Mitchell Horne [Fri, 5 May 2023 21:56:34 +0000 (18:56 -0300)]
hwpmc: remove remaining UCP event definitions
Although this block has remained in __PMC_EVENTS(), there is no handling
of UCP in libpmc/libpmc.c, so it is not possible to select one of these
events. It should therefore be impossible to trigger the code removed
from ucp_start_pmc(). Note that the GQ_SNOOP_MSF MSR exists only for
Nehalem and Westmere architectures, and the related events do not exist
for later generations.
The Uncore support in hwpmc has severely atrophied in general. We have
uncore event definitions in pmu-events, but the kernel support was
written against Intel Performance Measurement Architecture version 2,
and is disabled for processor generations later than Westmere. Nehalem
and Westmere lack uncore event definitions in pmu-events. I'd be
surprised if Uncore support is usable on any machine in its current
state.
Reviewed by: jkoshy
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39901
The bit values are numbers given in octal representation, not decimal,
as one might assume from the description. Same goes for the base,
although this has an example.
Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39815
arm64/disassem.c: Fix typo sxts to sxts and amount for TYPE_02
The current implementation is wrong, since it unconditionally sets the
amount equal to the <size> field of the instruction. However, when the
<S> bit (scale) is not set, it must be zero.
Also fix a typo, sxts to sxtx, according to the Arm64 documentation.
Stefan Eßer [Thu, 8 Jun 2023 14:45:11 +0000 (16:45 +0200)]
usr.bin/bc: fix build issue of version 6.6.0 on MIPS
The update removed MIPS and POWERPC64 from the list of architectures
that cannot use LTO to build this software.
Restore the previous exception list and do not use LTO on MIPS,
MIPS64, POWERPC64, and RISCV64. This is necessary due to differences
in compiler support for LTO in -CURRENT vs. 13-STABLE.
This release that fixes an infinite loop bug in the (non-standard)
extended math library functions root() and cbrt(), fixes a bug with
BC_LINE_LENGTH=0, and adds the fib() function to the extended math
library to calculate Fibonacci numbers.
Ed Maste [Wed, 8 Feb 2023 13:16:53 +0000 (08:16 -0500)]
ssh: fix leak and apply style(9) to hostname canonicalization
Fixes: bf2e2524a2ce ("ssh: canonicize the host name before...")
Fixes: 3e74849a1ee2 ("ssh: canonicize the host name before...")
Reviewed by: rew
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38441
Ed Maste [Wed, 7 Sep 2022 14:12:37 +0000 (10:12 -0400)]
Cirrus-CI: move QEMU pkg installation to test script
Occasionally the QEMU package fails to build and isn't available on
-CURRENT using the Latest package set. Move the package installation
to the test script, so that if the package isn't available we at least
still perform a build test.
Ed Maste [Tue, 9 May 2023 18:26:47 +0000 (14:26 -0400)]
Cirrus-CI: add gcc12 automatic task on primary GitHub mirror
We want to get GCC coverage via Cirrus-CI, but don't want to trigger
excessive runs across all forks and branches. Create a duplicate gcc12
task to run automatically for freebsd/freebsd-src.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Chuck Silvers [Tue, 30 May 2023 02:26:28 +0000 (19:26 -0700)]
ffs: restore backward compatibility of newfs and makefs with older binaries
The previous change to CGSIZE had the unintended side-effect of allowing
newfs and makefs to create file systems that would fail validation when
examined by older commands and kernels, by allowing newfs/makefs to pack
slightly more blocks into a CG than those older binaries think is valid.
Fix this by having newfs/makefs artificially restrict the number of blocks
in a CG to the slightly smaller value that those older binaries will accept.
The validation code will continue to accept the slightly larger value
that the current newfs/makefs (before this change) could create.
This patch fixes TCP connection hangs for 1 rxq and 1 txq without rxcsum
enabled. Documentation for 10G cards and other drivers suggest enabling
rxcsum for RSS and disabling otherwise. When PCSD bit is not set then
fragment checksum and IP identification are reported in the rx
descriptor. When PCSD bit is set then RSS hash value is reported in the
rx descriptor. RSS and RX IPP checksum are mutually exclusive.
Eric Joyner [Wed, 24 May 2023 23:38:02 +0000 (16:38 -0700)]
ice(4): Update to 1.37.11-k
This driver update has no corresponding ice_ddp update, and doesn't
contain very many functional changes:
- Some refactoring for future SR-IOV PF support
- Various minor fixes
Dimitry Andric [Mon, 29 May 2023 14:27:58 +0000 (16:27 +0200)]
Apply clang fixes for crashes compiling ARM/AArch64 CRC intrinsics
Merge commit 069ecd0c6e2c from llvm-project (by Fangrui Song):
[ARM] Check target feature support for __builtin_arm_crc*
`__builtin_arm_crc*` requires the target feature crc which is available on armv8
and above. Calling the fuctions for armv7 leads to a SelectionDAG crash.
```
% clang -c --target=armv7-unknown-linux-gnueabi -c a.c
fatal error: error in backend: Cannot select: intrinsic %llvm.arm.crc32b
PLEASE submit a bug report to ...
```
Add `TARGET_BUILTIN` and define required features for these builtins to
report an error in `CodeGenFunction::checkTargetFeatures`. The problem is quite widespread.
I will add `TARGET_BUILTIN` for more builtins later.
Merge commit b2d7a0dcf1ff from llvm-project (by Fangrui Song):
[AArch64] Check target feature support for __builtin_arm_crc*
This is the AArch64 counterpart of D134127.
Daniel Kiss will change more `BUILTIN` to `TARGET_BUILTIN`.
Fix #57802
Note that programs attempting to use ARM/AArch64 CRC intrinsics, when
they are not supported by the targeted CPU, will still receive a regular
compilation error (instead of a fatal backend error) similar to:
Clang 16 got new builtins that are equivalent to hand-written parts of
<type_traits>. When building world with the devel/llvm16 package
installed and CROSS_TOOLCHAIN=llvm16 set, this would lead to -Werror
warnings about those builtins being overridden.
MFC: listen(2): improve administrator control over logging
As documented in listen.2 manual page, the kernel emits a LOG_DEBUG
syslog message if a socket listen queue overflows. For some appliances,
it may be desirable to change the priority to some higher value
like LOG_INFO while keeping other debugging suppressed.
OTOH there are cases when such overflows are normal and expected.
Then it may be desirable to suppress overflow logging altogether,
so that dmesg buffer is not flooded over long run.
In addition to existing sysctl kern.ipc.sooverinterval,
introduce new sysctl kern.ipc.sooverprio that defaults to 7 (LOG_DEBUG)
to preserve current behavior. It may be changed to any value
in a range of 0..7 for corresponding priority or to -1 to suppress logging.
Document it in the listen.2 manual page.
Mark Johnston [Tue, 18 Apr 2023 18:32:04 +0000 (14:32 -0400)]
loader.efi: Fix some arm64 PE metadata
- Mark the file as an executable in the COFF header.
- Provide separate .text and .data sections.
- Provide sane file and section alignment values. These values are the
defaults defined in the PE specification.
- Set appropriate characteristics for each of .text and .data.
This is required for the MS devkit to load our UEFI image.
Kirk McKusick [Mon, 15 May 2023 19:56:27 +0000 (12:56 -0700)]
Fix size differences between architectures of the UFS/FFS CGSIZE macro value.
Reported-by: Tijl Coosemans Tested-by: Tijl Coosemans and Peter Holm Sponsored-by: The FreeBSD Foundation
(cherry picked from commit 0a6e34e950cd5889122a199c34519b67569be9cc)
Dimitry Andric [Tue, 23 May 2023 17:40:36 +0000 (19:40 +0200)]
Update -ftrivial-auto-var-init flags for clang >= 16
As of clang 16, the -ftrivial-auto-var-init=zero option no longer needs
-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
to enable the option. Only add it for older clang versions.
Rick Macklem [Tue, 11 Apr 2023 19:17:09 +0000 (12:17 -0700)]
mount_nfs.8: Update man page for the "syskrb5" option
Commit 896516e54a8c added a new NFS mount option
used for Kerberized NFSv4.1/4.2 mounts. It specifies that
AUTH_SYS be used for state maintenance (also called system)
operations. This allows the mount to be done without the
"gssname" option or a valid Kerberos TGT being held by the
user doing the mount (so it can be specified in fstab(5) for
example).
Rick Macklem [Wed, 29 Mar 2023 00:08:45 +0000 (17:08 -0700)]
nfscl: Make coverity happy
Coverity does not like code that checks a function's
return value sometimes. Add "(void)" in front of the
function when the return value does not matter to try
and make it happy.
A recent commit deleted "(void)"s in front of nfsm_fhtom().
This commit puts them back in.
Rick Macklem [Thu, 16 Mar 2023 22:55:36 +0000 (15:55 -0700)]
nfscl: Add a new NFSv4.1/4.2 mount option for Kerberized mounts
Without this patch, a Kerberized NFSv4.1/4.2 mount must provide
a Kerberos credential for the client at mount time. This credential
is typically referred to as a "machine credential". It can be
created one of two ways:
- The user (usually root) has a valid TGT at the time the mount
is done and this becomes the machine credential.
There are two problems with this.
1 - The user doing the mount must have a valid TGT for a user
principal at mount time. As such, the mount cannot be put
in fstab(5) or similar.
2 - When the TGT expires, the mount breaks.
- The client machine has a service principal in its default keytab
file and this service principal (typically called a host-based
initiator credential) is used as the machine credential.
There are problems with this approach as well:
1 - There is a certain amount of administrative overhead creating
the service principal for the NFS client, creating a keytab
entry for this principal and then copying the keytab entry
into the client's default keytab file via some secure means.
2 - The NFS client must have a fixed, well known, DNS name, since
that FQDN is in the service principal name as the instance.
This patch uses a feature of NFSv4.1/4.2 called SP4_NONE, which
allows the state maintenance operations to be performed by any
authentication mechanism, to do these operations via AUTH_SYS
instead of RPCSEC_GSS (Kerberos). As such, neither of the above
mechanisms is needed.
It is hoped that this option will encourage adoption of Kerberized
NFS mounts using TLS, to provide a more secure NFS mount.
This new NFSv4.1/4.2 mount option, called "syskrb5" must be used
with "sec=krb5[ip]" to avoid the need for either of the above
Kerberos setups to be done by the client.
Note that all file access/modification operations still require
users on the NFS client to have a valid TGT recognized by the
NFSv4.1/4.2 server. As such, this option allows, at most, a
malicious client to do some sort of DOS attack.
Although not required, use of "tls" with this new option is
encouraged, since it provides on-the-wire encryption plus,
optionally, client identity verification via a X.509
certificate provided to the server during TLS handshake.
Alternately, "sec=krb5p" does provide on-the-wire
encryption of file data.
A mount_nfs(8) man page update will be done in a separate commit.
Kristof Provost [Thu, 18 May 2023 19:37:48 +0000 (21:37 +0200)]
pfsync tests: check for the correct IP address
When checking if the state synced over we should look for
198.51.100.254, not 198.51.100.2. The test worked because the incorrect
address is a substring of the correct one, but we should fix it anyway.
Reported by: Naman Sood <naman@freebsdfoundation.org>
MFC after: 1 week
Rick Macklem [Wed, 22 Feb 2023 22:09:15 +0000 (14:09 -0800)]
nfsd.c: Log a more meaningful failure message
For the cases where the nfsd(8) daemon is already running or
has failed to start within a prison due to an incorrect prison
configuration, the failure message logged is:
Can't read stable storage file: operation not permitted
This patch replaces the above with more meaningful messages.
It depends on commit 10dff9da9748 to differentiate between the
above two cases, however even without this commit, the messages
should be an improvement.
Rick Macklem [Wed, 22 Feb 2023 21:19:07 +0000 (13:19 -0800)]
nfsd: Return ENXIO instead of EPERM when nfsd(8) already running
The nfsd(8) daemon generates an error message that does not
indicate that the nfsd daemon is already running when the nfssvc(2)
syscall fails for the NFSSVC_STABLERESTART. Also, the check for
running nfsd(8) in a vnet prison will return EPERM when it fails.
This patch replaces EPERM with ENXIO so that the nfsd(8) daemon
can generate more reasonable failure messages. The nfsd(8) daemon
will be patched in a future commit.
Rick Macklem [Fri, 5 May 2023 22:43:55 +0000 (15:43 -0700)]
nfsd: Fix NFSv3 Readdir/ReaddirPlus reply for large i-node numbers
If the i-node number (d_fileno) for a file on the server did
not fit in 32bits, it would be truncated to the low order 32bits
for the NFSv3 Readdir and ReaddirPlus RPC replies.
This is no longer correct, given that ino_t is now 64bits.
This patch fixes this by sending the full 64bits of d_fileno
on the wire in the NFSv3 Readdir/ReaddirPlus RPC reply.
Rick Macklem [Sat, 17 Dec 2022 21:54:33 +0000 (13:54 -0800)]
jail.8: Update the man page for allow.nfsd
Commit bba7a2e89602 added "allow.nfsd" to optionally allow
mountd/nfsd to be run inside a vnet prison when the kernel
is built with "options VNET_NFSD".