Rick Macklem [Sun, 29 Nov 2020 23:23:08 +0000 (23:23 +0000)]
MFC: r367423
Add support for the new mountd -R option.
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.
This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.
Rick Macklem [Sun, 29 Nov 2020 01:22:30 +0000 (01:22 +0000)]
MFC: r367026
Add "-R" option to tell mountd to not register with rpcbind.
rpcbind is now considered a security risk for some sites.
Since an NFSv4 only NFS server does not need rpcbind,
it makes sense to have an option that implements this.
This patch adds a "-R" option that disables the Mount
protocol (not used by NFSv4) and does not register
with rpcbind.
Changes are required to /etc/rc.d/mountd and /etc/rc.d/nfsd.
Those will be in a separate commit.
Alan Somers [Thu, 26 Nov 2020 23:35:13 +0000 (23:35 +0000)]
MFC r365956:
fsx: fix build with WARNS=6
* signed/unsigned comparisons
* use standard warn(3)
* Suppress warnings about local vars and funcs not declared static
* const-correctness
* declaration shadows a variable in the global scope
Alan Somers [Thu, 26 Nov 2020 23:34:02 +0000 (23:34 +0000)]
MFC r365910:
fix integer underflow in getgrnam_r and getpwnam_r
Sometimes nscd(8) will return a 1-byte buffer for a nonexistent entry. This
triggered an integer underflow in grp_unmarshal_func, causing getgrnam_r to
return ERANGE instead of 0.
Fix the user's buffer size check, and add a correct check for a too-small
nscd buffer.
Marcin Wojtas [Wed, 25 Nov 2020 03:24:43 +0000 (03:24 +0000)]
MFC: Merge ENA v2.3.0 driver
r367805 Update ENA driver version to v2.3.0
r367803 Rename descriptions of the supported ENA devices
r367802 Add ENI metrics for the ENA driver
r367801 Add SPDX license tag to the ENA driver files
r367800 Add Rx offsets support for the ENA driver
r367799 Adjust ENA driver files to latest ena-com changes
r367795 Fix completion descriptors alignment for the ENA
Alexander Motin [Tue, 24 Nov 2020 13:17:12 +0000 (13:17 +0000)]
MFC r367044: Introduce support of SCSI Command Priority.
SAM-3 specification introduced concept of Task Priority, that was renamed
to Command Priority in SAM-4, and supported by all modern SCSI transports.
It provides 15 levels of relative priorities: 1 - highest, 15 - lowest and
0 - default. SAT specification for SATA devices translates priorities 1-3
into NCQ high priority.
This change adds new "priority" field into empty spots of struct ccb_scsiio
and struct ccb_accept_tio of CAM and struct ctl_scsiio of CTL. Respective
support is added into iscsi(4), isp(4), mpr(4), mps(4) and ocs_fc(4) drivers
for both initiator and where applicable target roles. Minimal support was
added to CTL to receive the priority value from different frontends, pass it
between HA controllers and report in few places.
This patch does not add consumers of this functionality, so nothing should
really change yet, since the field is still set to 0 (default) on initiator
and not actively used on target. Those are to be implemented separately.
I've confirmed priority working on WD Red SATA disks connected via mpr(4)
and properly transferred to CTL target via iscsi(4), isp(4) and ocs_fc(4).
While there, added missing tag_action support to ocs_fc(4) initiator role.
Navdeep Parhar [Tue, 24 Nov 2020 00:17:05 +0000 (00:17 +0000)]
MFC r366929 and r367608.
r366929:
cxgbe(4): fix the size of the iq/eq maps.
The firmware can allocate ingress and egress context ids anywhere from
its configured range. Size the iq/eq maps to match the entire range
instead of assuming that the firmware always allocates the first
available context id.
Reported by: Baptiste Wicht @ Verisign
r367608:
cxgbev(4): Make sure that the iq/eq map sizes are correct for VFs.
Navdeep Parhar [Mon, 23 Nov 2020 23:53:21 +0000 (23:53 +0000)]
MFC r366532 and r366862.
r366532:
cxgbe(4): knobs to drop various kinds of undesirable frames on ingress.
These kind of drops come for free in the sense that they do not use the
filter TCAM or any other resource that wouldn't normally be used during
rx. Frames dropped by the hardware get counted in the MAC's rx stats
but are not delivered to the driver.
hw.cxgbe.attack_filter
Set to 1 to enable the "attack filter". Default is 0. The attack
filter will drop an incoming frame if any of these conditions is true:
src ip/ip6 == dst ip/ip6; tcp and src/dst ip is not unicast; src/dst ip
is loopback (127.x.y.z); src ip6 is not unicast; src/dst ip6 is loopback
(::1/128) or unspecified (::/128); tcp and src/dst ip6 is mcast
(ff00::/8).
hw.cxgbe.drop_ip_fragments
Set to 1 to drop all incoming IP fragments. Default is 0. Note that
this drops valid frames.
hw.cxgbe.drop_pkts_with_l2_errors
Set to 1 to drop incoming frames with Layer 2 length or checksum errors.
Default is 1.
hw.cxgbe.drop_pkts_with_l3_errors
Set to 1 to drop incoming frames with IP version, length, or checksum
errors. Default is 0.
hw.cxgbe.drop_pkts_with_l4_errors
Set to 1 to drop incoming frames with Layer 4 length, checksum, or other
errors. Default is 0.
r366862:
cxgbe(4): Updates to the drop features from r366532.
Navdeep Parhar [Mon, 23 Nov 2020 23:46:07 +0000 (23:46 +0000)]
MFC r365732 and r366589.
r365732:
cxgbe(4): Get the count of FCS errors from the MAC and not MPS for T6 ports.
The MPS register on the T6 counts something other than FCS errors despite its
name.
r366589:
cxgbe(4): More fixes for the T6 FCS error counter.
r365732 was the first attempt to get an accurate count but it was
writing to some read-only registers to clear them and that obviously
didn't work. Instead, note the counter's value when it is supposed to
be cleared and subtract it from future readings.
dev.<port>.stats.rx_fcs_error should not be serviced from the MPS
register for T6.
The stats.* sysctls should all use T5_PORT_REG for T5 and above. This
must have been missed in the initial T5 support years ago. Fix it while
here.
MFC r367594:
Fix possible NULL pointer dereference.
lagg(4) replaces if_output method of its child interfaces and expects
that this method can be called only by child interfaces. But it is
possible that lagg_port_output() could be called by children of child
interfaces. In this case ifnet's if_lagg field is NULL. Add check that
lp is not NULL.
Perhaps it made sense in 1998 (r32836), but now it feels a bit out of
place. We tend to avoid documenting non-essential ports variables in
the manual page (we try to document them in the Porter's Handbook instead).
Alexander Motin [Wed, 18 Nov 2020 02:05:59 +0000 (02:05 +0000)]
MFC r367600: Make CTL nicer to increased MAXPHYS.
Before this CTL always allocated MAXPHYS-sized buffers, even for 4KB I/O,
that is even more overkill for MAXPHYS of 1MB. This change limits maximum
allocation to 512KB if MAXPHYS is bigger, plus if one is above 128KB, adds
new 128KB UMA zone for smaller I/Os. The patch factors out alloc/free,
so later we could make it use more zones or malloc() if we'd like.
Kirk McKusick [Tue, 17 Nov 2020 05:48:00 +0000 (05:48 +0000)]
MFC of 340927 and 367034.
Move clear of UFS feature flags from ufs_mountfs() to ffs_sbget() to
ensure that the appropriate feature flags get cleared by filesystem
utilities as well as the kernel when they modify the filesystem.
Note 340927 is relevant for this even though it was done for a
different reason at the time.
An earlier commit effectively turned out the fast forwading path
due to its lack of support for ICMP redirects. The following commit
adds redirects to the fastforward path, again allowing for decent
forwarding performance in the kernel.
Reviewed by: ae, melifaro (also helped with the MFC)
Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
It is rather common for the ports users to replace su(1) with sudo(8)
within the SU_CMD variable. Let's document it in the manual page (so far
it's been hidden in a comment within bsd.commands.mk).
Kristof Provost [Sun, 15 Nov 2020 11:56:16 +0000 (11:56 +0000)]
MFC r366500:
bridge: call member interface ioctl() without NET_EPOCH
We're not allowed to hold NET_EPOCH while sleeping, so when we call ioctl()
handlers for member interfaces we cannot be in NET_EPOCH. We still need some
protection of our CK_LISTs, so hold BRIDGE_LOCK instead.
That requires changing BRIDGE_LOCK into a sleepable lock, and separating the
BRIDGE_RT_LOCK, to protect bridge_rtnode lists. That lock is taken in the data
path (while in NET_EPOCH), so it cannot be a sleepable lock.
* The Rust compiler produces SHF_ALLOC `.debug_gdb_scripts` (which
normally does not have the flag)
* `.debug_gdb_scripts` sections are removed from `inputSections` due
to --strip-debug/--strip-all
* When processing --gc-sections, pieces of a SHF_MERGE section can be
marked live separately
`=>` segfault when marking liveness of a `.debug_gdb_scripts` which
is not split into pieces (because it is not in `inputSections`)
This patch circumvents the problem by not treating SHF_ALLOC
".debug*" as debug sections (to prevent --strip-debug's stripping)
(which is still useful on its own).
Kyle Evans [Sat, 14 Nov 2020 15:33:39 +0000 (15:33 +0000)]
MFC r367604: umtx: drop incorrect timespec32 definition
This works for amd64, but none others -- drop it, because we already have a
proper definition in sys/compat/freebsd32/freebsd32.h that correctly uses
time32_t.
While toying around with lua bindings for libbe(3), I discovered that I
apparently never documented this, despite having documented
be_is_auto_snapshot_name that references it.
r366821:
libbe(3): install MLINKS for all of the functions provided
Kyle Evans [Sat, 14 Nov 2020 15:19:36 +0000 (15:19 +0000)]
MFC r366769: MFC r366760: lua: update to 5.3.6
This release contains some minor bugfixes; notably:
- 2x minor Makefile fixes (not used in base)
- Long brackets with a huge number of '=' overflow some internal buffer
arithmetic.
- Joining an upvalue with itself can cause a use-after-free crash.
See here for examples: http://www.lua.org/bugs.html#5.3.5
r367239:
Add plug and play information macroses for ACPI and I2C buses.
Matching table format is compatible with ACPI_ID_PROBE bus method.
Note that while ACPI_ID_PROBE matches against _HID and all _CIDs, current
acpi_pnpinfo_str() exports only _HID and first _CID. That means second
and further _CIDs should be added to both acpi_pnpinfo_str() and
ACPICOMPAT_PNP_INFO if device matching against them is required.
Kyle Evans [Sat, 14 Nov 2020 02:11:04 +0000 (02:11 +0000)]
MFC r366435: lualoader: improve the design of the brand-/logo- mechanism
In the previous world order, any brand/logo was forced to pull in the
drawer and call drawer.add{Brand,Logo} with the name their brand/logo is
taking and a table describing it.
In the new world order, these files just need to return a table that maps
out graphics types to a table of the exact same format as what was
previously being passed back into the drawer. The appeal here is not needing
to grab a reference back to the drawer module and having a cleaner
data-driven looking format for these. The format has been renamed to 'gfx-*'
prefixes and each one can provide a logo and a brand.
drawer.addBrand/drawer.addLogo will remain in place until FreeBSD 13, as
there's no overhead to them and it's not yet worth the break in
compatibility with any pre-existing brands and logos.