Warner Losh [Fri, 23 Jun 2023 02:51:30 +0000 (20:51 -0600)]
scsi_all.c: Update to latest asc-num.txt at T10
This updates our table to Sat Mar 25 2023 at 04:30 of the T10
asc-num.txt. I added all the codes that weren't present in the tree,
corrected a couple of the 'alphabet' comments about where the ASC/ASCQ
was defined. I did not, however, make the transition that the
asc-num.txt file made (it deleted W between P and R and added Z after D
so the first few letters shifted a bit). I've not removed the 'W' nor
added the 'Z' at this time. I'm looking for some way to do this
automatically. Try to pick reasonable responses for new entries. When in
doubt, I selected SS_RDEF.
Dimitry Andric [Wed, 14 Jun 2023 18:49:59 +0000 (20:49 +0200)]
Merge commit 69d42eef4bec from llvm-project (by Dimitry Andric):
[Clang] Show type in enum out of range diagnostic
When the diagnostic for an out of range enum value is printed, it
currently does not show the actual enum type in question, for example:
v8/src/base/bit-field.h:43:29: error: integer value 7 is outside the valid range of values [0, 3] for this enumeration type [-Wenum-constexpr-conversion]
static constexpr T kMax = static_cast<T>(kNumValues - 1);
^
This can make it cumbersome to find the cause for the problem. Add the
enum type to the diagnostic message, to make it easier.
clang: re-downgrade implicit int/function declarations to warning only
This reapplies upstream commit c0141f3c300f by Aaron Ballman:
Downgrade implicit int and implicit function declaration to warning only
The changes in Clang 15.0.0 which enabled these diagnostics as a
warning which defaulted to an error caused disruption for people
working on distributions such as Gentoo. There was an explicit request
to downgrade these to be warning-only in Clang 15.0.1 with the
expectation that Clang 16 will default the diagnostics to an error.
See
https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
for more details on the discussion.
See https://reviews.llvm.org/D133800 for the public review of these
changes.
As noted in the upstream discussion, there are many programs that fail
to configure or build correctly, if these warnings are turned into
errors by default.
Note that most affected programs in ports are relatively old, and are
unlikely to be fixed by actually adjusting their declarations, but by
compiling with -std=gnu89, which downgrades the errors back to warning
again. Lots of tedious work for very little gain.
Merge commit db492316399a from llvm-project (by Dimitry Andric):
[clang][BFloat] Avoid redefining bfloat16_t in arm_neon.h
As of https://reviews.llvm.org/D79708, clang-tblgen generates `arm_neon.h`,
`arm_sve.h` and `arm_bf16.h`, and all those generated files will contain a
typedef of `bfloat16_t`. However, `arm_neon.h` and `arm_sve.h` include
`arm_bf16.h` immediately before their own typedef:
#include <arm_bf16.h>
typedef __bf16 bfloat16_t;
With a recent version of clang (I used 16.0.1) this results in warnings:
/usr/lib/clang/16/include/arm_neon.h:38:16: error: redefinition of typedef 'bfloat16_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
Since `arm_bf16.h` is very likely supposed to be the one true place where
`bfloat16_t` is defined, I propose to delete the duplicate typedefs from the
generated `arm_neon.h` and `arm_sve.h`.
Merge commit 16949c5c48ab from llvm-project (by Dimitry Andric):
[compiler-rt] Include system headers before optionally defining HWCAP macros
In https://reviews.llvm.org/D141285 the optional definitions of `HWCAP`
macros were moved to before their usage. However, they were also moved
to before the inclusion of system headers which can optionally define
them. If any of those system headers then actually defined any of the
`HWCAP` macros, it would result in a redefinition error.
Move the system header includes to just before the optional definitions,
to avoid this problem.
This matches GNU m4's -G / --traditional option, and although BSD m4 in non-GNU mode is not exactly identical to GNU mode in traditional mode, it's close enough.
Stefan Eßer [Wed, 21 Jun 2023 17:36:39 +0000 (19:36 +0200)]
dev/pci: simplify PCI VPD access functions
This update contains a rewrite of the VPD parser based on the
definition of the structure of the VPD data (ident, R/O resource
data, optional R/W data, end tag).
The parser it replaces was based on a state machine, with the tags
and the parsed data controlling the state changes. The flexibility
of this parser is actually not required, and it has caused kernel
panics when operating on malformed data.
Analysis of the VPD code to make it more robust lead me to believe
that it was easier to write a "strict" parser than to restrict the
flexible state machine to detect and reject non-well-formed data.
A number of restrictions had already been added, but they make the
state machine ever more complex and harder to understand.
This updated parser has been verified to return identical parsed data
as the current implementation for the example VPD data given in the
PCI standard and in some actual PCIe VPD data.
It is strict in the sense that it detects and rejects any deviation
from a well-formed VPD structure.
Not making it explicit that we're printing values in hex can be
misleading when the number doesn't contain hex-only symbols (a-f). A
good example of this is print_gp_register(), where we print "(func +
offset)"; if the offset doesn't contain a-f symbols, it's not
immediately clear if that value is in decimal or hex. Using '%#' instead
of '0x%' also isn't a better option, it doesn't print '0x' if the value
is 0, and it also messes up column alignment.
Reviewed by: imp, markj
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40583
Wei Hu [Wed, 21 Jun 2023 09:31:46 +0000 (09:31 +0000)]
Hyper-V: vmbus: Prevent load/store reordering when access ring buffer index
When running VM on ARM64 Hyper-V, we have seen netvsc/hn driver hit
assert on reading duplicated network completion packets over vmbus
channel or one of the tx channels stalls completely. This seems to
caused by processor reordering the instructions when vmbus driver
reading or updating its channel ring buffer indexes.
Fix this by using load acquire and store release instructions to
enforce the order of these memory accesses.
Michael Tuexen [Wed, 21 Jun 2023 07:03:30 +0000 (09:03 +0200)]
sctp: fix man page for socket option controlling delayed acks
The SCTP_DELAYED_ACK_TIME socket option was replaced by the
SCTP_DELAYED_SACK in the socket API specification in
draft-ietf-tsvwg-sctpsocket-14.
The code was updated in r170056, but the man page was not.
Corvin Köhne [Wed, 21 Jun 2023 06:55:34 +0000 (08:55 +0200)]
Revert "bhyve: add command line parameter and parsing for migration"
Unfortunately, this feature didn't receive much feedback in the past.
However, after committing this, some people came up and complain that
this feature requires some more discussion before upstreaming it.
Additionally, it wasn't a good idea to start this new feature by adding
a new command line parameter as it fixes the user interface.
Cy Schubert [Wed, 31 May 2023 19:20:27 +0000 (12:20 -0700)]
pam_krb5: Fix spoofing vulnerability
An adversary on the network can log in via ssh as any user by spoofing
the KDC. When the machine has a keytab installed the keytab is used to
verify the service ticket. However, without a keytab there is no way
for pam_krb5 to verify the KDC's response and get a TGT with the
password.
If both the password _and_ the KDC are controlled by an adversary, the
adversary can provide a password that the adversary's spoofed KDC will
return a valid tgt for. Currently, without a keytab, pam_krb5 is
vulnerable to this attack.
Reported by: Taylor R Campbell <riastradh@netbsd.org> via emaste@
Reviewed by: so
Approved by: so
Security: FreeBSD-SA-23:04.pam_krb5
Security: CVE-2023-3326
Doug Moore [Wed, 21 Jun 2023 04:52:27 +0000 (23:52 -0500)]
vm_radix: drop unused function; use bool.
Replace boolean_t with bool in vm_radix.c. Drop the unused function
vm_radix_is_singleton, which is unused and has no corresponding
function in subr_pctrie.c.
Reviewed by: alc
Differential Revision: <https://reviews.freebsd.org/D40586>
Ed Maste [Tue, 20 Jun 2023 12:44:22 +0000 (08:44 -0400)]
bfe: add unmaintained / deprecation notice
The bfe (Broadcom BCM4401 10/100 Ethernet) driver has known bugs and no
active maintenance. There have been no changes other than sweeping tree
changes, typo corrections etc. since 2008 a far as I can tell. Add a
note in the man page so that users expectations are correctly set, and
indicate that it may be removed in the future.
I did not add a gone_in() call in the driver itself as there is no
specific target version for removal, and this driver has evidence of
recent use (dmesg, PRs).
PR: 201947, 213751
Reviewed by: brooks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40625
John Baldwin [Tue, 20 Jun 2023 19:38:48 +0000 (12:38 -0700)]
rtld-elf: Mark tls_init_align __unused in free_tls for Variant I TLS.
Some architectures (powerpc and RISC-V) always use 0 for the post TLS
size in which case tls_init_align isn't used by
calculate_tls_post_size. Use __unused to quiet the warning for these
platforms.
Doug Moore [Tue, 20 Jun 2023 16:30:29 +0000 (11:30 -0500)]
radix_trie: eliminate iteration in keydiff
Use flsll(), instead of a loop, to find where two keys differ, and
then arithmetic to transform that to a trie level.
Approved by: alc, markj
Differential Revision: https://reviews.freebsd.org/D40585
John Baldwin [Tue, 20 Jun 2023 16:28:59 +0000 (09:28 -0700)]
bluetooth/ath3kfw: Propagate return value from ath3k_load_fwfile.
The caller ignores the return value so this is a no-op, but
ath3k_init_ar3012 returns the return values of its internal functions,
so this is more consistent.
Mitchell Horne [Tue, 20 Jun 2023 14:52:26 +0000 (11:52 -0300)]
riscv: improve KTR_TRAP trace entries
For more informative records of exceptions, include key details such as
the exception code and stval register contents. Remove the curthread
argument as it is redundant (saved with every ktr entry), and the
trapframe as it is somewhat meaningless.
Add a new KTR_TRAP trace record for interrupts.
Reviewed by: markj, jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40584
John Baldwin [Tue, 20 Jun 2023 14:53:50 +0000 (07:53 -0700)]
ossl: Don't try to initialize the cipher for Chacha20+Poly1305.
Chacha20+Poly1305 doesn't use an ossl_cipher instance the way AES-GCM
does, so ossl_lookup_cipher() failed causing ossl_newsession() to
always fail for Chacha20+Poly1305 sessions.
Reported by: gallatin (ktls_test fails with ossl.ko loaded)
Fixes: 9a3444d91c70 ossl: Add a VAES-based AES-GCM implementation for amd64
Tested by: gallatin
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D40580
Doug Rabson [Tue, 20 Jun 2023 13:01:58 +0000 (14:01 +0100)]
pf: Add code to enable filtering for locally delivered packets
This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use:
Kristof Provost [Mon, 19 Jun 2023 14:41:13 +0000 (16:41 +0200)]
pf tests: make pfsync:defer test more robust
Set the defer timeout to 2.5 seconds, and only make sure that there's at
least a second of delay between the pfsync packet and the ping packet.
The intent is to allow the test to pass even when there's considerable
jitter on the timing measurement (e.g. when the test runs in a VM, such
as during the CI tests).
Kristof Provost [Mon, 19 Jun 2023 14:37:19 +0000 (16:37 +0200)]
pf: allow defer timeout to be configured
Add the net.pfsync.defer_delay sysctl to allow the defer timeout (i.e.
how long pf holds onto packets waiting for the peer to ack the new
state) to be changed.
This is intended to make testing of the defer code more robust, by
allowing longer timeouts to mitigate scheduling/measurement jitter.
Corvin Köhne [Mon, 29 Aug 2022 10:10:44 +0000 (12:10 +0200)]
bhyve/tpm: create crb thread for sending tpm commands
Commands send to a tpm are very slow. They can take up to several
seconds for completion. For that reason, create a thread which issues
the commands to the tpm device.
Corvin Köhne [Thu, 15 Jun 2023 09:12:53 +0000 (11:12 +0200)]
bhyve: maintain RSDT and XSDT by basl
In a subsquent commit the TPM emulation will build it's own TPM2 table.
This needs to be registered to the RSDT and XSDT. Instead of making the
rsdt and xsdt variables global, we can simply add a helper to basl.
Corvin Köhne [Mon, 16 Aug 2021 07:50:15 +0000 (09:50 +0200)]
bhyve: add bootindex option for several devices
The bootindex option creates an entry in the "bootorder" fwcfg file.
This file can be picked up by the guest firmware to determine the
bootorder. Nevertheless, it's not guaranteed that the guest firmware
uses the bootorder. At the moment, our OVMF ignores the bootorder. This
will change in the future.
If guest firmware supports the "bootorder" fwcfg file and no device uses
the bootindex option, the boot order is determined by the firmware
itself. If one or more devices specify a bootindex, the first bootable
device with the lowest bootindex will be booted. It's not garanteed that
devices without a bootindex will be recognized as bootable from the
firmware in that case.
Corvin Köhne [Mon, 16 Aug 2021 07:47:53 +0000 (09:47 +0200)]
bhyve: add helper to create a bootorder
Qemu's fwcfg allows to define a bootorder. Therefore, the hypervisor has
to create a fwcfg item named bootorder, which has a newline seperated
list of boot entries. Qemu's OVMF will pick up the bootorder and applies
it.
Add the moment, bhyve's OVMF doesn't support a custom bootorder by
qemu's fwcfg. However, in the future bhyve will gain support for qemu's
OVMF. Additonally, we can port relevant parts from qemu's to bhyve's
OVMF implementation.
The makeman CI job ensures that all options have description files.
Bring the CI job back to green by adding back WITHOUT_CAPSICUM and
WITHOUT_CASPER description files (that now state the assoicated options
have no effect).
Fixes: c24c117b9644 ("Remove WITHOUT_{CAPSICUM,CASPER} options")
Sponsored by: The FreeBSD Foundation
Colin Percival [Sun, 18 Jun 2023 00:03:56 +0000 (17:03 -0700)]
Remove WITHOUT_{CAPSICUM,CASPER} options
At this point CAPSICUM and CASPER are merely forced on via the newly
added __REQUIRED_OPTIONS list; after stable/14 branches I'll sweep
the tree for MK_{CAPSICUM,CASPER}.
This change will not be MFCed.
Discussed on: freebsd-arch
Differential Revision: https://reviews.freebsd.org/D40592
Colin Percival [Sun, 18 Jun 2023 00:01:52 +0000 (17:01 -0700)]
options/makeman: Handle __REQUIRED_OPTIONS
Teach the code which generates src.conf.5 about __REQUIRED_OPTIONS;
without this change it gets confused and thinks that every option
turns the required options on.
Colin Percival [Sat, 17 Jun 2023 20:08:37 +0000 (13:08 -0700)]
bsd.mkopt.mk: Add REQUIRED_OPTIONS list
Options on this list will be forced to 'yes'. This is intended for use
as a transitional measure when an option is ceasing to be optional,
before all of the associated make logic is removed.