1. 16 Oct, 2021 7 commits
    • Rick Macklem's avatar
      nfscl: Move release of the clientID lock into nfscl_doclose() · e2aab5e2
      Rick Macklem authored
      This patch moves release of the shared clientID lock from nfsrpc_close()
      just after the nfscl_doclose() call to the end of nfscl_doclose() call.
      This does make the code cleaner, since the shared lock is acquired at
      the beginning of nfscl_doclose().  The only semantics change is that
      the code no longer drops and reaquires the NFSCLSTATELOCK() mutex,
      which I do not believe will have a negative effect on the NFSv4 client.
      
      This is being done to prepare the code for a future patch that fixes
      the case where an NFSv4.1/4.2 server replies NFSERR_DELAY to a Close
      operation.
      
      MFC after:	2 week
      e2aab5e2
    • Dimitry Andric's avatar
      llvm-readobj: Add missed source file · 79239b5b
      Dimitry Andric authored
      In some configurations (e.g. powerpc64) the llvm-readobj tool also needs
      contrib/llvm-project/llvm/BinaryFormat/MsgPackWriter.cpp, so add it to
      libllvm.
      
      Reported by:	Shawn Webb <shawn.webb@hardenedbsd.org>
      Fixes:		1b85b68d
      79239b5b
    • Mateusz Guzik's avatar
      cache: add empty path support · 7dd419ca
      Mateusz Guzik authored
      This avoids spurious drop offs as EMPTY is passed regardless of the
      actual path name.
      
      Pushign the work inside the lookup instead of just ignorign the flag
      allows avoid checking for empty pathname for all other lookups.
      7dd419ca
    • Colin Percival's avatar
      Add userland boot profiling to TSLOG · 46dd801a
      Colin Percival authored
      On kernels compiled with 'options TSLOG', record for each process ID:
      * The timestamp of the fork() which creates it and the parent
      process ID,
      * The first path passed to execve(), if any,
      * The first path resolved by namei, if any, and
      * The timestamp of the exit() which terminates the process.
      
      Expose this information via a new sysctl, debug.tslog_user.
      
      On kernels lacking 'options TSLOG' (the default), no information is
      recorded and the sysctl does not exist.
      
      Note that recording namei is needed in order to obtain the names of
      rc.d scripts being launched, as the rc system sources them in a
      subshell rather than execing the scripts.
      
      With this commit it is now possible to generate flamecharts of the
      entire boot process from the start of the loader to the end of
      /etc/rc.  The code needed to perform this processing is currently
      found in github: https://github.com/cperciva/freebsd-boot-profiling
      
      Reviewed by:	mhorne
      Sponsored by:	https://www.patreon.com/cperciva
      Differential Revision: https://reviews.freebsd.org/D32493
      46dd801a
    • Kristof Provost's avatar
      pf: selecting pf_map_addr is not an error · 498cca14
      Kristof Provost authored
      When a redirection/nat IP address is selected by pf_map_addr it is
      logged with PF_DEBUG_MISC level. This one according to the manual means
      "Generate debug messages for various errors". Selecting an IP address is
      not an error, it's a normal function of pf for route-to, nat and some
      other operations. Therefore PF_DEBUG_NOISY level should be choosen which
      is means "Generate debug messages for common conditions".
      
      PR:		259184
      Submitted by:	Kajetan Staszkiewicz <vegeta tuxpowered.net>
      Sponsored by:	InnoGames GmbH
      498cca14
    • Hans Petter Selasky's avatar
      mixer(8): Add -h option to show usage. · aa92785a
      Hans Petter Selasky authored
      Differential Revision:	https://reviews.freebsd.org/D32508
      Submitted by:	christos@
      Sponsored by:	NVIDIA Networking
      aa92785a
    • Gordon Bergling's avatar
      Fix two typos in source code comments · 899a3b38
      Gordon Bergling authored
      - s/alocated/allocated/
      - s/realocated/reallocated/
      
      MFC after:	3 days
      899a3b38
  2. 15 Oct, 2021 14 commits
    • Maxim Sobolev's avatar
      Fix fragmented UDP packets handling since rev.360967. · 461e6f23
      Maxim Sobolev authored
      Consider IP_MF flag when checking length of the UDP packet to
      match the declared value.
      
      Sponsored by:	Sippy Software, Inc.
      Differential Revision:	https://reviews.freebsd.org/D32363
      MFC after:	2 weeks
      461e6f23
    • Cy Schubert's avatar
      ntp: Revert "Disable ntpd stack gap. When ASLR with STACK GAP != 0 ntpd suffers SIGSEGV." · fc393054
      Cy Schubert authored
      This reverts commit 55263180 because the
      underlying problem was fixed by 889b56c8.
      
      MFC after:	1 month
      fc393054
    • Cy Schubert's avatar
      ntp: Revert "Disable stack gap for ntpd during build." · 733a832f
      Cy Schubert authored
      This reverts commit af949c59 because
      889b56c8 fixes the underlying problem.
      
      MFC after:	1 month
      733a832f
    • Kristof Provost's avatar
      pf tests: ensure that $nr expansion is correct · 914ec9c7
      Kristof Provost authored
      Test the $nr expansion in labels is correct, even if the optimiser
      reduces the rule count.
      
      MFC after:	1 week
      Differential Revision:	https://reviews.freebsd.org/D32489
      914ec9c7
    • Kristof Provost's avatar
      pfctl: delay label macro expansion until after rule optimisation · 09c7f238
      Kristof Provost authored
      We used to expand the $nr macro in labels into the rule number prior to
      the optimisation step. This would occasionally produce incorrect rule
      numbers in the labels.
      
      Delay all macro expansion until after the optimisation step to ensure
      that we expand the correct values.
      
      MFC after:	1 week
      Reported by:	Özkan KIRIK <ozkan.kirik@gmail.com>
      Differential Revision:	https://reviews.freebsd.org/D32488
      09c7f238
    • Rick Macklem's avatar
      nfscl: Add an argument to nfscl_tryclose() · 77c595ce
      Rick Macklem authored
      This patch adds a new argument to nfscl_tryclose() to indicate
      whether or not it should loop when a NFSERR_DELAY reply is received
      from the NFSv4 server.  Since this new argument is always passed in
      as "true" at this time, no semantics change should occur.
      
      This is being done to prepare the code for a future patch that fixes
      the case where an NFSv4.1/4.2 server replies NFSERR_DELAY to a Close
      operation.
      
      MFC after:	2 week
      77c595ce
    • Ed Maste's avatar
      Add libcbor to the build · 2e85df65
      Ed Maste authored
      From https://github.com/PJK/libcbor:
      
          libcbor is a C library for parsing and generating CBOR, the general-
          purpose schema-less binary data format.
      
      libcbor will be used by ssh to support FIDO/U2F keys.  It is currently
      intended only for use by ssh, and so is installed as a PRIVATELIB and is
      placed in the ssh pkgbase package.
      
      cbor_export.h and configuration.h were generated by the upstream CMake
      build.  We could create them with bmake rules instead (as NetBSD has
      done) but this is a fine start.
      
      This is currently disabled for the 32-bit library build as libfido2 is
      not compatible with the COMPAT_32BIT hack in usb_ioctl.h, and there is
      no need for libcbor without libfido2.
      
      Reviewed by:	kevans
      MFC after:	2 weeks
      Sponsored by:	The FreeBSD Foundation
      Differential Revision:	https://reviews.freebsd.org/D32347
      2e85df65
    • Hans Petter Selasky's avatar
      mixer(8): Print usage to standard error. · 67829b63
      Hans Petter Selasky authored
      Differential Revision:	https://reviews.freebsd.org/D32507
      Submitted by:	christos@
      Sponsored by:	NVIDIA Networking
      67829b63
    • Hans Petter Selasky's avatar
      mixer(8): Fix mixer status line for /dev/dspX.vpY mixer devices. · 63dcf7fd
      Hans Petter Selasky authored
      In some cases when passing /dev/dspX.vpY as mixer devices, m->ci.longname and
      m->ci.hw_info will be empty. Don't print any brackets and parentheses
      in this case.
      
      Differential Revision:	https://reviews.freebsd.org/D32500
      Submitted by:	christos@
      Sponsored by:	NVIDIA Networking
      63dcf7fd
    • Dawid Gorecki's avatar
      libthr: Use kern.stacktop for thread stack calculation. · 78df56cc
      Dawid Gorecki authored
      Use the new kern.stacktop sysctl to retrieve the address of stack top
      instead of kern.usrstack. kern.usrstack does not have any knowledge
      of the stack gap, so this can cause problems with thread stacks.
      Using kern.stacktop sysctl should fix most of those problems.
      kern.usrstack is used as a fallback when kern.stacktop cannot be read.
      
      Rename usrstack variables to stacktop to reflect this change.
      
      Fixes problems with firefox and thunderbird not starting with
      stack gap enabled.
      
      PR: 239873
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31898
      78df56cc
    • Dawid Gorecki's avatar
      kern_exec: Add kern.stacktop sysctl. · a97d6971
      Dawid Gorecki authored
      With stack gap enabled top of the stack is moved down by a random
      amount of bytes. Because of that some multithreaded applications
      which use kern.usrstack sysctl to calculate address of stacks for
      their threads can fail. Add kern.stacktop sysctl, which can be used
      to retrieve address of the stack after stack gap is applied to it.
      Returns value identical to kern.usrstack for processes which have
      no stack gap.
      
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31897
      a97d6971
    • Dawid Gorecki's avatar
      setrlimit: Take stack gap into account. · 889b56c8
      Dawid Gorecki authored
      Calling setrlimit with stack gap enabled and with low values of stack
      resource limit often caused the program to abort immediately after
      exiting the syscall. This happened due to the fact that the resource
      limit was calculated assuming that the stack started at sv_usrstack,
      while with stack gap enabled the stack is moved by a random number
      of bytes.
      
      Save information about stack size in struct vmspace and adjust the
      rlim_cur value. If the rlim_cur and stack gap is bigger than rlim_max,
      then the value is truncated to rlim_max.
      
      PR: 253208
      Reviewed by: kib
      Obtained from: Semihalf
      Sponsored by: Stormshield
      MFC after: 1 month
      Differential Revision: https://reviews.freebsd.org/D31516
      889b56c8
    • Corvin Köhne's avatar
      bhyve: ignore low bits of CFGADR · 1b0e2f0b
      Corvin Köhne authored
      Bhyve could emulate wrong PCI registers.
      In the best case, the guest reads wrong registers and the device driver would
      report some errors.
      In the worst case, the guest writes to wrong PCI registers and could brick
      hardware when using PCI passthrough.
      
      According to Intels specification, low bits of CFGADR should be
      ignored. Some OS like linux may rely on it. Otherwise, bhyve could
      emulate a wrong PCI register.
      
      E.g.
      If linux would like to read 2 bytes from offset 0x02, following would
      happen.
      linux:
      	outl 0x80000002 at CFGADR
      	inw  at CFGDAT + 2
      bhyve:
      	cfgoff = 0x80000002 & 0xFF = 0x02
      	coff   = cfgoff + (port - CFGDAT) = 0x02 + 0x02 = 0x04
      Bhyve would emulate the register at offset 0x04 not 0x02.
      
      Reviewed By: #bhyve, grehan
      Differential Revision: https://reviews.freebsd.org/D31819
      Sponsored by:	       Beckhoff Automation GmbH & Co. KG
      1b0e2f0b
    • Rick Macklem's avatar
      nfscl: Restructure nfscl_freeopen() slightly · 6495766a
      Rick Macklem authored
      This patch factors the unlinking of the nfsclopen structure out of
      nfscl_freeopen() into a separate function called nfscl_unlinkopen().
      It also adds a new argument to nfscl_freeopen() to conditionally do
      the unlink.  Since this new argument is always passed in as "true"
      at this time, no semantics change should occur.
      
      This is being done to prepare the code for a future patch that fixes
      the case where an NFSv4.1/4.2 server replies NFSERR_DELAY to a Close
      operation.
      
      MFC after:	2 week
      6495766a
  3. 14 Oct, 2021 12 commits
    • John Baldwin's avatar
      ktls: Defer creation of threads and zones until first use. · a72ee355
      John Baldwin authored
      Run ktls_init() when the first KTLS session is created rather than
      unconditionally during boot.  This avoids creating unused threads and
      allocating unused resources on systems which do not use KTLS.
      
      Reviewed by:	gallatin, markj
      Sponsored by:	Chelsio Communications
      Differential Revision:	https://reviews.freebsd.org/D32487
      a72ee355
    • Konstantin Belousov's avatar
      Fix typo in comment · 86929782
      Konstantin Belousov authored
      Sponsored by:	The FreeBSD Foundation
      MFC after:	3 days
      86929782
    • Konstantin Belousov's avatar
      Style · 1adebca1
      Konstantin Belousov authored
      Sponsored by:	The FreeBSD Foundation
      MFC after:	3 days
      1adebca1
    • John Baldwin's avatar
      cxgbe: Only run ktls_tick when NIC TLS is enabled. · ef3f98ae
      John Baldwin authored
      Previously the body of ktls_tick was a nop when NIC TLS was disabled,
      but the callout was still scheduled consuming power on otherwise-idle
      systems with Chelsio T6 adapters.  Now the callout only runs while NIC
      TLS is enabled on at least one interface of an adapter.
      
      Reported by:	mav
      Reviewed by:	np, mav
      Sponsored by:	Chelsio Communications
      Differential Revision:	https://reviews.freebsd.org/D32491
      ef3f98ae
    • Alex Richardson's avatar
      Fix a syntax error in 1b85b68d · 367ec753
      Alex Richardson authored
      Reported by:	Michael Butler, jenkins
      367ec753
    • Cameron Katri's avatar
      llvm-readobj: Attach to buildsystem · 1b85b68d
      Cameron Katri authored
      Also install it as readelf when MK_LLVM_BINUTILS is set.
      
      Reviewed By:	dim, arichardson
      Differential Revision: https://reviews.freebsd.org/D32058
      1b85b68d
    • Leandro Lupori's avatar
      powerpc64: make radix with superpages default · 8ecf9a8b
      Leandro Lupori authored
      As Radix MMU with superpages enabled is now stable, make it the
      default choice on supported hardware (POWER9 and above), since its
      performance is greater than that of HPT MMU.
      
      Reviewed by:		alfredo, jhibbits
      Sponsored by:		Instituto de Pesquisas Eldorado (eldorado.org.br)
      Differential Revision:	https://reviews.freebsd.org/D30797
      8ecf9a8b
    • Li-Wen Hsu's avatar
      Fix RISC-V build · 168b579a
      Li-Wen Hsu authored
      Fixes:	d5fd5cdc
      168b579a
    • Warner Losh's avatar
      nvme: Reduce traffic to the doorbell register · 2ec165e3
      Warner Losh authored
      Reduce traffic to doorbell register when processing multiple completion
      events at once. Only write it at the end of the loop after we've
      processed everything (assuming we found at least one completion,
      even if that completion wasn't valid).
      
      Sponsored by:		Netflix
      Reviewed by:		mav
      Differential Revision:	https://reviews.freebsd.org/D32470
      2ec165e3
    • Leandro Lupori's avatar
      powerpc64: fix OFWFB with Radix MMU · 76384bd1
      Leandro Lupori authored
      Current implementation of Radix MMU doesn't support mapping
      arbitrary virtual addresses, such as the ones generated by
      "direct mapping" I/O addresses. This caused the system to hang, when
      early I/O addresses, such as those used by OpenFirmware Frame Buffer,
      were remapped after the MMU was up.
      
      To avoid having to modify mmu_radix_kenter_attr just to support this
      use case, this change makes early I/O map use virtual addresses from
      KVA area instead (similar to what mmu_radix_mapdev_attr does), as
      these can be safely remapped later.
      
      Reviewed by:		alfredo (earlier version), jhibbits (in irc)
      MFC after:		2 weeks
      Sponsored by:		Instituto de Pesquisas Eldorado (eldorado.org.br)
      Differential Revision:	https://reviews.freebsd.org/D31232
      76384bd1
    • Gordon Bergling's avatar
      ng_ppp(4): Fix a typo in a comment · 0a8159d8
      Gordon Bergling authored
      - s/delcared/declared/
      
      MFC after:	3 days
      0a8159d8
    • Jason A. Harmening's avatar
      unionfs: Ensure SAVENAME is set for unionfs vnode operations · 152c35ee
      Jason A. Harmening authored
      "rm-style" system calls such as kern_frmdirat() and kern_funlinkat()
      don't supply SAVENAME to preserve the pathname buffer for subsequent
      vnode ops.  For unionfs this poses an issue because the pathname may
      be needed for a relookup operation in unionfs_remove()/unionfs_rmdir().
      Currently unionfs doesn't check for this case, leading to a panic on
      DIAGNOSTIC kernels and use-after-free of cn_nameptr otherwise.
      
      The unionfs node's stored buffer would suffice as a replacement for
      cnp->cn_nameptr in some (but not all) cases, but it's cleaner to just
      ensure that unionfs vnode ops always have a valid cn_nameptr by setting
      SAVENAME in unionfs_lookup().
      
      While here, do some light cleanup in unionfs_lookup() and assert that
      HASBUF is always present in the relevant relookup calls.
      
      Reported by:	pho
      Reviewed by:	markj
      Differential Revision: https://reviews.freebsd.org/D32148
      152c35ee
  4. 13 Oct, 2021 7 commits
    • Brooks Davis's avatar
      selsocket: handle sopoll() errors correctly · 04c91ac4
      Brooks Davis authored
      Without this change, unmounting smbfs filesystems with an INVARIANTS
      kernel would panic after 10e64782.
      
      Found by:	markj
      Reviewed by:	markj, jhb
      Obtained from:	CheriBSD
      MFC after:	3 days
      Sponsored by:	DARPA
      Differential Revision:	https://reviews.freebsd.org/D32492
      04c91ac4
    • Felix Johnson's avatar
      bpf(4): Fix a misnamed constant · a524aaf6
      Felix Johnson authored
      rarpd.c was modified in r19859 to use REVARP_REQUEST instead of
      ARPOP_REVREQUEST.
      
      PR:		183333
      MFC after:	3 days
      Reported by:	pluknet <pluknet@gmail.com>
      a524aaf6
    • Rick Macklem's avatar
      nfscl: Make nfscl_getlayout() acquire the correct pNFS layout · 24af0fcd
      Rick Macklem authored
      Without this patch, if a pNFS read layout has already been acquired
      for a file, writes would be redirected to the Metadata Server (MDS),
      because nfscl_getlayout() would not acquire a read/write layout for
      the file.  This happened because there was no "mode" argument to
      nfscl_getlayout() to indicate whether reading or writing was being done.
      Since doing I/O through the Metadata Server is not encouraged for some
      pNFS servers, it is preferable to get a read/write layout for writes
      instead of redirecting the write to the MDS.
      
      This patch adds a access mode argument to nfscl_getlayout() and
      nfsrpc_getlayout(), so that nfscl_getlayout() knows to acquire a read/write
      layout for writing, even if a read layout has already been acquired.
      This patch only affects NFSv4.1/4.2 client behaviour when pNFS ("pnfs" mount
      option against a server that supports pNFS) is in use.
      
      This problem was detected during a recent NFSv4 interoperability
      testing event held by the IETF working group.
      
      MFC after:	2 week
      24af0fcd
    • Li-Wen Hsu's avatar
      Temporarily skip sys.netgraph.hub.loop on RISC-V in CI · d5fd5cdc
      Li-Wen Hsu authored
      This case panics kernel.
      
      PR:		259157
      Sponsored by:	The FreeBSD Foundation
      d5fd5cdc
    • Glen Barber's avatar
      release: add _LOCATION to the list of required AZURE variables · 364cf030
      Glen Barber authored
      Sponsored by:	Rubicon Communications, LLC ("Netgate")
      364cf030
    • Glen Barber's avatar
      release: use tab-delimited variables in AZURE_UPLOAD_CONF · 083f6d0e
      Glen Barber authored
      Sponsored by:	Rubicon Communications, LLC ("Netgate")
      083f6d0e
    • John Baldwin's avatar
      ktls: Ensure FIFO encryption order for TLS 1.0. · 9f03d2c0
      John Baldwin authored
      TLS 1.0 records are encrypted as one continuous CBC chain where the
      last block of the previous record is used as the IV for the next
      record.  As a result, TLS 1.0 records cannot be encrypted out of order
      but must be encrypted as a FIFO.
      
      If the later pages of a sendfile(2) request complete before the first
      pages, then TLS records can be encrypted out of order.  For TLS 1.1
      and later this is fine, but this can break for TLS 1.0.
      
      To cope, add a queue in each TLS session to hold TLS records that
      contain valid unencrypted data but are waiting for an earlier TLS
      record to be encrypted first.
      
      - In ktls_enqueue(), check if a TLS record being queued is the next
        record expected for a TLS 1.0 session.  If not, it is placed in
        sorted order in the pending_records queue in the TLS session.
      
        If it is the next expected record, queue it for SW encryption like
        normal.  In addition, check if this new record (really a potential
        batch of records) was holding up any previously queued records in
        the pending_records queue.  Any of those records that are now in
        order are also placed on the queue for SW encryption.
      
      - In ktls_destroy(), free any TLS records on the pending_records
        queue.  These mbufs are marked M_NOTREADY so were not freed when the
        socket buffer was purged in sbdestroy().  Instead, they must be
        freed explicitly.
      
      Reviewed by:	gallatin, markj
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D32381
      9f03d2c0