Stefan Eßer [Wed, 21 Jun 2023 17:36:39 +0000 (19:36 +0200)]
dev/pci: simplify PCI VPD access functions
This update contains a rewrite of the VPD parser based on the
definition of the structure of the VPD data (ident, R/O resource
data, optional R/W data, end tag).
The parser it replaces was based on a state machine, with the tags
and the parsed data controlling the state changes. The flexibility
of this parser is actually not required, and it has caused kernel
panics when operating on malformed data.
Analysis of the VPD code to make it more robust lead me to believe
that it was easier to write a "strict" parser than to restrict the
flexible state machine to detect and reject non-well-formed data.
A number of restrictions had already been added, but they make the
state machine ever more complex and harder to understand.
This updated parser has been verified to return identical parsed data
as the current implementation for the example VPD data given in the
PCI standard and in some actual PCIe VPD data.
It is strict in the sense that it detects and rejects any deviation
from a well-formed VPD structure.
Not making it explicit that we're printing values in hex can be
misleading when the number doesn't contain hex-only symbols (a-f). A
good example of this is print_gp_register(), where we print "(func +
offset)"; if the offset doesn't contain a-f symbols, it's not
immediately clear if that value is in decimal or hex. Using '%#' instead
of '0x%' also isn't a better option, it doesn't print '0x' if the value
is 0, and it also messes up column alignment.
Reviewed by: imp, markj
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40583
Wei Hu [Wed, 21 Jun 2023 09:31:46 +0000 (09:31 +0000)]
Hyper-V: vmbus: Prevent load/store reordering when access ring buffer index
When running VM on ARM64 Hyper-V, we have seen netvsc/hn driver hit
assert on reading duplicated network completion packets over vmbus
channel or one of the tx channels stalls completely. This seems to
caused by processor reordering the instructions when vmbus driver
reading or updating its channel ring buffer indexes.
Fix this by using load acquire and store release instructions to
enforce the order of these memory accesses.
Michael Tuexen [Wed, 21 Jun 2023 07:03:30 +0000 (09:03 +0200)]
sctp: fix man page for socket option controlling delayed acks
The SCTP_DELAYED_ACK_TIME socket option was replaced by the
SCTP_DELAYED_SACK in the socket API specification in
draft-ietf-tsvwg-sctpsocket-14.
The code was updated in r170056, but the man page was not.
Corvin Köhne [Wed, 21 Jun 2023 06:55:34 +0000 (08:55 +0200)]
Revert "bhyve: add command line parameter and parsing for migration"
Unfortunately, this feature didn't receive much feedback in the past.
However, after committing this, some people came up and complain that
this feature requires some more discussion before upstreaming it.
Additionally, it wasn't a good idea to start this new feature by adding
a new command line parameter as it fixes the user interface.
Cy Schubert [Wed, 31 May 2023 19:20:27 +0000 (12:20 -0700)]
pam_krb5: Fix spoofing vulnerability
An adversary on the network can log in via ssh as any user by spoofing
the KDC. When the machine has a keytab installed the keytab is used to
verify the service ticket. However, without a keytab there is no way
for pam_krb5 to verify the KDC's response and get a TGT with the
password.
If both the password _and_ the KDC are controlled by an adversary, the
adversary can provide a password that the adversary's spoofed KDC will
return a valid tgt for. Currently, without a keytab, pam_krb5 is
vulnerable to this attack.
Reported by: Taylor R Campbell <riastradh@netbsd.org> via emaste@
Reviewed by: so
Approved by: so
Security: FreeBSD-SA-23:04.pam_krb5
Security: CVE-2023-3326
Doug Moore [Wed, 21 Jun 2023 04:52:27 +0000 (23:52 -0500)]
vm_radix: drop unused function; use bool.
Replace boolean_t with bool in vm_radix.c. Drop the unused function
vm_radix_is_singleton, which is unused and has no corresponding
function in subr_pctrie.c.
Reviewed by: alc
Differential Revision: <https://reviews.freebsd.org/D40586>
Ed Maste [Tue, 20 Jun 2023 12:44:22 +0000 (08:44 -0400)]
bfe: add unmaintained / deprecation notice
The bfe (Broadcom BCM4401 10/100 Ethernet) driver has known bugs and no
active maintenance. There have been no changes other than sweeping tree
changes, typo corrections etc. since 2008 a far as I can tell. Add a
note in the man page so that users expectations are correctly set, and
indicate that it may be removed in the future.
I did not add a gone_in() call in the driver itself as there is no
specific target version for removal, and this driver has evidence of
recent use (dmesg, PRs).
PR: 201947, 213751
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40625
John Baldwin [Tue, 20 Jun 2023 19:38:48 +0000 (12:38 -0700)]
rtld-elf: Mark tls_init_align __unused in free_tls for Variant I TLS.
Some architectures (powerpc and RISC-V) always use 0 for the post TLS
size in which case tls_init_align isn't used by
calculate_tls_post_size. Use __unused to quiet the warning for these
platforms.
Doug Moore [Tue, 20 Jun 2023 16:30:29 +0000 (11:30 -0500)]
radix_trie: eliminate iteration in keydiff
Use flsll(), instead of a loop, to find where two keys differ, and
then arithmetic to transform that to a trie level.
Approved by: alc, markj
Differential Revision: https://reviews.freebsd.org/D40585
John Baldwin [Tue, 20 Jun 2023 16:28:59 +0000 (09:28 -0700)]
bluetooth/ath3kfw: Propagate return value from ath3k_load_fwfile.
The caller ignores the return value so this is a no-op, but
ath3k_init_ar3012 returns the return values of its internal functions,
so this is more consistent.
Mitchell Horne [Tue, 20 Jun 2023 14:52:26 +0000 (11:52 -0300)]
riscv: improve KTR_TRAP trace entries
For more informative records of exceptions, include key details such as
the exception code and stval register contents. Remove the curthread
argument as it is redundant (saved with every ktr entry), and the
trapframe as it is somewhat meaningless.
Add a new KTR_TRAP trace record for interrupts.
Reviewed by: markj, jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40584
John Baldwin [Tue, 20 Jun 2023 14:53:50 +0000 (07:53 -0700)]
ossl: Don't try to initialize the cipher for Chacha20+Poly1305.
Chacha20+Poly1305 doesn't use an ossl_cipher instance the way AES-GCM
does, so ossl_lookup_cipher() failed causing ossl_newsession() to
always fail for Chacha20+Poly1305 sessions.
Reported by: gallatin (ktls_test fails with ossl.ko loaded)
Fixes: 9a3444d91c70 ossl: Add a VAES-based AES-GCM implementation for amd64
Tested by: gallatin
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D40580
Doug Rabson [Tue, 20 Jun 2023 13:01:58 +0000 (14:01 +0100)]
pf: Add code to enable filtering for locally delivered packets
This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use:
Kristof Provost [Mon, 19 Jun 2023 14:41:13 +0000 (16:41 +0200)]
pf tests: make pfsync:defer test more robust
Set the defer timeout to 2.5 seconds, and only make sure that there's at
least a second of delay between the pfsync packet and the ping packet.
The intent is to allow the test to pass even when there's considerable
jitter on the timing measurement (e.g. when the test runs in a VM, such
as during the CI tests).
Kristof Provost [Mon, 19 Jun 2023 14:37:19 +0000 (16:37 +0200)]
pf: allow defer timeout to be configured
Add the net.pfsync.defer_delay sysctl to allow the defer timeout (i.e.
how long pf holds onto packets waiting for the peer to ack the new
state) to be changed.
This is intended to make testing of the defer code more robust, by
allowing longer timeouts to mitigate scheduling/measurement jitter.
Corvin Köhne [Mon, 29 Aug 2022 10:10:44 +0000 (12:10 +0200)]
bhyve/tpm: create crb thread for sending tpm commands
Commands send to a tpm are very slow. They can take up to several
seconds for completion. For that reason, create a thread which issues
the commands to the tpm device.
Corvin Köhne [Thu, 15 Jun 2023 09:12:53 +0000 (11:12 +0200)]
bhyve: maintain RSDT and XSDT by basl
In a subsquent commit the TPM emulation will build it's own TPM2 table.
This needs to be registered to the RSDT and XSDT. Instead of making the
rsdt and xsdt variables global, we can simply add a helper to basl.
Corvin Köhne [Mon, 16 Aug 2021 07:50:15 +0000 (09:50 +0200)]
bhyve: add bootindex option for several devices
The bootindex option creates an entry in the "bootorder" fwcfg file.
This file can be picked up by the guest firmware to determine the
bootorder. Nevertheless, it's not guaranteed that the guest firmware
uses the bootorder. At the moment, our OVMF ignores the bootorder. This
will change in the future.
If guest firmware supports the "bootorder" fwcfg file and no device uses
the bootindex option, the boot order is determined by the firmware
itself. If one or more devices specify a bootindex, the first bootable
device with the lowest bootindex will be booted. It's not garanteed that
devices without a bootindex will be recognized as bootable from the
firmware in that case.
Corvin Köhne [Mon, 16 Aug 2021 07:47:53 +0000 (09:47 +0200)]
bhyve: add helper to create a bootorder
Qemu's fwcfg allows to define a bootorder. Therefore, the hypervisor has
to create a fwcfg item named bootorder, which has a newline seperated
list of boot entries. Qemu's OVMF will pick up the bootorder and applies
it.
Add the moment, bhyve's OVMF doesn't support a custom bootorder by
qemu's fwcfg. However, in the future bhyve will gain support for qemu's
OVMF. Additonally, we can port relevant parts from qemu's to bhyve's
OVMF implementation.
The makeman CI job ensures that all options have description files.
Bring the CI job back to green by adding back WITHOUT_CAPSICUM and
WITHOUT_CASPER description files (that now state the assoicated options
have no effect).
Fixes: c24c117b9644 ("Remove WITHOUT_{CAPSICUM,CASPER} options")
Sponsored by: The FreeBSD Foundation
Colin Percival [Sun, 18 Jun 2023 00:03:56 +0000 (17:03 -0700)]
Remove WITHOUT_{CAPSICUM,CASPER} options
At this point CAPSICUM and CASPER are merely forced on via the newly
added __REQUIRED_OPTIONS list; after stable/14 branches I'll sweep
the tree for MK_{CAPSICUM,CASPER}.
This change will not be MFCed.
Discussed on: freebsd-arch
Differential Revision: https://reviews.freebsd.org/D40592
Colin Percival [Sun, 18 Jun 2023 00:01:52 +0000 (17:01 -0700)]
options/makeman: Handle __REQUIRED_OPTIONS
Teach the code which generates src.conf.5 about __REQUIRED_OPTIONS;
without this change it gets confused and thinks that every option
turns the required options on.
Colin Percival [Sat, 17 Jun 2023 20:08:37 +0000 (13:08 -0700)]
bsd.mkopt.mk: Add REQUIRED_OPTIONS list
Options on this list will be forced to 'yes'. This is intended for use
as a transitional measure when an option is ceasing to be optional,
before all of the associated make logic is removed.
Warner Losh [Mon, 19 Jun 2023 20:52:58 +0000 (14:52 -0600)]
camcontrol: Include stdbool.h rather than relying on namespace pollution
I have several environments, and at least one of them fails to build
because bool is undefined. Since we use bool, always include stdbool.h
rather than relying on any indirect definitions to pull it in.
Warner Losh [Mon, 19 Jun 2023 20:43:37 +0000 (14:43 -0600)]
camcontrol: In defects make -S actually imply 12-byte command
camcontrol(8) says that -S to start at a different offset implies that
we're using the 12 byte command. But really, we're using the 10-byte
command. Fix this by setting use_12byte for -S.
Warner Losh [Mon, 19 Jun 2023 20:43:30 +0000 (14:43 -0600)]
camcontrol: simplify summary logic for defects
We don't need to count the number of lists requested. Instead, use the
more general form of checking to see if any of the non-defect format
bits are set. Also, check summary boolean to control summary reporting
behavior.
Warner Losh [Mon, 19 Jun 2023 20:43:12 +0000 (14:43 -0600)]
camcontrol: No need to set CAM_ARG_[PG]LIST in defects
We can or in the the list_format bits directly if we or in the
list_format when we look it up the first time. Free up CAM_ARG_[PG]LIST
from the CAM_ARG_xxx enum.
Sponsored by: Netflix
Reviewed by: mav (I made his suggested change)
Differential Revision: https://reviews.freebsd.org/D40523
Warner Losh [Mon, 19 Jun 2023 20:43:05 +0000 (14:43 -0600)]
camcontrol: Simplfiy 12-byte retry logic in defects command
We always start out using the 10-byte version of READ DEFECT DATA, and
then switch to 12-byte when necessary due to errors or data length
requirements. We always need to get the length again when we do this,
and we're always going to be using 12-byte commands from that point
forward. Simplify the logic a bit based on this observation.
Mark Johnston [Mon, 19 Jun 2023 19:46:32 +0000 (15:46 -0400)]
bhyve: Refactor vmexit_suspend() a bit
Move some of its logic into fbsdrun_deletecpu(). This makes it easier
to split vmexit handlers into a separate file, which in turn makes
landing arm64 support easier. Also increase the scope of the mutex and
use it to synchronize updates to the vcpu mask. No functional change
intended.
Mark Johnston [Mon, 19 Jun 2023 19:46:02 +0000 (15:46 -0400)]
bhyve: Register hlt and pause vmexit handlers unconditionally
These exit handlers might not be used if the corresponding VM
capabilities are not set, but there is no harm in putting them into the
handler table regardless. Doing so simplifies initialization code,
makes it easier to split vmexit handlers into a separate file, and lets
us declare the handler table as const.
Dimitry Andric [Mon, 19 Jun 2023 18:32:40 +0000 (20:32 +0200)]
Apply llvm fix for hanging gcc builds on 32-bit arm
Merge commit 962c306a11d0 from llvm-project (by Florian Hahn):
[LV] Don't consider pointer as uniform if it is also stored.
Update isVectorizedMemAccessUse to also check if the pointer is stored.
This prevents LV to incorrectly consider a pointer as uniform if it is
used as both pointer and stored by the same StoreInst.
Fixes #61396.
PR: 271992
Reported by: John F. Carr <jfc@mit.edu>
MFC after: 3 days
John Baldwin [Mon, 19 Jun 2023 17:38:18 +0000 (10:38 -0700)]
ifconfig: Pacify a sign comparison warning in regdomain_sort.
Both ic_flags values are unsigned (uint32_t), so cast them to a signed
int to generate a signed result. Both ic_req values are also
unsigned, but since they are uint16_t, they are implicitly promited to
int before the subtraction.
John Baldwin [Mon, 19 Jun 2023 17:37:52 +0000 (10:37 -0700)]
ifconfig: Avoid issues with trying to negate unsigned values.
The if_flags and if_cap fields hold a bitmask of flags. If a flag is
the MSB of the field, then the logic in setifflags and setifcap which
uses a < 0 check does the wrong thing (it tries to clear the flag
rather than setting it). Also, trying to use -<FOO> doesn't actually
work as the result is a nop. To fix, stop overloading setifcap and
setifflags and instead add new dedicated action functions clearifcap
and clearifflags for clearing a flag. The value passed in the
argument to the command is now always the raw flag.
This was reported by a GCC warning after raising WARNS:
sbin/ifconfig/ifconfig.c:2061:33: error: integer overflow in expression '-2147483648' of type 'int' results in '-2147483648' [-Werror=overflow]
2061 | DEF_CMD("-txtlsrtlmt", -IFCAP_TXTLS_RTLMT, setifcap),
| ^
Ed Maste [Mon, 19 Jun 2023 01:37:06 +0000 (21:37 -0400)]
seq: fix check for rounding error/truncation
Based on OpenBSD 30f0fd29ba6c:
> We need to compare the printable version of the last value displayed,
> not the floating point representation. Otherwise, we may print the
> last value twice.
PR: 271964
Reported by: Daniel Kolesa
Reviewed by: yuripv
Obtained from: OpenBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40601