John Baldwin [Wed, 28 Dec 2022 00:00:17 +0000 (16:00 -0800)]
ktls: Post receive errors on partially closed sockets.
If an error such as an invalid record or one whose decryption fails is
detected on a socket that has received a RST then ktls_drop() could
ignore the error since INP_DROPPED could already be set. In this case
soreceive_generic hangs since it does not return from a KTLS socket
with pending encrypted data unless there is an error (so_error) (this
behavior is to ensure that soreceive_generic doesn't return a
premature EOF when there is pending data still being decrypted).
John Baldwin [Thu, 15 Dec 2022 20:06:26 +0000 (12:06 -0800)]
ktls: Close a race with setting so_error when dropping a connection.
pr_abort calls tcp_usr_abort which calls tcp_drop with ECONNABORTED.
After pr_abort returns, the so_error is then set to a more specific
error. However, a reader can observe and return the ECONNABORTED
error before so_error is set to the desired error value. This is
resulting in spurious test failures of recently added tests for
invalid conditions such as invalid headers.
To fix, refactor the code to abort a connection to call tcp_drop
directly with the desired error value. ktls_reset_send_tag already
calls tcp_drop directly when it aborts a connection due to an error.
John Baldwin [Wed, 16 Nov 2022 03:18:58 +0000 (19:18 -0800)]
libfetch: Pass a zeroed digest to DigestCalcResponse.
GCC 12 warns that passing "" (a constant of char[1]) to a parameter of
type char[33] could potentially overread. It is not clear from the
context that c->qops can never be "auth-int" (and if it can't, then
the "auth-int" handling in DigestCalcResponse is dead code that should
be removed since this is the only place the function is called).
John Baldwin [Wed, 16 Nov 2022 03:17:36 +0000 (19:17 -0800)]
diff: Don't (ab)use sprintf() as a kind of strcat().
Previously print_header() used sprintf() of a buffer to itself as a
kind of string builder but without checking for overflows. This
raised -Wformat-truncation and -Wrestrict warnings in GCC. Instead,
just conditionally print the new timestamp fields after the initial
strftime()-formatted string. While here, use sizeof(buf) with
strftime() rather than a magic number.
John Baldwin [Wed, 16 Nov 2022 03:16:50 +0000 (19:16 -0800)]
diff: Don't treat null characters like carriage returns in readhash().
The implicit fall-through in the !D_FORCEASCII case caused null
characters to be treated as carriage returns honoring the D_STRIPCR,
D_FOLDBLANKS, and D_IGNOREBLANKS flags.
Reported by: GCC -Wimplicit-fallthrough
Reviewed by: bapt
Fixes: 3cbf98e2bee9 diff: read whole files to determine if they are ASCII text
Differential Revision: https://reviews.freebsd.org/D36813
John Baldwin [Tue, 15 Nov 2022 20:02:57 +0000 (12:02 -0800)]
ktls_ocf: Reject encrypted TLS records using AEAD that are too small.
If a TLS record is too small to contain the required explicit IV,
record_type (TLS 1.3), and MAC, reject attempts to decrypt it with
EMSGSIZE without submitting it to OCF. OCF drivers may not properly
detect that regions in the crypto request are outside the bounds of
the mbuf chain. The caller isn't supposed to submit such requests.
John Baldwin [Thu, 21 Apr 2022 20:52:48 +0000 (13:52 -0700)]
psm: Swap the unit member in the softc for a device_t.
This entails various changes to make this driver more "modern"
(new-bus vs pre-new-bus) using device_log() and device_printf() rather
than psm%d. It also fixes the device_busy/unbusy calls to use sc->dev
directly rather than looking the device_t up via the devclass and
unit.
John Baldwin [Thu, 3 Feb 2022 18:48:18 +0000 (10:48 -0800)]
iwlwifi: Disable -Wformat when building with GCC.
GCC's -Wformat complains about NULL format strings passed to
iwl_fw_dbg_collect_trig (though the function handles NULL format
strings). Curious that upstream iwlwifi in Linux is built with GCC
and explicitly opts into this warning via the __printf() attribute.
Gleb Smirnoff [Sat, 4 Dec 2021 18:05:46 +0000 (10:05 -0800)]
nhop: hash ifnet pointer instead of if_index
Yet another problem created by VIMAGE/if_vmove/epair design that
relocates ifnet between vnets and changes if_index. Since if_index
changes, nhop hash values also changes, unlink_nhop() isn't able to
find entry in hash and leaks the nhop. Since nhop references ifnet,
the latter is also leaked. As result running network tests leaks
memory on every single test that creates vnet jail.
While here, rewrite whole hash_priv() to use static initializer,
per Alexander's suggestion.
The current cloning KPI does not provide a way of creating interfaces
with parameres from within kernel. The reason is that those parameters
are passed as an opaque pointer and it is not possible to specify whether
this pointer references kernel-space or user-space.
Instead of just adding a flag, generalise the KPI to simplify the
extension process. Unify current notion of `SIMPLE` and `ADVANCED` users
by leveraging newly-added IFC_C_AUTOUNIT flag to automatically pick
unit number, which is a primary feature of the "SIMPLE" KPI.
Use extendable structures everywhere instead of passing function
pointers or parameters.
Isolate all parts of the oldKPI under `CLONE_COMPAT_13` so it can be safely
merged back to 13. Old KPI will be removed after the merge.
Some existing applications setup Netlink socket with
SOCK_DGRAM instead of SOCK_RAW. Update the manpage to clarify
that the default way of creating the socket should be with
SOCK_RAW. Update the code to support both SOCK_RAW and SOCK_DGRAM.
netlink: fix compatibility with older netlink applications.
Some apps try to provide only the non-zero part of the required message
header instead of the full one. It happens when fetching routes or
interface addresses, where the first header byte is the family.
This behavior is "illegal" under the "strict" Netlink socket option,
however there are many applications out there doing things in the
"old" way.
Support this usecase by copying the provided bytes into the temporary
zero-filled header and running the parser on this header instead.
Output the proper attributes for IPv4/IPvv6 ifaddrs:
* IFA_ADDRESS contains local address in every case except p2p,
in that case it contains the peer address
* IFA_LOCAL contains local address. It is always present in IPv4,
or in IPv6/p2p.
* IFA_BROADCAST contains the network broadcast address (if any)
Reported by: Adam Wood <aswood@gmail.com>
Tested by: Adam Wood <aswood@gmail.com>
It was broken by 89ffac3b01fb3f6749799ac67b7d94056a36778e,
which added "cleanup" method to the base test class,
resulting in reporting cleanup for all of the tests.
testing: allow custom test cleanup handlers in pytest
In order to provide more flexibility for the test writers,
add per-test-method cleanups in addition to the per-class cleanups.
Now the test 'test_one' can perform cleanup by either defining
per-class 'cleanup' method (typically used in VNET classes) and
per-test method 'cleanup_test_one'. The latter has preference.
In order to handle paramatrization, testid is passed as a single
argument to both of the methods.
* Derive jail name from class name and method name, instead of just
method name. This change reduces the chances of different tests
clashing.
Old: 'jail_test_one'. New: 'pytest:TestExampleSimplest:test_one'
* Simplify vnetX_handler() method signature by skipping obj_map (unused)
and pipe. The latter can be accessed as the vnet property.
* Add `send_object()` method as a pair to the `wait_object` inside the
VnetTestTemplate class.
* Add `test_id` property to the BaseTest method. Previously it was
provided only for the VnetTestTemplate class. This change makes
the identifier easily accessible for all users.
* Separate interface creation from interface modification code
* Support setting some interface attributes (ifdescr, mtu, up/down, promisc)
* Improve interaction with the cloners requiring to parse/write custom
interface attributes
* Add bitmask-based way of checking if the attribute is present in the
message
* Don't use multipart RTM_GETLINK replies when searching for the
specific interface names
* Use ENODEV instead of ENOENT in case of failed RTM_GETLINK search
* Add python netlink test helpers
* Add some netlink interface tests
netlink: add interface notification on link status / flags change.
* Add link-state change notifications by subscribing to ifnet_link_event.
In the Linux netlink model, link state is reported in 2 places: first is
the IFLA_OPERSTATE, which stores state per RFC2863.
The second is an IFF_LOWER_UP interface flag. As many applications rely
on the latter, reserve 1 bit from if_flags, named as IFF_NETLINK_1.
This flag is mapped to IFF_LOWER_UP in the netlink headers. This is done
to avoid making applications think this flag is actually
supported / presented in non-netlink outputs.
* Add flag change notifications, by hooking into rt_ifmsg().
In the netlink model, notification should include the bitmask for the
change flags. Update rt_ifmsg() to include such bitmask.
Store user-supplied source protocol in the nexthops and nexthop groups.
Protocol specification help routing daemons like bird to quickly
identify self-originated routes after the crash or restart.
Example:
```
10.2.0.0/24 via 10.0.0.2 dev vtnet0 proto bird
10.3.0.0/24 proto bird
nexthop via 10.0.0.2 dev vtnet0 weight 3
nexthop via 10.0.0.3 dev vtnet0 weight 4
```
netlink: suppress sending NLMSG_ERROR if NLMSG_DONE is already sent
Netlink has a confirmation/error reporting mechanism for the sent
messages. Kernel explicitly acks each messages if requested (NLM_F_ACK)
or if message processing results in an error.
Similarly, for multipart messages - typically dumps, where each message
represents a single object like an interface or a route - another
message, NLMSG_DONE is used to indicate the end of dump and the
resulting status.
As a result, successfull dump ends with both NLMSG_DONE and NLMSG_ERROR
messages.
RFC 3549 does not say anything specific about such case.
Linux adopted an optimisation which suppresses NLMSG_ERROR message
when NLMSG_DONE is already sent. Certain libraries/applications like
libnl depends on such behavior.
Suppress sending NLMSG_ERROR if NLMSG_DONE is already sent, by
setting newly-added 'suppress_ack' flag in the writer and checking
this flag when generating ack.
This change restores libnl compatibility.
Before:
```
~ nl-link-list
Error: Unable to allocate link cache: Message sequence number mismatch
````
Ed Maste [Thu, 27 Oct 2022 14:49:51 +0000 (10:49 -0400)]
netlink: use (void) for function definitions with no arguments
For some of these Clang produced a warning that "a function declaration
without a prototype is deprecated in all versions of C". In other cases
the function defintion used () which did not match the header
declaration, which used (void).
Netlinks is a communication protocol currently used in Linux kernel to modify,
read and subscribe for nearly all networking state. Interfaces, addresses, routes,
firewall, fibs, vnets, etc are controlled via netlink.
It is async, TLV-based protocol, providing 1-1 and 1-many communications.
The current implementation supports the subset of NETLINK_ROUTE
family. To be more specific, the following is supported:
* Dumps:
- routes
- nexthops / nexthop groups
- interfaces
- interface addresses
- neighbors (arp/ndp)
* Notifications:
- interface arrival/departure
- interface address arrival/departure
- route addition/deletion
* Modifications:
- adding/deleting routes
- adding/deleting nexthops/nexthops groups
- adding/deleting neghbors
- adding/deleting interfaces (basic support only)
* Rtsock interaction
- route events are bridged both ways
The implementation also supports the NETLINK_GENERIC family framework.
Implementation notes:
Netlink is implemented via loadable/unloadable kernel module,
not touching many kernel parts.
Each netlink socket uses dedicated taskqueue to support async operations
that can sleep, such as interface creation. All message processing is
performed within these taskqueues.
Compatibility:
Most of the Netlink data models specified above maps to FreeBSD concepts
nicely. Unmodified ip(8) binary correctly works with
interfaces, addresses, routes, nexthops and nexthop groups. Some
software such as net/bird require header-only modifications to compile
and work with FreeBSD netlink.
Mitchell Horne [Wed, 11 Jan 2023 18:06:24 +0000 (14:06 -0400)]
dtrace: correct the aframes value for fbt provider
Set the number of artificial frames to 5:
1. cpu_exception_handler_supervisor()
2. do_trap_supervisor()
3. dtrace_invop_start()
4. dtrace_invop()
5. fbt_invop()
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37663
Mitchell Horne [Wed, 11 Jan 2023 18:06:17 +0000 (14:06 -0400)]
dtrace: correct profile aframes value for riscv
Experimentation shows this is the correct value; the dtrace/interrupt
handler frames are omitted, while the backtrace of the active thread is
recorded in its entirety.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37662
Mitchell Horne [Wed, 11 Jan 2023 18:06:02 +0000 (14:06 -0400)]
dtrace: dtrace_getpcstack() tweaks for riscv
Backtraces for fbt probes are missing the caller's frame. Despite what
the inherited comment claims, we do need to insert this manually on
riscv. In fbt_invop(), set cpu_dtrace_caller to be the return address,
not addr.
We should not increment aframes within this function, since we begin the
main loop by unwinding past the current frame.
Plus some very small comment/style tweaks.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37661
Mark Johnston [Mon, 16 Jan 2023 13:03:20 +0000 (08:03 -0500)]
atomic: Remove cdefs.h includes from atomic_*.h
Avoid including cdefs.h in system headers. Both headers now include
types.h, and we can assume that that pulls in cdefs.h (required for
__typeof usage in some of the atomic macro expansions).
Mark Johnston [Wed, 4 Jan 2023 02:47:52 +0000 (10:47 +0800)]
atomic: Make atomic_san.h self-contained
This file assumes that uint*_t and __typeof() are defined, so ensure
that consumers don't have to pull in the requisite includes themselves.
This is consistent with sys/atomic_common.h.
Franco Fichtner [Fri, 16 Dec 2022 15:27:18 +0000 (10:27 -0500)]
debugnet: remove spurious message on boot
In non-INVARIANTS kernels, hide the warning message printed by debugnet
when an interface MTU is configured or link state changes, and debugnet
cannot infer the number of mbuf clusters to reserve. The warning isn't
really actionable and mostly serves to confuse users.
The Windows Dev Kit 2023 (Volterra) has an UEFI implementation that maps
EfiLoaderData pages as non-executable. Map the kernel as EfiLoaderCode
to ensure that it can be executed.
With this change and another in review, FreeBSD boots to the mountroot
prompt if hw.pac.enable = 0 is set in loader.conf(5).
Reviewed by: andrew, imp, tsoome
Sponsored by: Berliner Linux User Group e.V.
Sponsored by: spline / FU-Berlin
Differential Revision: https://reviews.freebsd.org/D37931
Andrew Turner [Wed, 4 Jan 2023 12:33:08 +0000 (12:33 +0000)]
Check for more XHCI ACPI IDs
The Windows Dev Kit 2023 uses the XHCI-compliant USB controller without
standard debug ID in its ACPI tables. Check for both ID values found
on [1] in the XHCI ACPI attachment.
Andrew Turner [Mon, 19 Dec 2022 13:42:44 +0000 (13:42 +0000)]
Add support for the new Arm Generic UART _HID
Historically the ACPI _HID for both the Arm PL011 and Generic UARTs
was ARMH0011. In the Arm Base Boot Requirements 2.0 the Generic UART
_HID is changed to ARMHB000. Use this new value in the PL011 driver
where we support both UART types.
This has been observed in some recent EDK2 builds.
Andrew Turner [Fri, 11 Nov 2022 08:55:59 +0000 (08:55 +0000)]
Add support for an array of hwresets
In some drivers we need to assert and deassert a group of hardware
resets in any order. To support this add a new hwreset_array that
manages all hwresets defined for a device.
Reviewed by: bz, manu, mmel
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37357
Andrew Turner [Mon, 31 Oct 2022 15:08:26 +0000 (15:08 +0000)]
Split out the arm64 EL2 exception vectors
These were originally in locore.S as they are only needed so we have
a valid value to put into the vbar_el2 register. As these will soon
be used by bhyve so move them to a new file as we already have with
the EL1 exception vectors in exception.S.
Obtained from: https://github.com/FreeBSD-UPB/freebsd-src (earlier version)
Sponsored by: Innovate UK
Sponsored by: The FreeBSD Foundation
Andrew Turner [Mon, 14 Nov 2022 15:48:43 +0000 (15:48 +0000)]
Add the arch field to the arm64 MIDR macros
For completeness add accessors for the MIDR field. As the field is
always 0xf on arm64 it is unneeded in the current MICR handling, but
will be used in the vmm module for bhyve.
Obtained from: https://github.com/FreeBSD-UPB/freebsd-src (earlier version)
Sponsored by: The FreeBSD Foundation
Andrew Turner [Mon, 7 Nov 2022 11:21:42 +0000 (11:21 +0000)]
Disable superpage use for stage 2 arm64 mappings
When modifying a stage 2 mapping we may need to call into the
hypervisor to invalidate the TLB. Until it is known if the cost of
this operation is less than the performance gains superpages offers
disable their use.
Reviewed by: kib. markj
Sponsored by: Innovate UK
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37299
Andrew Turner [Tue, 4 Oct 2022 11:46:24 +0000 (12:46 +0100)]
Clear the indirect flag in the GICv3 ITS driver
Summary:
The indirect flag tells the hardware to use a flat or two level table.
As we only support using the flat table ensure the flag that marks
which is in use is set correctly.
We can't rely on this being set correctly as some firmware may set the
indirect flag, e.g. booting from LinuxBoot.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36873