| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't unpad records, check the outer record type, or extract the
inner record type from TLS 1.3 records handled by the kernel. KTLS
performs all of these steps and returns the inner record type in the
TLS header.
- When checking the length of a received TLS 1.3 record don't allow
for the extra byte for the nested record type when KTLS is used.
- Pass a pointer to the record type in the TLS header to the
SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old
pointer pointed to the last byte of payload rather than the record
type. For the non-KTLS case, the TLS header has been updated with
the inner type before this callback is invoked.
Obtained from: OpenSSL commit a5fb9605329fb939abb536c1604d44a511741624)
|
| |
|
|
|
|
|
|
|
|
|
| |
When KTLS receive is enabled, pending data may still be present due to
read ahead. This data must still be processed the same as records
received without KTLS. To ease readability (especially in
consideration of additional checks which will be added for TLS 1.3),
add a helper variable 'using_ktls' that is true when the KTLS receive
path is being used to receive a record.
Obtained from: OpenSSL commit 031132c297e54cbc20404a0bf8de6ed863196399
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KTLS implementations currently assume that the start of the in-kernel
socket buffer is aligned with the start of a TLS record for the
receive side. The socket option to enable KTLS specifies the TLS
sequence number of this initial record.
When read ahead is enabled, data can be pending in the SSL read buffer
after negotiating session keys. This pending data must be examined to
ensurs that the kernel's socket buffer does not contain a partial TLS
record as well as to determine the correct sequence number of the
first TLS record to be processed by the kernel.
In preparation for enabling receive kernel offload for TLS 1.3, move
the existing logic to handle read ahead from t1_enc.c into ktls.c and
invoke it from ktls_configure_crypto().
Obtained from: OpenSSL commit 85773128d0e80cd8dcc772a6931d385b8cf4acd1
|
| |
|
|
|
|
| |
FreeBSD's kernel TLS supports Chacha20 for both TLS 1.2 and TLS 1.3.
Obtained from: OpenSSL commit 77f3936928068bee9d7e0c6939709ac179cb1059
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following loader tunables do have corresponding sysctl MIBs but
with different names. That may be historical reason. Let's prefer
consistent naming for them so that it will be easier to read and
maintain.
1. hw.vmm.l1d_flush -> hw.vmm.vmx.l1d_flush
2. hw.vmm.l1d_flush_sw -> hw.vmm.vmx.l1d_flush_sw
3. hw.vmm.vmx.use_apic_pir -> hw.vmm.vmx.cap.posted_interrupts
4. hw.vmm.vmx.use_apic_vid -> hw.vmm.vmx.cap.virtual_interrupt_delivery
5. hw.vmm.vmx.use_tpr_shadowing -> hw.vmm.vmx.cap.tpr_shadowing
Old names are kept for compatibility.
Meanwhile, add sysctl flag CTLFLAG_TUN to them so that `sysctl -T` will
report them correctly.
Reviewed by: corvink, jhb, kib, #bhyve
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D42251
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sysctl knob 'vm.pmap.pv_entry_max' becomes a loader tunable since
7ff48af7040f (Allow a specific setting for pv entries) but is fetched
from system environment 'vm.pmap.pv_entries'. That is inconsistent and
obscure.
This reverts 36e1b9702e21 (Correct the tunable name in the message).
PR: 231577
Reviewed by: jhibbits, alc, kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42274
|
| |
|
|
|
|
|
|
|
|
|
| |
To match the sysctl MIBs and document entries in security(7).
Fixes: 2dec2b4a34b4 amd64: flush L1 data cache on syscall return with an error
Fixes: 17edf152e556 Control for Special Register Buffer Data Sampling mitigation
Reviewed by: kib
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D42249
|
| |
|
|
|
|
|
| |
This completes step 5 from Committer's Guide.
Approved by: jrm (mentor)
Differential Review: https://reviews.freebsd.org/D42293
|
| |
|
|
|
|
|
|
|
|
|
| |
When userspace includes pfvar.h it doesn't get the kernel's COMPAT_*
defines, so we end up not having required symbols in userspace. This
caused the libpfctl port to fail to build.
libpfctl will be updated to use the new netlink-based state export code
soon, which will also fix thix build issue.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
| |
This should fix the LINT builds.
Reported by: Jenkins
Sponsored by: The FreeBSD Foundation
Fixes: 2c6f474ee824 ("hwpmc_amd: kill of k7 support bits")
|
| |
|
|
|
|
|
|
|
|
|
| |
Actually use INT_MAX (0x7fffffff), not UINT_MAX (0xffffffff) to avoid
overflowing time_t and missing the test.
Reported by: Jenkins
Reviewed by: markj
Fixes: 5b8af90fe332 ("ping: Add ATF-Python tests")
Pull Request: https://github.com/freebsd/freebsd-src/pull/874
Differential Revision: https://reviews.freebsd.org/D42268
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolved conflict between ipfw and pf if both are used and pf wants to
do divert(4) by having separate mtags for pf and ipfw.
Also fix the incorrect 'rulenum' check, which caused the reported loop.
While here add a few test cases to ensure that divert-to works as
expected, even if ipfw is loaded.
divert(4)
PR: 272770
MFC after: 3 weeks
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D42142
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restore bsdconfig API to handle hostname dialog because bsddialog 1.0
matches all features required by bsdconfig(1). Implicitly this commit
restores also Xdialog(1) for this script.
This commit reverts:
- "bsdinstall hostname: Replace dialog with bsddialog"
6368dcb29228dd8e18d50c54c3ca1596262d4676
- "bsdinstall(8) hostname: Update for bsddialog 0.3"
5f3ec44e7e9c11f90ad1128db1116925b493fad0.
The script continues to use bsddialog(1) by default via $DIALOG in
bsdconfig(1).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for non-native ABI
This is a temporary solution to fix PR before release.
During 15.0 it's necessary to refactor symlinks handling
between vfs & namecache.
PR: 273414
Reported by: Vincent Milum Jr, Dan Kotowski, glebius
Tested by: Dan Kotowski, glebius
Reviewed by:
Differential Revision: https://reviews.freebsd.org/D41806
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update pf documentation:
- default behaviour of fragment reassembly
- introduction of scrub option for filter rules
- disadvantages of using the old scrub ruleset
- options supported for match rules
- fix missing list block end
- remove duplicate description of match filter rule
- update example to modern syntax
Reviewed by: kp
Fragments obtained from: OpenBSD
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42270
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: Under certain I/O conditions, a program doing large block disk
reads can cause a controller to crash.
Root Cause: The SCSI read request and destination address in the BDMA
descriptor is incorrect, causing the BDMA engine in the controller to
assert.
Fix: Change the alignment for creating bus_dma_tags in the driver from
PAGE_SIZE (4k) to 1, which allows the controller to manage it's own
address range for BDMA transactions.
Risk: Medium
Exposure: This reverts a change first made to support NVMe drives on
Excalibur. At that time a 4k alignment was necessary. This no longer
seems to be the case.
PR: 259541
Reported by: Ka Ho Ng <khng@freebsd.org>
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41619
|
| |
|
|
|
|
|
|
|
|
|
| |
pqisrc_free_device frees the device softc with the os spinlock
held. This causes crashes when devices are removed because the memory
free might sleep (which is prohibited with spin locks held). Drop the
spinlock before releasing the memory.
MFC After: 2 days
PR: 273289
Reviewed by: imp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described by chmod(1), +X in the mode may be used to optionally set
the +x bit if the file is a directory if any of the execute/search bits
are set in the original mode. The latter is not applicable because we
assume -m is a fresh mask, but a functional +X could be useful in the
former case if we're passing along a common INSTALL_MODE that's designed
to install either 0644 or 0755 depending simply on whether it's a
directory or not.
Reviewed by: des
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D42273
|
| | |
|
| |
|
|
|
| |
Commit 57ce37f9dcc0 changed the internal KAPI between the
nfscommon and nfscl modules. Both must be rebuilt from sources.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC7862 does not specify infile atime behaviour when a NFSv4.2 Copy
operation is performed. Since the collective opinion of a mailing
list discussion (on freebsd-hackers@) seemed to indicate that
copy_file_range(2) should update atime on the infd,
even if there is no data copied, this
patch attempts to ensure that behaviour.
For Copy, it preceeds the Copy operation with a Setattr of
TimeAccess_Set(NFSv4. speak for atime) for the invp. For the case
where no data will be copied, it does a Setattr RPC to set
TimeAccess_Set for the invp.
A __FreeBSD_version bump will be done as a separate commit, since
this patch changes the internal interface between the nfscommon and
nfscl modules.
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a recent email list discussion related to NFSv4 mount problems
against a non-FreeBSD NFSv4 server, the reporter of the issue noted
that the server had replied 10068 (NFSERR_RETRYUNCACHEDREP). This
did not seem related to the mount problem, but I had never seen this
error before. It indicates that an RPC retry after a new TCP
connection has been established failed because the server did not
cache the reply. Since this should only happen for idempotent
operations, redoing the RPC should be safe.
This patch modifies the NFSv4.1/4.2 client to redo the RPC instead
of considering the server error fatal. It should only affect the
unusual case where TCP connections to NFSv4 servers are breaking
without the NFSv4 server rebooting.
Reported by: J David <j.devid.lists@gmail.com>
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the first step in recognizing that the K8 microarchitecture
represents a small and aged subset of AMD CPUs supported by this class.
Future changes will update the code and documentation details to better
reflect this.
Keep the old filename as an alias.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41279
|
| |
|
|
|
|
|
|
|
| |
This includes event definitions from sys/pmc_events.h, definitions from
sys/pmc.h, and the man pages.
Reviewed by: jkoshy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41275
|
| |
|
|
|
|
|
|
|
|
| |
This is i386-only, and has been effectively disabled since 2018 when the
companion support was removed from libpmc (e92a1350b50e). Remove the
kernel support to simplify the AMD class.
Reviewed by: jkoshy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41274
|
| |
|
|
|
|
|
|
|
| |
No functional change intended.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41273
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Return style
- Explicit value checks
- Whitespace formatting
- Comment formatting
- Local variable declaration order
- __unused annotations
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41272
|
| |
|
|
|
|
|
| |
Reviewed by: jkoshy
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41271
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make them a little bit more consistent with one another in terms of what
is done:
- Add/reduce assertions to what is most useful: a loop to ensure
pcpu_fini freed everything
- Add PMCDBG trace entries
The exception is the dmc620/cmn600 classes, which behave a little
differently, so leave them untouched.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41270
|
| |
|
|
|
|
|
|
|
|
|
| |
When a conflict marker is found during update allow the user to confirm
they want it to remain in the file.
Suggested by: Tim Hogard
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Fixes: ceb5f28ba5fc ("freebsd-update: re-edit files if merge confli...")
Differential Revision: https://reviews.freebsd.org/D38896
|
| |
|
|
|
|
|
|
| |
Remove the $FreeBSD$ pattern added to the tests, as well as fixing the
mkimg_test.sh script to stop adding it when we rebase the tests.
Reviewed by: imp, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/870
|
| |
|
|
|
| |
Fixes: 3a338c534154
Reported by: mhorne
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rollback_files() tried to install files before creating the directories
for those files. In some cases this is due to special handling to
install certain classes of files earlier than others.
Just create all directories up front when performing rollback.
PR: 273950
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42020
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Further to f6d37c9ca13f ("freebsd-update: handle file -> directory on
upgrade"), handle the reverse case of a directory changing to a file.
We may not encounter this case on upgradess (before freebsd-update is
retired) but it is needed to support rollback.
PR: 273950
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41945
|
| |
|
|
|
|
|
|
|
| |
While here, drop the EXTRA_TCP_STACKS option, which serves no purpose and
should never have been added. Instead, build bbr and rack as long as
either or both of INET and INET6 is enabled. There is no risk to anyone
who doesn't load one or both and then twiddle the relevant sysctls.
Differential Revision: https://reviews.freebsd.org/D42088
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D42192
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D42191
|
| |
|
|
|
| |
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D42190
|
| |
|
|
|
|
|
|
|
| |
In the LinuxKPI, PAGE_MASK is the logical negation of FreeBSD's
PAGE_MASK, so the original assertion was simply incorrect.
Reported by: trasz
Tested by: trasz
Fixes: 6223d0b67af9 ("linuxkpi: Handle direct-mapped addresses in linux_free_kmem()")
|
| |
|
|
|
|
|
|
|
|
| |
If the directory is empty we fail with a message regarding mkdir in which
the empty directory can't be seen because it is not quoted.
Show a nice message so the user knows what is going on.
Reviewed by: bapt@
Differential Revision: https://reviews.freebsd.org/D42252
|
| | |
|
| |
|
|
|
|
|
|
|
| |
PR#274346 reports a crash which appears to be caused by a NULL default session
being destroyed. This patch should avoid the crash.
Tested by: Joshua Kinard <freebsd@kumba.dev>
PR: 274346
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
Recent changes to mkimg has changed the generated GPT images to be more
correct. Use make rebase to regenerate the baseline.
Sponsored by: Netflix
|
| |
|
|
|
|
| |
vtoc8 support expired with sparc64 removal, so remove them all.
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, a NFSv4 Readdir operation acquires the vnode for
each entry in the directory. If only the Type, Fileid, Mounted_on_fileid
and ReaddirError attributes are requested by a client, acquiring the vnode
is not necessary for non-directories. Directory vnodes must be acquired
to check for server file system mount points.
This patch avoids acquiring the vnode, as above, resulting in a 3-8%
improvement in Readdir RPC RTT for some simple tests I did.
Note that only non-rdirplus NFSv4 mounts will benefit from this change.
Tested during a recent IETF NFSv4 Bakeathon testing event.
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
| |
The ddb commands for lltable do not produce useful l3_addr information.
This fixes the llentry pretty printer to correctly display the l3_addr
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42253
|
| |
|
|
|
|
|
|
|
|
|
| |
The current xo_format string is incorrect. This restores the display
format prior to libxo-ification work while also explicitly marking
tv_sec and tv_usec as encoded output only.
MFC after: 1 week
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42269
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
vCPU threads are starting before init_snapshot() is called. That can lead
to corruption of vcpu_lock userspace mutex (snapshot.c) and then VM hangs
in acquiring that mutex.
init_snapshot() initializes only static variables (mutex, cv) and that
code can be optimized and removed.
Fixes: 9a9a248964696 ("bhyve: init checkput before caph_enter")
Reviewed by: markj
MFC after: 1 week
Sponsored by: vStack
|
