Marius Strobl [Wed, 12 Apr 2023 21:46:02 +0000 (23:46 +0200)]
mmc(4): Don't call bridge driver for timings not requiring tuning
The original idea behind calling into the bridge driver was to have the
logic deciding whether tuning is actually required for a particular bus
timing in a given slot as well as doing the sanity checking only on the
controller layer which also generally is better suited for these due to
say SDHCI_SDR50_NEEDS_TUNING. On another thought, not every such driver
should need to check whether tuning is required at all, though, and not
everything is SDHCI in the first place.
Adjust sdhci(4) accordingly keeping sdhci_generic_tune() a bit cautious
still.
UFS/FFS: Migrate to modern uintXX_t from u_intXX_t.
As per https://lists.freebsd.org/archives/freebsd-scsi/2023-July/000257.html
move to the modern uintXX_t. While here also migrate u_char to uint8_t.
Where other kernel interfaces allow, migrate u_long to uint64_t.
pf: test rules evaluation in the face of multiple IPv6 fragment headers
Send an ICMPv6 echo request packet with multiple IPv6 fragment headers.
Set rules to pass all packets, except for ICMPv6 echo requests.
pf ought to drop the echo request, but doesn't because it reassembles
the packet, and then doesn't handle the second fragment header. In other
words: it fails to detect the ICMPv6 echo header.
Reported by: Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
MFC after: instant
Sponsored by: Rubicon Communications, LLC ("Netgate")
With 'scrub fragment reassemble' if a packet contains multiple IPv6
fragment headers we would reassemble the packet and immediately
continue processing it.
That is, we'd remove the first fragment header and expect the next
header to be a final header (i.e. TCP, UDP, ICMPv6, ...). However, if
it's another fragment header we'd not treat the packet correctly.
That is, we'd fail to recognise the payload and treat it as if it were
an IPv6 fragment rather than as its actual payload.
Fix this by restarting the normalisation on the reassembled packet.
If there are multiple fragment headers drop the packet.
Reported by: Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome)
MFC after: instant
Sponsored by: Rubicon Communications, LLC ("Netgate")
As of pytest 7.4 it no longer walks all the way to the root directory
of the file system to find conftest files. As a result we don't find /
usr/tests/conftest.py, and don't load atf_python. That in turn causes
atf_python tests to fail.
Explicitly set the confcutdir, as advised by the pytest changelog.
See also: https://github.com/pytest-dev/pytest/pull/11043
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D41064
Kevin Bowling [Sat, 29 Jul 2023 01:14:29 +0000 (18:14 -0700)]
e1000: HWCSUM excemption fixes
Also disable IPV6 checksum offload.
Spell hw->mac.type < e1000_82543 as e1000_82542. Confusingly, chips
like 82540 and 82541 come later and do not have these issues. There
is no functional change here, as the enum was defined in such a way
it worked correctly. But this reads literally.
Kevin Bowling [Sat, 22 Jul 2023 18:33:27 +0000 (11:33 -0700)]
e1000: lem(4)/em(4) ifcaps, TSO and hwcsum fixes
* em(4) obey administrative ifcaps for using hwcsum offload
* em(4) obey administrative ifcaps for hw vlan receive tagging
* em(4) add additional TSO6 ifcap, but disabled by default as is TSO4
* lem(4) obey administrative ifcaps for using hwcsum offload
* lem(4) add support for hw vlan receive tagging
* lem(4) Add ifcaps for TSO offload experimentation, but disabled by
default due to errata and possibly missing txrx code.
* lem(4) disable HWCSUM ifcaps by default on 82547 due to errata around
full duplex links. It may still be administratively enabled.
Kevin Bowling [Fri, 21 Jul 2023 03:30:00 +0000 (20:30 -0700)]
e1000: lem(4)/em(4) ifcaps, TSO and hwcsum fixes
* em(4) obey administrative ifcaps for using hwcsum offload
* em(4) obey administrative ifcaps for hw vlan receive tagging
* em(4) add additional TSO6 ifcap, but disabled by default as is TSO4
* lem(4) obey administrative ifcaps for using hwcsum offload
* lem(4) add support for hw vlan receive tagging
* lem(4) Add ifcaps for TSO offload experimentation, but disabled by
default due to errata and possibly missing txrx code.
* lem(4) disable HWCSUM ifcaps by default on 82547 due to errata around
full duplex links. It may still be administratively enabled.
Mike Karels [Wed, 26 Jul 2023 15:56:52 +0000 (10:56 -0500)]
netstat -i: compute most field widths dynamically
The network and address fields were sometimes truncated for netstat -i
without -W, and often much too wide for netstat -i with the -W option.
Fields such as normal packet counts often overflowed. As a result,
columns didn't line up, and large white spaces made it harder to
follow a line across the display. Change the code to compute the
required field sizes for network, address, and various packet counts.
Hoist the code to format network and address into a subroutine that
can be called twice, once to measure the required field widths,
and once to emit the values. Use separate field widths for input
and output packets, byte counts, and error and drop counters.
These are left at defaults (the preceding values) with the -h
option, in which case the fields have a limited total width.
An extra space is included between the Network and Address, which
otherwise seemed too close.
Change the mention of -W with -i in the man page to say that most
field widths are computed dynamically in this case.
Whilst ^ and $ are supported with C, those are special cases, and
general regex syntax like groups and alternations are not. Use the
correct modifier so we get a version number out that's not 0 (which is
what happens when it can't be parsed by the later code).
The upcoming Xcode 15 introduces a new linker (called ld-prime or ld-new
in some documentation) to replace the classic ld64, which we need to
handle.
Previously, the linker would identify itself as:
@(#)PROGRAM:ld PROJECT:ld64-<version>
Now, there are two cases. When the classic ld64 is in use, it identifies
itself as:
@(#)PROGRAM:ld-classic PROJECT:ld64-<version>
When the new linker is in use, it identifies itself as:
@(#)PROGRAM:ld PROJECT:dyld-<version>
Thus, tweak the detection to allow a -classic suffix in the PROGRAM
string and to allow a dyld- prefix instead of an ld64- prefix on the
version number in the PROJECT string.
kmod.mk: Use portable printf '%s' over non-portable echo -n
Whilst /bin/echo on macOS and Linux implement -n, as do the builtin
echos in bash and zsh, the builtin echo in dash does not, causing the
first line of the output to be -n foo rather than just foo, and there to
be an extra newline in the output and thus blank line, both of which
result in "Symbol ... is not present in *.kld" warnings appearing in the
build output (once for -n foo and once for the empty string for each
module where EXPORT_SYMS is a list of symbols).
Jessica Clarke [Wed, 14 Jun 2023 22:58:36 +0000 (23:58 +0100)]
resizewin: Stop printing bogus NUL to TTY
A char array has an implicit NUL terminating it, which sizeof will
include, so we need to subtract 1 here. Printing a NUL can cause issues
for things like CI environments that aren't expecting it, especially
with recent Jenkins being stricter about not putting NUL in XML files.
Fixes: 3d222369acbe ("Add a small tool, resizewin(1), to query terminal for window size")
MFC after: 1 week
Jessica Clarke [Wed, 7 Jun 2023 14:21:18 +0000 (15:21 +0100)]
libpmc: Handle PMCALLOCATE log with PMC code on PMU event system
On an arm64 system that reports as a Cortex A72 r0p3, running
pmcstat -P CPU_CYCLES command
works, but
pmcstat -P cpu-cycles command
does not. This is because the former uses the PMU event from the JSON
source, resulting in pl_event in the log event being a small index
(here, 5) into the generated events table, whilst the latter does not
match any of the JSON events and falls back on PMC's own tables, mapping
it to the PMC event 0x14111, i.e. PMC_EV_ARMV8_EVENT_11H. Then, when
libpmc gets the PMCALLOCATE event, it tries to use the event as an index
into the JSON-derived table, but doing so only makes sense for the
former, whilst for the latter it will go way out of bounds and either
read junk (which may trigger the != NULL assertion) or segfault. As far
as I can tell we don't have anything lying around to tell us which of
the two cases we're in, but we can exploit the fact that the first
0x1000 PMC event codes are reserved, and that none of our PMU events
tables reach that number of entries yet.
Jessica Clarke [Fri, 3 Mar 2023 02:15:30 +0000 (02:15 +0000)]
Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints
As of macOS Ventura, Apple-signed binaries cannot be run if copied away from
their system location. This security feature doesn't really make sense for
boring things like sh(1), more so for applications with special entitlements,
but it's universally present, and results in the following error:
>>> Install check world
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 572: warning: "MAKEFLAGS= CPUTYPE=dummy /Users/Jess/cheri/build/freebsd-riscv64-build/bmake-install/bin/bmake -f /dev/null -m /Users/Jess/cheri/freebsd/share/mk MK_AUTO_OBJ=no -V CPUTYPE" exited on a signal
bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 575: CPUTYPE global should be set with ?=.
As with host-symlinks, we don't actually need to copy the files on macOS, since
we're not updating the current machine, so copy its approach and just symlink
them instead.
release: Set loader_menu_multi_user_prompt to "Installer" for installer
This makes it more obvious that the media being booted is an installer
rather than an installed system, which is otherwise hard to distinguish.
It also provides a more user-friendly, and more accurate, prompt.
Currently for distributeworld we pass DESTDIR to certctl.sh as an
environment variable, which sets the default value in the script.
However, for -DNO_ROOT builds, CERTCTLFLAGS has METALOG_INSTALLFLAGS
which includes -D ${DESTDIR}, overriding the custom DESTDIR pointing at
the base dist directory.
Moreover, in order to ensure that the METALOG includes the base/ prefix
for all the files, we need to have certctl call install with -D set to
DESTDIR/DISTDIR without the /base suffix but also ensure the files get
installed to DESTDIR/DISTDIR/base.
Fix these by passing the custom DESTDIR to certctl via -D rather than in
the environment and to pass the /base suffix in the distributeworld case
via the newly-added -d option.
We also need to run certctl rehash before we generate the .meta files
from the METALOG, not after, otherwise they won't include the METALOG
additions, so move the certctl rehash call.
Finally, add a missing semicolon that results in no message being
printed in the missing openssl case. By not including the semicolon,
else echo "..." is treated as extra arguments to certctl, which is lax
in its argument parsing and ignores additional arguments, and the
semicolon and fi after the intended echo terminate the if statement as
normal so there's no syntax error at the shell level. This is harmless
as we weren't trying to do anything other than echo anyway, all that
happens is the echo doesn't actually get run.
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
John Baldwin [Thu, 29 Jun 2023 18:27:12 +0000 (11:27 -0700)]
bhyve: Fully reset the fwctl state machine if the guest requests a reset.
If a guest tries to reset the fwctl device while a pending request was
in flight, the fwctl state machine can be left in an incomplete state.
Specifically, rinfo is not cleared.
Normally the state machine for fwctl alternates between REQ (receiving
request) and RESP (sending response) and ignores port writes while in
RESP or port reads while in REQ. Once a guest completes the writes to
the port to send a request, the state machine transitions to RESP and
ignores future writes.
However, if a guest writes a full request and then resets the fwctl
device, the state would transition to REQ without draining the pending
response or discarding the received request. Instead, additional
port writes after the reset were treated as new payload bytes, but
were appended to the previously-received request and could overflow
the fget_str buffer.
To fix, fully reset the fwctl state machine if the guest requests a
reset.
admbugs: 998
Approved by: so
Reviewed by: markj
Reported by: Omri Ben Bassat <t-benbassato@microsoft.com>
Security: FreeBSD-SA-23:07.bhyve
Security: CVE-2023-3494
Make sure the size of the raw[] array in the lro_address union is
correctly set at compile time, so that static code analysis tools
do not report undefined behaviour.
Mark Johnston [Tue, 30 May 2023 19:11:32 +0000 (15:11 -0400)]
buf: Make the number of pbufs slightly more dynamic
Various subsystems pre-allocate a set of pbufs, allocated to implement
I/O operations. pbuf allocations are transient, unlike most buf
allocations.
Most subsystems preallocate nswbuf or nswbuf/2 pbufs each. The
preallocation ensures that pbuf allocation will succeed in low memory
conditions, which might help avoid deadlocks. Currently we initialize
nswbuf = min(nbuf / 4, 256).
nbuf/4 > 256 on anything but the smallest systems. For example,
nswbuf is 256 in a VM with 128MB of memory. In this configuration, a
firecracker VM with one CPU preallocates over 900 pbufs. This consumes
2MB of RAM and adds several milliseconds to the kernel's (very small)
boot time.
Scale nswbuf by ncpu in the common case. I think this makes more sense
than scaling by the amount of RAM, since pbuf allocations are transient
and aren't used for caching. With the change, we get nswbuf=256 with 8
CPUs. With fewer than 8 CPUs we'll preallocate fewer pbufs than before,
and with more we'll preallocate more.
Mark Johnston [Wed, 28 Jun 2023 20:06:21 +0000 (16:06 -0400)]
bhyve: Stop calling pci_lintr_request() in the NVMe device model
The device model effectively assumes that MSI-X is enabled (it never
asserts the legacy interrupt), so any guest which relies on being able
to use the legacy PCI interrupt will fail.
The WIP arm64 port does not implement legacy PCI interrupts, but NVMe
emulation is potentially useful there. Simply remove the call.
When ena_detach is called, we first call ether_ifdetach(),
which destroys internal addresses of ifp. One such address
is ifp->if_addr->ifa_addr. Then during ena_destroy_device(),
if_link_state_change() is called, eventually trying to access
ifp->if_addr->ifa_addr->sa_family. This causes an access
to garbage memory and crashes the kernel.
Ticket [1] was opened to the FreeBSD community to add null
check in the code of if_link_state_change().
A fix was submitted in commit [2], however it was noted
that it is our driver's responsibilty to not call
if_link_state_change() after calling ether_ifdetach().
This commit makes sure if_link_state_change() is not called
after ether_ifdetach().
Fixes: 9b8d05b8ac78 ("Add support for Amazon Elastic Network Adapter (ENA) NIC") Fixes: 30217e2dff10 ("Rework counting of hardware statistics in ENA driver")
MFC after: 2 weeks
Sponsored by: Amazon, Inc.
Graham Perrin [Fri, 7 Jul 2023 22:05:46 +0000 (23:05 +0100)]
gpart(8): slices are out of context for GPT
Correct the GPT example. Creation of a partition leaves free the rest
of the device (not the slice).
Approved-by: imp Fixes: ae1b731b5df0 Rewrite the GPT and MBR examples. For GPT, ensure that the boot partition is large enough for gptzfsboot, which has doubled in size since 10.
MFC after: 1 week
Pull-request: https://github.com/freebsd/freebsd-src/pull/795
In some cases driver may ask FW about link state before FW finishes
configuration of a (Q)SFP+ transceiver. If first attempt of using Get Link
Status AQC after loading driver or handling a reset fails, then re-try
periodically for 5 seconds.
Ed Maste [Sun, 26 Jun 2022 17:23:39 +0000 (13:23 -0400)]
Fix cross-builds from macOS
The macOS linker does not support -zrelro/-znorelro. Since it is only
used to for build tools that run on the host, and WITH_RELRO or
WITHOUT_RELRO does not matter there, just skip the option.
Reviewed by: markj
Fixes: 2f3a961487c9 ("Add RELRO build knob, default to enabled")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35589
Warner Losh [Sat, 23 Oct 2021 04:00:54 +0000 (22:00 -0600)]
msun: Add copyright notices
These files were copied from MUSL. Add the standard copyright notice and
SPDX-License-Identifier: MIT consistent with our new draft license
policy. It reads word for word the same as the MIT license on the SPDX
web site. Add a pointer to the MUSL COPYIRGHT file which contains a list
of all authors of MUSL.
Mark Murray [Tue, 14 Dec 2021 09:08:57 +0000 (09:08 +0000)]
* lib/msun/Makefile b/lib/msun/Makefile:
. Disconnect imprecise.c from the build. This file can be deleted.
. Add b_tgammal.c to the build for ld80 and ld128 targets. The ld128
is a 'git mv' of imprecise.c to ld128/b_tgammal.c.
* lib/msun/ld80/b_expl.c:
. New file. Implement __exp__D for ld80 targets. This is based on
bsdsrc/b_exp.c.
* lib/msun/ld80/b_logl.c:
. New file. Implement __log__D for ld80 targets. This is based on
bsdsrc/b_log.c.
* lib/msun/ld80/b_tgammal.c b/lib/msun/ld80/b_tgammal.c
. New file. Implement tgammal(x) for ld80 targets.
Submitted by: Steve Kargl
Differential Revision: https://reviews.freebsd.org/D33444
Reviewed by: pfg
Mark Murray [Tue, 14 Dec 2021 09:02:45 +0000 (09:02 +0000)]
* lib/msun/Makefile:
. Disconnect b_exp.c and b_log.c from the build.
* lib/msun/bsdsrc/b_exp.c:
. Replace scalb() usage with C99's ldexp().
. Replace finite(x) usage with C99's isfinite().
. Whitespace changes towards style(9).
. Remove include of "mathimpl.h". It is no longer needed.
. Remove #if 0 ... #endif code, which has been present since svn r93211
(2002-03-26).
. New minimax polynomial coefficients.
. Add comments to explain origins of some constants.
. Use ansi-C prototype. Remove K&R prototype. Add static to prototype.
* lib/msun/bsdsrc/b_log.c:
. Remove include of "mathimpl.h". It is no longer needed.
. Fix comments to actually describe the code.
. Reduce minimax polynomial from degree 4 to degree 3.
This uses newly computed coefficients.
. Use ansi-C prototype. Remove K&R prototype. Add static to prototype.
. Remove volatile in declaration of u1.
. Alphabetize decalaration list.
. Whitespace changes towards style(9).
. In argument reduction of x to g and m, replace use of logb() and
ldexp() with a single call to frexp(). Add code to get 1 <= g < 2.
. Remove #if 0 ... #endif code, which has been present since svn r93211
(2002-03-26).
. The special case m == -1022, replace logb() with ilogb().
* lib/msun/bsdsrc/b_tgamma.c:
. Update comments. Fix comments where needed.
. Add float.h to get LDBL_MANT_DIG for weak reference of tgammal to tgamma.
. Remove include of "mathimpl.h". It is no longer needed.
. Use "math.h" instead of <math.h>.
. Add '#include math_private.h"
. Add struct Double from mathimpl.h and include b_log.c and b_exp.c.
. Remove forward declarations of neg_gam(), small_gam(), smaller_gam,
large_gam() and ratfun_gam() by re-arranging the code to move these
function above their first reference.
. New minimax coefficients for polynomial in large_gam().
. New splitting of a0 into a0hi nd a0lo, which include additional
bits of precision.
. Use ansi-C prototype. Remove K&R prototype.
. Replace the TRUNC() macro with a simple cast of a double entities
to float before assignment (functional changes).
. Replace sin(M_PI*z) with sinpi(z) and cos(M_PI*(0.5-z)) with cospi(0.5-z).
Submitted by: Steve Kargl
Differential Revision: https://reviews.freebsd.org/D33444
Reviewed by: pfg
Mark Murray [Mon, 6 Sep 2021 17:26:39 +0000 (18:26 +0100)]
Fix powf().
Summary:
From Steve Kargl:
Paul Zimmermann has identified a bug in Openlibm's powf(),
which is identical to FreeBSD's libm. Both derived from
fdlibm. https://github.com/JuliaMath/openlibm/issues/212.
Consider
% cat h.c
int
main(void)
{
float x, y, z;
x = 0x1.ffffecp-1F;
y = -0x1.000002p+27F;
z = 0x1.557a86p115F;
printf("%e %e %e <-- should be %e\n", x, y, powf(x,y), z);
return 0;
}
% cc -o h -fno-builtin h.c -lm && ./h
9.999994e-01 -1.342177e+08 inf <-- should be 5.540807e+34
Move LIBADD lines from usr.bin/clang/*/Makefile one level up
Some utilities under usr.bin/clang were only linked to libz, while most
others were linked to libz and libzstd. Make this consistent, and remove
repetition, by moving these LIBADD lines to usr.bin/clang/clang.prog.mk
and usr.bin/clang/clang.prog.mk.
Ka Ho Ng [Fri, 7 Jul 2023 04:21:01 +0000 (00:21 -0400)]
modules: fix freebsd32_modstat on big endian platforms
The layout of modspecific_t on both little endian and big endian are as
follows:
|0|1|2|3|4|5|6|7|
+-------+-------+
|uintval| |
+-------+-------+
|ulongval |
+-------+-------+
For the following code snippet:
CP(mod->data, data32, longval);
CP(mod->data, data32, ulongval);
It only takes care of little endian platforms that it truncates the
highest 32bit automatically. However on big endian platforms it takes
the highest 32bit instead. This eventually returns a garbage syscall
number to the 32bit userland.
Since modspecific_t's usage currently is for the use of syscall modules,
we only initialize modspecific32_t with uintval. Now on both BE and LE
64-bit platforms it always pick up the first 4 bytes.
Apply build fix for powerpc64-specific llvm-ar and llvm-nm link error
Only on powerpc64, llvm-ar and llvm-nm could fail to link due to a
"undefined symbol: ZSTD_compressBound" error. This does not happen on
-CURRENT, so directly apply a specific build fix on stable/13.
Merge commit 2b0f5df7b4e0 from llvm-project (by Jessica Clarke):
[builtins][Mips] Un-break FreeBSD build of __clear_cache
Commit 674a17e9bbe8 ("MIPS/compiler_rt: use synci to flush icache on
r6") completely removed the OS-specific guards under the guise of "For
pre-r6, we can use cacheflush libc function, which is same on Linux and
FreeBSD." However, the code in question had guards for Linux and
OpenBSD, not Linux and FreeBSD, and FreeBSD does not have a cacheflush
libc function as claimed, so this was neither the statement they
intended to make nor was it sufficient justification for making the code
completely unconditional. Whilst the upcoming FreeBSD 14 release has
dropped support for MIPS, FreeBSD 13 has support for it.
Fix this by only calling cacheflush on the OSes where it was previously
called, and not on other OSes where it either definitely isn't available
(FreeBSD) or is unknown (any other OS than the three mentioned in this
commit).
This is only needed for MFC'ing, as mips has been removed from
14-CURRENT.