Changing mode on a pin (input/output/pullup/pulldown) is a bit slow.
Improve this by caching what we can.
We need to check if the pin is in gpio mode, do that the first time
that we have a request for this pin and cache the result. We can't do
that at attach as we are a child of rk_pinctrl and it didn't finished
its attach then.
Cache also the flags specific to the pinctrl (pullup or pulldown) if the
pin is in input mode.
Cache the registers that deals with input/output mode and output value. Also
remove some register reads when we change the direction of a pin or when we
change the output value since the bit changed in the registers only affect output
pins.
Cheng Cui [Sat, 24 Dec 2022 21:10:31 +0000 (22:10 +0100)]
BBLog: improve sysctl variables
Correct the format in sysctl net.inet.tcp.bb.disable_all and
sysctl net.inet.tcp.bb.log_auto_all.
Correct the format and the description in
net.inet.tcp.bb.log_auto_mode.
Michael Tuexen [Thu, 8 Dec 2022 08:48:29 +0000 (09:48 +0100)]
ppp: improve MSS clamping
ppp supports MSS clamping for TCP/IPv4. This patch
* improves MSS clamping for TCP/IPv4 by using the MSS as specified
in RFC 6691.
* adds support for MSS clamping for TCP/IPv6.
Reported by: Timo Voelker
Reviewed by: thj
Differential Revision: https://reviews.freebsd.org/D37624
Michael Tuexen [Mon, 3 Oct 2022 12:46:47 +0000 (14:46 +0200)]
tcp: improve handling of SYN-ACK segments in TIMEWAIT state
Only consider segments with the SYN bit set and the ACK bit cleared
as "new connection attempts", which result in re-using a connection
being in TIMEWAIT state. This results in consistent handling of
SYN-ACK segments.
Reviewed by: rscheff@
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36864
Michael Tuexen [Mon, 8 Aug 2022 11:07:10 +0000 (13:07 +0200)]
tcp: improve BBLog for output events when using the FreeBSD stack
Put the return value of ip_output()/ip6_output in the output event
instead of adding another one in case of an error. This improves
consistency with other similar places.
Reviewed by: rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36085
Michael Tuexen [Sat, 28 May 2022 15:40:17 +0000 (17:40 +0200)]
sctp: improve handling of send() when association is shutdown
Accept send() calls only when the association is not being
shut down or the expicit message EOR mode is used and the
application provides follow-up data.
Michael Tuexen [Mon, 18 Apr 2022 22:40:31 +0000 (00:40 +0200)]
if_vtnet: improve dumping a kernel
Disable software LRO during kernel dumping, because having it enabled
requires to be in a network epoch, which might or might not be the
case depending on the code path resulting in the panic.
Reviewed by: markj
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D34787
John Baldwin [Wed, 13 Apr 2022 23:08:21 +0000 (16:08 -0700)]
sctp: #ifdef INET-only and INET6-only variables.
Duplicating the SCTP_PCB_FLAGS_BOUND_V6 check made the #ifdef's
simpler than applying #ifdef's directly to the original code. Modern
compilers should cache the result rather than testing the flag twice.
Mark Johnston [Mon, 23 Jan 2023 19:41:05 +0000 (14:41 -0500)]
netmap: Tell the compiler to avoid reloading ring indices
Per the removed comments these fields should be loaded only once, since
they can in principle be modified concurrently, though this would be a
violation of the userspace contract with netmap.
Mark Johnston [Mon, 16 Jan 2023 15:46:20 +0000 (10:46 -0500)]
ipsec: Clear pad bytes in PF_KEY messages
Various handlers for SADB messages will allocate a new mbuf and populate
some structures in it. Some of these structures, such as struct
sadb_supported, contain small reserved fields that are not initialized
and are thus leaked to userspace.
Fix the problem by adding a helper to allocate zeroed mbufs. This
reduces code duplication and the overhead of zeroing these messages
isn't harmful.
Reviewed by: zlei, melifaro
Reported by: KMSAN
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D38068
Cy Schubert [Wed, 14 Dec 2022 21:41:10 +0000 (13:41 -0800)]
network.subr: Fix infinite loop
When setting up carp tunnel, using a password consisting of only the
characters used as hexadecimal characters, i.e. abc-def, there will be
an infinite loop in the shell function ifalias_af_common_handler().
To circumvent this we test for " pass ".
* Replay 2010[acflm] which had been merged but not recorded.
* Merge 2010n.
* Reorganize (unsplit) the code to match the upstream layout.
* Merge 2022[cdefg].
These aren't just needed for compatibility with i386 binaries (which need
the 32-bit section), but potentially also for compatibility with older
binaries on all platforms.
Sponsored by: Klara, Inc.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D38194
Previously, zic and tzsetup were both listed as install tools and basic
bootstrap tools. Actually, tzsetup is an install tool while zic is a
non-basic bootstrap tool.
Makefile.inc1: Restore adding tzsetup to _basic_bootstrap_tools
ITOOLS is only the list of programs to make a copy of during install, it
doesn't cause anything to be bootstrapped. Thus, by removing tzsetup
from _basic_bootstrap_tools, we end up without it on non-FreeBSD, and so
we error out trying to copy it to INSTALLTMP.
Note that _basic_bootstrap_tools is only used for BOOTSTRAP_ALL_TOOLS
(which is why zic was moved away from it). Should tzsetup evolve such
that the host version is insufficient on older FreeBSD it can be moved
to be more like zic, but that seems unnecessary for what is likely to
remain a simple tool.
clock_gettime() returns 0 if it succeeds, so don't capture that into the
fail logic. With this, WITH_DETECT_TZ_CHANGES successfully detects a
change after 61 seconds.
Jessica Clarke [Sun, 14 Aug 2022 18:50:22 +0000 (19:50 +0100)]
goldfish_rtc: Fix handling a local time RTC
The default QEMU config is to have the RTC in UTC. However, if run with
-rtc base=localtime (and wall_cmos_clock is set to match), the driver
fails to account for adjkerntz due to the use of CLOCKF_SETTIME_NO_ADJ.
Copy the same code used by other CLOCKF_SETTIME_NO_ADJ-using drivers
to fix this, namely manually subtracting utc_offset().
libcrypto: Work around strict aliasing violations in bn_nist.c
This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:
root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key is not a key file.
root@unmatched:/usr/src # git fetch
fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve
Jessica Clarke [Mon, 30 Jan 2023 23:55:03 +0000 (23:55 +0000)]
libc: Fix longjmp/_longjmp(buf, 0) for MIPS
Like AArch64 and RISC-V in the past, MIPS fails to handle this special
case, and will cause the corresponding setjmp/_setjmp to return 0 rather
than 1. Fix this so the newly-added regression tests pass.
This is a direct commit to stable/13 as mips no longer exists in main.
Jessica Clarke [Mon, 9 Jan 2023 18:34:43 +0000 (18:34 +0000)]
libc: Fix longjmp/_longjmp(buf, 0) for AArch64 and RISC-V
These architectures fail to handle this special case, and will cause the
corresponding setjmp/_setjmp to return 0 rather than 1. Fix this and add
regression tests (also committed upstream).
Jake Freeland [Thu, 19 Jan 2023 22:24:44 +0000 (22:24 +0000)]
Makefile: Avoid sanitizing PATH on non-FreeBSD systems
Allow the build process to find host binaries during the host-symlinks target when
cross-building on non-FreeBSD systems. Whilst most non-FreeBSD systems have all
the needed tools in /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin (the final
path added by host-symlinks itself), Homebrew for macOS on Arm defaults to
/opt/homebrew/bin, other more niche systems may also deviate and users may
expect tools in a customised PATH to be picked up, unlike on FreeBSD where we
want to ensure everything comes from base. In particular, (un)xz are needed
from Homebrew on macOS, and thus cannot be found on Arm without this.
Note that non-FreeBSD builds enforce BUILD_WITH_STRICT_TMPPATH, and so the
actual main build steps will still use a sanitised PATH.
freebsd32: Make sendmsg match native ABI for unpadded final control message
The API says that CMSG_SPACE should be used for msg_controllen, but in
practice the native ABI allows you to only use CMSG_LEN for the final
(typically only) control message, and real-world software does this,
including Wayland. For freebsd32, this is in practice mostly harmless,
since control messages are generally used to carry file descriptors,
which are already 4 bytes in size and thus no padding is needed, but
they can carry other quantities that may not result in an aligned
length. This was discovered after CheriBSD's freebsd64 equivalent was
updated to match the freebsd32 implementation, as that uses 8 byte
alignment which does break the file descriptor use case, and thus
Wayland.
This used to be addressed by aligning buflen before the first iteration,
but that allowed unwanted invalid inputs and was lost in 1b1428dcc82b,
with no safer equivalent put in its place.
Reviewed by: brooks, kib, markj
Obtained from: CheriBSD
Fixes: 1b1428dcc82b ("Fix a TOCTOU vulnerability in freebsd32_copyin_control().")
Differential Revision: https://reviews.freebsd.org/D36554
Brooks Davis [Wed, 24 Aug 2022 17:34:39 +0000 (18:34 +0100)]
freebsd32_sendmsg: fix control message ABI
When a freebsd32 caller uses all or most allowed space for control
messages (MCLBYTES == 2K) then the message may no longer fit when
the messages are padded for 64-bit alignment. Historically we've just
shrugged and said there is no ABI guarantee. We ran into this on
CheriBSD where a capsicumized 64-bit nm would fail when called with more
than 64 files.
Fix this by not gratutiously capping size of mbuf data we'll allocate
to MCLBYTES and let m_get2 allocate up to MJUMPAGESIZE (4K or larger).
Instead of hard-coding a length check, let m_get2 do it and check for a
NULL return.
Mark Johnston [Fri, 13 Jan 2023 15:01:00 +0000 (10:01 -0500)]
kvmclock: Fix initialization when EARLY_AP_STARTUP is not defined
To attach to the hypervisor, kvmclock needs to write a per-CPU MSR.
When EARLY_AP_STARTUP is not defined, device attach happens too early:
APs are not yet spun up, so smp_rendezvous only runs the callback on the
local CPU. As a result, the timecounter only gets initialized on the
BSP, and then timekeeping is broken on SMP systems.
Implement handling for !EARLY_AP_STARTUP kernels: keep track of the CPU
on which device attach ran, and then use a SI_SUB_SMP SYSINIT to
register the rest of the CPUs with the hypervisor.
Reported by: Shrikanth R Kamath <kshrikanth@juniper.net>
Reviewed by: kib, jhb (earlier versions)
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37705
Jiajie Chen [Mon, 23 Jan 2023 16:36:59 +0000 (00:36 +0800)]
Add kf_file_nlink field to kf_file and populate it
This will allow user-space programs (e.g. lsof) to locate deleted files
whose nlink equals zero. Prior to this commit, programs has to use
stat(kf_path) to get nlink, but that will fail if the file is deleted.
* Automatically use IPv6 when IPv6 addresses are used, --ip6 is not needed.
* Building of ping requests and parsing of ping replies is done layer by
layer. This way most arguments are available both for IPv6 and IPv4,
for ICMP and TCP.
* Use argument groups for improved readability.
* Change ToS and TTL argument name to TC and HL to reflect the modern
IPv6 nomenclature. The argument still set related IPv4 header fields
properly.
* Instead of sniffing for the very specific case of duplicated packets,
allow for sniffing on multiple interfaces.
* Report which sniffer has failed by setting bits of error code.
* Raise meaningful exceptions when irrecoverable errors happen.
* Make IPv4 fragmentation flags configurable.
* Make IPv6 HL / IPv4 TTL configurable.
* Make TCP MSS configurable.
* Make TCP sequence number configurable.
* Make ICMP payload size configurable.
* Add debug output.
* Move command line argument parsing out of network functions.
* Make the code somehow PEP-8 compliant.
* Remove ambiguity of configuring recvif, it must be now explicitly specified.
* Don't catch exceptions around creating the sniffer, let it properly
fail and display the whole stack trace.
* Count correct packets so that duplicates can be found.
Rick Macklem [Sun, 15 Jan 2023 22:07:40 +0000 (14:07 -0800)]
nfsserver: Fix handling of SP4_NONE
For NFSv4.1/4.2, when the client specifies SP4_NONE for
state protection in the ExchangeID operation arguments,
the server MUST allow the state management operations for
any user credentials. (I misread the RFC and thought that
SP4_NONE meant "at the server's discression" and not MUST
be allowed.)
This means that the "sec=XXX" field of the "V4:" exports(5)
line only applies to NFSv4.0.
This patch fixes the server to always allow state management
operations for SP4_NONE, which is the only state management
option currently supported. (I have patches that add support
for SP4_MACH_CRED to the server. These will be in a future commit.)
In practice, this bug does not seem to have caused
interoperability problems.
Kyle Evans [Wed, 4 Jan 2023 05:21:10 +0000 (23:21 -0600)]
grep: properly switch EOL indicator with -z
-z is supposed to use only the NUL byte as EOL, but we were
inadvertently using both newline and NUL due to REG_NEWLINE in cflags.
The odds of anyone relying on this bsdgrep-specific bug are quite low,
so let's just fix it. At least one port in the wild has been reported
to expect the intended behavior.
Reported by: Hill Ma <maahiuzeon@gmail.com>
Triaged by: the self-proclaimed peanut gallery on Discord
Kristof Provost [Sat, 31 Dec 2022 18:23:15 +0000 (19:23 +0100)]
pf tests: test fast port re-use with syncookies
When a src/dst ip/port tuple is re-used before the pf state fully
expires we clean up the state and create a new one, unless syncookies
are enabled.
Test this, by running two back-to-back nc sessions, with a fixed source
port. Move the interface and IP to a different (vnet) jail, to trick the
network stack into letting us do this.