklem's avatar
      nfscl: Add an argument to nfscl_tryclose() · 77c595ce
      Rick Macklem authored
      This patch adds a new argument to nfscl_tryclose() to indicate
      whether or not it should loop when a NFSERR_DELAY reply is received
      from the NFSv4 server.  Since this new argument is always passed in
      as "true" at this time, no semantics change should occur.
      This is being done to prepare the code for a future patch that fixes
      the case where an NFSv4.1/4.2 server replies NFSERR_DELAY to a Close
      MFC after:	2 week
    • Ed Maste's avatar
      Add libcbor to the build · 2e85df65
      Ed Maste authored
      From https://github.com/PJK/libcbor:
          libcbor is a C library for parsing and generating CBOR, the general-
          purpose schema-less binary data format.
      libcbor will be used by ssh to support FIDO/U2F keys.  It is currently
      intended only for use by ssh, and so is installed as a PRIVATELIB and is
      placed in the ssh pkgbase package.
      cbor_export.h and configuration.h were generated by the upstream CMake
      build.  We could create them with bmake rules instead (as NetBSD has
      done) but this is a fine start.
      This is currently disabled for the 32-bit library build as libfido2 is
      not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
      no need for libcbor without libfido2.
      Reviewed by:	kevans
      MFC after:	2 weeks
      Sponsored by:	The FreeBSD Foundation
      Differential Revision:	https://reviews.freebsd.org/D32347
    • Hans Petter Selasky's avatar
      mixer(8): Print usage to standard error. · 67829b63
      Hans Petter Selasky authored
      Differential Revision:	https://reviews.freebsd.org/D32507
      Submitted by:	christos@
      Sponsored by:	NVIDIA Networking
    • Hans Petter Selasky's avatar
      mixer(8): Fix mixer status line for /dev/dspX.vpY mixer devices. · 63dcf7fd
      Hans Petter Selasky authored
      In some cases when passing /dev/dspX.vpY as mixer devices, m->ci.longname and
      m->ci.hw_info will be empty. Don't print any brackets and parentheses
      in this case.
      Differential Revision:	https://reviews.freebsd.org/D32500
      Submitted by:	christos@
      Sponsored by:	NVIDIA Networking
    • Dawid Gorecki's avatar
      libthr: Use kern.stacktop for thread stack calculation. · 78df56cc
      Dawid Gorecki authored
      Use the new kern.stacktop sysctl to retrieve the address of stack top
      instead of kern.usrstack. kern.usrstack does not have any knowledge
      of the stack gap, so this can cause problems with thread stacks.
      Using kern.stacktop sysctl should fix most of those problems.
      kern.usrstack is used as a fallback when kern.stacktop cannot be read.
      Rename usrstack variables to stacktop to reflect this change.
      Fixes problems with firefox and thunderbird not starting with
      stack gap enabled.
      PR: 239873
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31898
    • Dawid Gorecki's avatar
      kern_exec: Add kern.stacktop sysctl. · a97d6971
      Dawid Gorecki authored
      With stack gap enabled top of the stack is moved down by a random
      amount of bytes. Because of that some multithreaded applications
      which use kern.usrstack sysctl to calculate address of stacks for
      their threads can fail. Add kern.stacktop sysctl, which can be used
      to retrieve address of the stack after stack gap is applied to it.
      Returns value identical to kern.usrstack for processes which have
      no stack gap.
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31897
    • Dawid Gorecki's avatar
      setrlimit: Take stack gap into account. · 889b56c8
      Dawid Gorecki authored
      Calling setrlimit with stack gap enabled and with low values of stack
      resource limit often caused the program to abort immediately after
      exiting the syscall. This happened due to the fact that the resource
      limit was calculated assuming that the stack started at sv_usrstack,
      while with stack gap enabled the stack is moved by a random number
      of bytes.
      Save information about stack size in struct vmspace and adjust the
      rlim_cur value. If the rlim_cur and stack gap is bigger than rlim_max,
      then the value is truncated to rlim_max.
      PR: 253208
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31516
    • Corvin Köhne's avatar
      bhyve: ignore low bits of CFGADR · 1b0e2f0b
      Corvin Köhne authored
      Bhyve could emulate wrong PCI registers.
      In the best case, the guest reads wrong registers and the device driver would
      report some errors.
      In the worst case, the guest writes to wrong PCI registers and could brick
      hardware when using PCI passthrough.
      According to Intels specification, low bits of CFGADR should be
      ignored. Some OS like linux may rely on it. Otherwise, bhyve could
      emulate a wrong PCI register.
      If linux would like to read 2 bytes from offset 0x02, following would
      	outl 0x80000002 at CFGADR
      	inw  at CFGDAT + 2
      	cfgoff = 0x80000002 & 0xFF = 0x02
      	coff   = cfgoff + (port - CFGDAT) = 0x02 + 0x02 = 0x04
      Bhyve would emulate the register at offset 0x04 not 0x02.
      Reviewed By: #bhyve, grehan
      Differential Revision: https://reviews.freebsd.org/D31819
      Sponsored by:	       Beckhoff Automation GmbH & Co. KG
    • Rick Macklem's avatar
      nfscl: Restructure nfscl_freeopen() slightly · 6495766a
      Rick Macklem authored
      This patch factors the unlinking of the nfsclopen structure out of
      nfscl_freeopen() into a separate function called nfscl_unlinkopen().
      It also adds a new argument to nfscl_freeopen() to conditionally do
      the unlink.  Since this new argument is always passed in as "true"
      at this time, no semantics change should occur.
      This is being done to prepare the code for a future patch that fixes
      the case where an NFSv4.1/4.2 server replies NFSERR_DELAY to a Close
      MFC after:	2 week
  2. 14 Oct, 2021 12 commits
    • John Baldwin's avatar
      ktls: Defer creation of threads and zones until first use. · a72ee355
      John Baldwin authored
      Run ktls_init() when the first KTLS session is created rather than
      unconditionally during boot.  This avoids creating unused threads and
      allocating unused resources on systems which do not use KTLS.
      Reviewed by:	gallatin, markj
      Sponsored by:	Chelsio Communications
      Differential Revision:	https://reviews.freebsd.org/D32487
    • Konstantin Belousov's avatar
      Fix typo in comment · 86929782
      Konstantin Belousov authored
      Sponsored by:	The FreeBSD Foundation
      MFC after:	3 days
    • Konstantin Belousov's avatar
      Style · 1adebca1
      Konstantin Belousov authored
      Sponsored by:	The FreeBSD Foundation
      MFC after:	3 days
    • John Baldwin's avatar
      cxgbe: Only run ktls_tick when NIC TLS is enabled. · ef3f98ae
      John Baldwin authored
      Previously the body of ktls_tick was a nop when NIC TLS was disabled,
      but the callout was still scheduled consuming power on otherwise-idle
      systems with Chelsio T6 adapters.  Now the callout only runs while NIC
      TLS is enabled on at least one interface of an adapter.
      Reported by:	mav
      Reviewed by:	np, mav
      Sponsored by:	Chelsio Communications
      Differential Revision:	https://reviews.freebsd.org/D32491
    • Alex Richardson's avatar
      Fix a syntax error in 1b85b68d · 367ec753
      Alex Richardson authored
      Reported by:	Michael Butler, jenkins
    • Cameron Katri's avatar
      llvm-readobj: Attach to buildsystem · 1b85b68d
      Cameron Katri authored
      Also install it as readelf when MK_LLVM_BINUTILS is set.
      Reviewed By:	dim, arichardson
      Differential Revision: https://reviews.freebsd.org/D32058
    • Leandro Lupori's avatar
      powerpc64: make radix with superpages default · 8ecf9a8b
      Leandro Lupori authored
      As Radix MMU with superpages enabled is now stable, make it the
      default choice on supported hardware (POWER9 and above), since its
      performance is greater than that of HPT MMU.
      Reviewed by:		alfredo, jhibbits
      Sponsored by:		Instituto de Pesquisas Eldorado (eldorado.org.br)
      Differential Revision:	https://reviews.freebsd.org/D30797
    • Li-Wen Hsu's avatar
      Fix RISC-V build · 168b579a
      Li-Wen Hsu authored
      Fixes:	d5fd5cdc
    • Warner Losh's avatar
      nvme: Reduce traffic to the doorbell register · 2ec165e3
      Warner Losh authored
      Reduce traffic to doorbell register when processing multiple completion
      events at once. Only write it at the end of the loop after we've
      processed everything (assuming we found at least one completion,
      even if that completion wasn't valid).
      Sponsored by:		Netflix
      Reviewed by:		mav
      Differential Revision:	https://reviews.freebsd.org/D32470
    • Leandro Lupori's avatar
      powerpc64: fix OFWFB with Radix MMU · 76384bd1
      Leandro Lupori authored
      Current implementation of Radix MMU doesn't support mapping
      arbitrary virtual addresses, such as the ones generated by
      "direct mapping" I/O addresses. This caused the system to hang, when
      early I/O addresses, such as those used by OpenFirmware Frame Buffer,
      were remapped after the MMU was up.
      To avoid having to modify mmu_radix_kenter_attr just to support this
      use case, this change makes early I/O map use virtual addresses from
      KVA area instead (similar to what mmu_radix_mapdev_attr does), as
      these can be safely remapped later.
      Reviewed by:		alfredo (earlier version), jhibbits (in irc)
      MFC after:		2 weeks
      Sponsored by:		Instituto de Pesquisas Eldorado (eldorado.org.br)
      Differential Revision:	https://reviews.freebsd.org/D31232
    • Gordon Bergling's avatar
      ng_ppp(4): Fix a typo in a comment · 0a8159d8
      Gordon Bergling authored
      - s/delcared/declared/
      MFC after:	3 days
    • Jason A. Harmening's avatar
      unionfs: Ensure SAVENAME is set for unionfs vnode operations · 152c35ee
      Jason A. Harmening authored
      "rm-style" system calls such as kern_frmdirat() and kern_funlinkat()
      don't supply SAVENAME to preserve the pathname buffer for subsequent
      vnode ops.  For unionfs this poses an issue because the pathname may
      be needed for a relookup operation in unionfs_remove()/unionfs_rmdir().
      Currently unionfs doesn't check for this case, leading to a panic on
      DIAGNOSTIC kernels and use-after-free of cn_nameptr otherwise.
      The unionfs node's stored buffer would suffice as a replacement for
      cnp->cn_nameptr in some (but not all) cases, but it's cleaner to just
      ensure that unionfs vnode ops always have a valid cn_nameptr by setting
      SAVENAME in unionfs_lookup().
      While here, do some light cleanup in unionfs_lookup() and assert that
      HASBUF is always present in the relevant relookup calls.
      Reported by:	pho
      Reviewed by:	markj
      Differential Revision: https://reviews.freebsd.org/D32148
  3. 13 Oct, 2021 13 commits
    • Brooks Davis's avatar
      selsocket: handle sopoll() errors correctly · 04c91ac4
      Brooks Davis authored
      Without this change, unmounting smbfs filesystems with an INVARIANTS
      kernel would panic after 10e64782.
      Found by:	markj
      Reviewed by:	markj, jhb
      Obtained from:	CheriBSD
      MFC after:	3 days
      Sponsored by:	DARPA
      Differential Revision:	https://reviews.freebsd.org/D32492
    • Felix Johnson's avatar
      bpf(4): Fix a misnamed constant · a524aaf6
      Felix Johnson authored
      rarpd.c was modified in r19859 to use REVARP_REQUEST instead of
      PR:		183333
      MFC after:	3 days
      Reported by:	pluknet <pluknet@gmail.com>
    • Rick Macklem's avatar
      nfscl: Make nfscl_getlayout() acquire the correct pNFS layout · 24af0fcd
      Rick Macklem authored
      Without this patch, if a pNFS read layout has already been acquired
      for a file, writes would be redirected to the Metadata Server (MDS),
      because nfscl_getlayout() would not acquire a read/write layout for
      the file.  This happened because there was no "mode" argument to
      nfscl_getlayout() to indicate whether reading or writing was being done.
      Since doing I/O through the Metadata Server is not encouraged for some
      pNFS servers, it is preferable to get a read/write layout for writes
      instead of redirecting the write to the MDS.
      This patch adds a access mode argument to nfscl_getlayout() and
      nfsrpc_getlayout(), so that nfscl_getlayout() knows to acquire a read/write
      layout for writing, even if a read layout has already been acquired.
      This patch only affects NFSv4.1/4.2 client behaviour when pNFS ("pnfs" mount
      option against a server that supports pNFS) is in use.
      This problem was detected during a recent NFSv4 interoperability
      testing event held by the IETF working group.
      MFC after:	2 week
    • Li-Wen Hsu's avatar
      Temporarily skip sys.netgraph.hub.loop on RISC-V in CI · d5fd5cdc
      Li-Wen Hsu authored
      This case panics kernel.
      PR:		259157
      Sponsored by:	The FreeBSD Foundation
    • Glen Barber's avatar
      release: add _LOCATION to the list of required AZURE variables · 364cf030
      Glen Barber authored
      Sponsored by:	Rubicon Communications, LLC ("Netgate")
    • Glen Barber's avatar
      release: use tab-delimited variables in AZURE_UPLOAD_CONF · 083f6d0e
      Glen Barber authored
      Sponsored by:	Rubicon Communications, LLC ("Netgate")
    • John Baldwin's avatar
      ktls: Ensure FIFO encryption order for TLS 1.0. · 9f03d2c0
      John Baldwin authored
      TLS 1.0 records are encrypted as one continuous CBC chain where the
      last block of the previous record is used as the IV for the next
      record.  As a result, TLS 1.0 records cannot be encrypted out of order
      but must be encrypted as a FIFO.
      If the later pages of a sendfile(2) request complete before the first
      pages, then TLS records can be encrypted out of order.  For TLS 1.1
      and later this is fine, but this can break for TLS 1.0.
      To cope, add a queue in each TLS session to hold TLS records that
      contain valid unencrypted data but are waiting for an earlier TLS
      record to be encrypted first.
      - In ktls_enqueue(), check if a TLS record being queued is the next
        record expected for a TLS 1.0 session.  If not, it is placed in
        sorted order in the pending_records queue in the TLS session.
        If it is the next expected record, queue it for SW encryption like
        normal.  In addition, check if this new record (really a potential
        batch of records) was holding up any previously queued records in
        the pending_records queue.  Any of those records that are now in
        order are also placed on the queue for SW encryption.
      - In ktls_destroy(), free any TLS records on the pending_records
        queue.  These mbufs are marked M_NOTREADY so were not freed when the
        socket buffer was purged in sbdestroy().  Instead, they must be
        freed explicitly.
      Reviewed by:	gallatin, markj
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D32381
    • John Baldwin's avatar
      ktls: Reject attempts to enable AES-CBC with TLS 1.3. · a63752cc
      John Baldwin authored
      AES-CBC cipher suites are not supported in TLS 1.3.
      Reported by:	syzbot+ab501c50033ec01d53c6@syzkaller.appspotmail.com
      Reviewed by:	tuexen, markj
      Differential Revision:	https://reviews.freebsd.org/D32404
    • Gleb Smirnoff's avatar
      Remove in_ifaddr_lock acquisiton to access in_ifaddrhead. · 2144431c
      Gleb Smirnoff authored
      An IPv4 address is embedded into an ifaddr which is freed
      via epoch. And the in_ifaddrhead is already a CK list. Use
      the network epoch to protect against use after free.
      Next step would be to CK-ify the in_addr hash and get rid of the...
      Reviewed by:		melifaro
      Differential Revision:	https://reviews.freebsd.org/D32434
    • Mark Johnston's avatar
      mount: Check for !VDIR mount points before handling -o emptydir · 03d5820f
      Mark Johnston authored
      To implement -o emptydir, vfs_emptydir() checks that the passed
      directory is empty.  This should be done after checking whether the
      vnode is of type VDIR, though, or vfs_emptydir() may end up calling
      VOP_READDIR on a non-directory.
      Reported by:	syzbot+4006732c69fb0f792b2c@syzkaller.appspotmail.com
      Reviewed by:	kib, imp
      MFC after:	1 week
      Sponsored by:	The FreeBSD Foundation
      Differential Revision:	https://reviews.freebsd.org/D32475
    • Emmanuel Vadot's avatar
      rtld: Do not install libmap.conf when installing the COMPAT32 version · d0f0e0bd
      Emmanuel Vadot authored
      This has the effect of installing the same file twice at the same location
      and confuse pkgbase as we add this file twice in the package config part.
      MFC after:  1 week
      Sponsored by: Beckhoff Automation GmbH & Co. KG
    • Kristof Provost's avatar
      pf: Introduce pf_nvbool() · 776df104
      Kristof Provost authored
      Similar to the existing functions for strings and ints, this lets us
      simplify some of the nvlist conversion code.
      MFC after:	1 week
      Sponsored by:	Rubicon Communications, LLC ("Netgate")
    • Kyle Evans's avatar
      native-xtools: avoid libllvm while populating the sysroot · e2e2c622
      Kyle Evans authored
      Prior to 021385ab, MK_CLANG=no was sufficient to avoid descending
      into lib/clang, but the referenced change added a couple of other
      enabling knobs. Turn those off, too, to continue avoiding libllvm.
      With this change, we no longer end up with a libllvm using the wrong
      default target triple; `poudriere jail -cx` works once again.
      Reported by:	bhughes, imp, probably others
      Fixes:	021385ab ("Add WITH_LLVM_BINUTILS to install LLVM ...")
  4. 10 Oct, 2021 1 commit
  5. 13 Oct, 2021 4 commits
    • Mateusz Piotrowski's avatar
      bhyve: Update usage and synopsis for the -k flag · f656df58
      Mateusz Piotrowski authored
      Let's make it clear to users that -k is for configuration files.
      Also, point to bhyve_config(5) in the paragraph describing the flag.
      Reviewed by:	jhb
      MFC after:	1 week
      Differential Revision:	https://reviews.freebsd.org/D32467
    • Felix Johnson's avatar
      acpi(4): Correct outdated sysctl · 6882064d
      Felix Johnson authored
      This changes the location of cx_supported sysctl to dev.cpu.N.
      PR:		214370
      MFC after:	3 days
    • Konstantin Belousov's avatar
      rtld direct exec: add -d option · ba7f9c1b
      Konstantin Belousov authored
      to ignore lack of execute permission on the binary.  The check is a
      bad security theatre anyway.
      Reviewed by:	arichardson, imp
      Sponsored by:	The FreeBSD Foundation
      MFC after:	1 week
      Differential revision:	https://reviews.freebsd.org/D32464
    • Rick Macklem's avatar
      nfscl: Fix another deadlock related to the NFSv4 clientID lock · b82168e6
      Rick Macklem authored
      Without this patch, it is possible to hang the NFSv4 client,
      when a rename/remove is being done on a file where the client
      holds a delegation, if pNFS is being used.  For a delegation
      to be returned, dirty data blocks must be flushed to the NFSv4
      server.  When pNFS is in use, a shared lock on the clientID
      must be acquired while doing a write to the DS(s).
      However, if rename/remove is doing the delegation return
      an exclusive lock will be acquired on the clientID, preventing
      the write to the DS(s) from acquiring a shared lock on the clientID.
      This patch stops rename/remove from doing a delegation return
      if pNFS is enabled.  Since doing delegation return in the same
      compound as rename/remove is only an optimization, not doing
      so should not cause problems.
      This problem was detected during a recent NFSv4 interoperability
      testing event held by the IETF working group.
      MFC after:	1 week
  6. 12 Oct, 2021 1 commit