Andrew Turner [Fri, 31 Mar 2023 12:34:51 +0000 (13:34 +0100)]
Move arm64 EENTRY uses before ENTRY
The ENTRY macro adds instructions to the start of a function but not
EENTRY. To use these instructions in both functions move the EENTRY
use before the ENTRY use.
Andrew Turner [Fri, 31 Mar 2023 09:15:45 +0000 (10:15 +0100)]
Handle the arm64 unknown exception separately
Rather than falling through to the default case handle the unknown
exception with its own panic message. As ESR_EL1 is zero for this
exception stop printing it.
The removed text claimed that memcpy is implemented using bcopy and thus
strings may overlap. Use of bcopy is an implementation detail that is
no longer true, even if the implementation (on some archs) does allow
overlap.
In any case behaviour is undefined per the C standard if memcpy is
called with overlapping objects, and this man page already claimed that
src and dst may not overlap.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31192
Daniel Tameling [Sat, 1 Jul 2023 08:43:40 +0000 (10:43 +0200)]
rc.subr: don't require service to be enabled for `status`
For a service that sets an rcvar, there is a check whether it has been
enabled before the actual command is executed. If the check fails, one
gets a message to enable it and the returned exit status is 0.
However, this is usually undesirable for the status command, which is
a) supposed to check whether the service is running anyway and
b) returns a non-zero exit code if that is not the case.
Thus, skip the check for the status command.
Ed Maste [Wed, 30 Aug 2023 20:49:44 +0000 (16:49 -0400)]
Update WITH_/WITHOUT_SSP descriptions
ProPolice refers to a specific implementation by Hiroaki Etoh and
Kunikazu Yoda. The implementation in contemporary Clang and GCC is
somewhat different and newer, so use a generic term in the src.conf
descriptions.
When parsing a rule to rotate log files on a specific week day,
parseDWM() can advance the time to the next week. If the next week is
in the next month, then tm_mon is incremented. However, the increment
was failing to handle the wraparound from December to January, so when
parsing a rule during the last week of the December, the month would
advance to month 12. This triggered an out-of-bounds read of the
mtab[] array in days_pmonth() after parseDWM() returned. To fix,
this change resets the month to January and increment the year when
the month increment wraps.
The default rule for /var/log/weekly.log triggers this during the
last week of December each year.
Reported by: CHERI
Obtained from: CheriBSD
Reviewed by: jhb
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: <https://reviews.freebsd.org/D33687>
Bartosz Sobczak [Mon, 21 Aug 2023 11:28:58 +0000 (13:28 +0200)]
irdma(4): remove artificial completion generator
Removing artificial completion generator as there had been no indication
of the code being required for E810 cards. Further more it was found
that the code may have unpleasant side effects on user experience when
using ucmatose tool.
Bartosz Sobczak [Mon, 21 Aug 2023 11:56:57 +0000 (13:56 +0200)]
irdma(4): use related vnet for searching netdev
It was found through testing that when ULP uses individual vnet, the
search for the correct vlan_id may failing because of no proper
interface with given address.
The solution is to use vnet associated to the connection whenever
possible.
Notable changes:
- pf-reset handling improvements, including fixes in communication with if_ice(4)
- avoid racing when handling various events
- adding sw stats sysctls
- hand over pe_criterr handling from ice(4) to irdma(4)
- debug prints adjustments
- fix crash after changes in irdma_add_mqh_ifa_cb
Additional fixes in stable/13 but not in original cherry-picked commit:
- code appearance improvements
- bug fixes in fbsd_kcompat.c
- avoid waiting procedures under lock in irdma_add_mqh_ifa_cb
- busy wait for manage_qhash
- stats don't need to be RDTUN, RD is enough
Bartosz Sobczak [Tue, 28 Mar 2023 21:15:15 +0000 (14:15 -0700)]
irdma(4): Upgrade the driver to 1.1.11-k
Summary of changes:
- postpone mtu size assignment during load to avoid race condition
- refactor some of the debug prints
- add request reset handler
- refactor flush scheduler to increase efficiency and avoid racing
- put correct vlan_tag for UD traffic with PFC
- suspend QP before going to ERROR state to avoid CQP timout
- fix arithmetic error on irdma_debug_bugf
- allow debug flag to be settable during driver load
- introduce meaningful default values for DCQCN algorithm
- interrupt naming convention improvements
- skip unsignaled completions in poll_cmpl
Alan Somers [Tue, 12 Sep 2023 01:20:39 +0000 (19:20 -0600)]
Fix zfsd with the device_removal pool feature.
Previously zfsd would crash in the presence of a pool with a
top-level-vdev that had previously been removed. The crash happened
because the configuration nvlist of such a TLV contains an empty
ZPOOL_CONFIG_CHILDREN array, which led to a pop_front from an empty
list, which has undefined behavior.
The crash only happened in stable/14 and later, probably do to
differences in libcxx, but the change should be MFCed anyway.
Ed Maste [Sat, 16 Sep 2023 20:46:16 +0000 (21:46 +0100)]
freebsd-update: do not restart sshd when updating jail/basedir
In 6cd1bc531609 for PR 263489 I changed freebsd-update to restart sshd
after upgrade, to avoid an upgrade-related incompatibility that made it
impossible to login.
This is intended to avoid losing access to remote hosts, and ought not
apply to upgrading jails (from outside).
PR: 263489, 272282
Reported by: otis
Reviewed by: otis, kevans
MFC after: 3 days
Sponsored by: The FreeBSD Foundation Fixes: 6cd1bc531609 ("freebsd-update: restart sshd after upgrade")
Differential Revision: https://reviews.freebsd.org/D41890
Yuri Pankov [Tue, 28 Mar 2023 15:10:47 +0000 (17:10 +0200)]
libc: use separate collate objects for C, POSIX, and C.UTF-8
Fix newlocale() overwriting the locale name in collate object
when same instance was used for those locales, and querylocale()
reporting unexpected value for LC_COLLATE_MASK.
net: Check per-flow priority code point for untagged traffic
Commit 868aabb4708d introduced per-flow priority. There's a defect in the
logic for untagged traffic, it does not check M_VLANTAG set in the mbuf
packet header or MTAG_8021Q/MTAG_8021Q_PCP_OUT tag set by firewall, then
can result missing desired priority in the outbound packets.
For mbuf packet with M_VLANTAG in header, some interfaces happen to work
due to bug in the drivers mentioned in D39499. As modern interfaces have
VLAN hardware offloading, the defect is barely noticeable unless the
feature per-flow priority is widely tested.
As a side effect of this defect, the soft padding to work around buggy
bridges is bypassed. That may result in regression if soft padding is
requested.
Ed Maste [Mon, 14 Aug 2023 16:56:12 +0000 (12:56 -0400)]
msi: handle error from BUS_REMAP_INTR in msi_assign_cpu
Previously errors from BUS_REMAP_INTR were silently ignored, and we
ended up with non-functional interrupts.
Now we allocate and enable new vectors, but postpone assignment of new
APIC IDs and vectors where we can, until after BUS_REMAP_INTR is
successful. We then disable and free the old vectors.
If BUS_REMAP_INTR fails we restore the old configuration, and disable
and free the new, unused vectors.
Thanks to AMD for providing hardware (with APIC IDs above 255) for
testing.
Reviewed by: jhb
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41455
The “undocumented kludge” which unfortunately can't be dropped for backward compatibility reasons was prone to segfaulting and would improperly allow a new linecount when one was already set. Fix these issues and add regression tests.
Jan Schaumann [Tue, 30 May 2023 12:55:38 +0000 (15:55 +0300)]
split(1): auto-extend suffix length if required
If the input cannot be split into the number of files resulting from the
default suffix length, automatically extend the suffix length rather
than bailing out with 'too many files'.
Suffixes are extended such that the resulting files continue to sort
lexically and "cat *" would reproduce the input. For example, splitting
a 1M lines file into (default) 1000 lines per file would yield files
named 'xaa', 'xab', ..., 'xyy', 'xyz', 'xzaaa', 'xzaab', ..., 'xzanl'.
If '-a' is specified, the suffix length is not auto-extended.
This behavior matches GNU sort(1) since around version 8.16.
Reviewed by: christos
Approved by: kevans
Different Revision: https://reviews.freebsd.org/D38279
Gleb Smirnoff [Thu, 28 Oct 2021 15:11:45 +0000 (08:11 -0700)]
blackhole(4): disable for locally originated TCP/UDP packets
In most cases blackholing for locally originated packets is undesired,
leads to different kind of lags and delays. Provide sysctls to enforce
it, e.g. for debugging purposes.
Mike Karels [Fri, 8 Sep 2023 14:06:42 +0000 (09:06 -0500)]
mountd: do not warn about using class mask with -mask
The previous code would warn that the mask was being defaulted to
an obsolete class mask even if -mask was present after -network.
Import a fix from Peter Much with a little tweaking, deferring the
warning until after all parameters are processed.
Mitchell Horne [Thu, 3 Aug 2023 13:48:15 +0000 (10:48 -0300)]
intro(9): rewrite from scratch
This page has existed as a placeholder since its creation in 1995. It
does not provide a useful introduction to the content in this section.
Reimagine it as a top-level overview page containing brief descriptions
and links to existing pages in section 9. It is roughly organized into
sub-sections, grouped by topic or subsystem. In other words, the page is
meant to function as a map to other content.
There is a balance to be found here between providing as many links as
possible and keeping the page concise and searchable. In general the aim
is to reference pages which provide the best entry point to a particular
topic. For example, a link is given to locking(9), but not to the
specific lock pages such as mutex(9) or rwlock(9).
NetBSD has done something similar with their intro(9), so some
inspiration has been taken from there, although their content doesn't
align that closely with what we have.
I have done a thorough review of our existing pages and formed these
subsections around them, but they are meant to evolve.
PR: 270481
Reviewed by: imp, emaste
MFC after: 3 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41104
At least one user reports issues with vmx interfaces after 725e4008ef,
where we default to not resetting the interface on VLAN changes. This
was on an ESXi 7.0.3 setup.
Kevin Bowling [Thu, 24 Aug 2023 20:42:23 +0000 (13:42 -0700)]
iflib: invert default restart on VLAN changes
In rS360398, a new iflib device method was added to opt out of VLAN
events needing an interface reset.
I am switching the default to not requiring a restart for:
* VLAN events
* unknown events
After fixing various bugs, I do not think this would be a common need
of hardware and it is undesirable from the user's perspective causing
link flaps and much slower VLAN configuration. Currently, there are no
other restart events besides VLAN events, and setting the
ifdi_needs_restart default to false will alleviate the need to churn
every driver if an odd event is added in the future for specific
hardware.
markj points out this could cause churn in the other direction; I will
solve that problem with an event registration system as he mentions in
the review should we need it in the future.
These drivers will opt into restart and need further inspection or work:
* ixv (needs code audit, 61a8231 fixed principal issue; re-init probably
not necessary)
* axgbe (needs code audit; re-init probably not necessary)
* iavf - (needs code audit; interaction with Malicious Driver Detection
mentioned in rS360398)
* mgb - no VLAN functions are currently implemented. Left a comment.
Kevin Bowling [Thu, 24 Aug 2023 20:16:24 +0000 (13:16 -0700)]
bnxt: Don't restart on VLAN changes
In rS360398, a new iflib device method was added with default of opt out
for VLAN events needing an interface reset.
This is unintentional for bnxt(4) and is causing another bug in its VLAN
initialization code to affect the common case of adding and removing
VLANs on an existing interface.
The module entries should generally allow whatever is allowed as an
env_var in the pattern table. Notably, we're missing periods which
would allow proper entries for .dtb files in loader.conf that don't need
to specify a module_name entry for it.
%d in this expression is actually redundant as %w is actually
"all alphanumerics," but I've included it for now to match the env_var
entry. We should really remove it from both.
Kyle Evans [Sat, 26 Aug 2023 01:01:47 +0000 (20:01 -0500)]
caroot: update the root bundle and regenerate with OpenSSL 3
Summary:
- Six (6) new roots
- Four (4) distrusted roots
Note that this was intentionally generated with OpenSSL 1.1.1 to avoid
mixing updates and non-functional changes -- there will be some churn
with OpenSSL 3. The next commit will update the current batch of
trusted certs with the format OpenSSL 3 produces, which I've tested
against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older
branches.
This MFC also regenerates all of the trusted certs with OpenSSL 3 to
reduce the diff of future ENs -- this update has no existing certs
modified, so it's the perfect time.
Kyle Evans [Sat, 26 Aug 2023 00:55:32 +0000 (19:55 -0500)]
caroot: drop VERSION tags from certs
With this change, we'll drop the "with $FreeBSD$" lines from trusted/
certs in the next update. untrusted/ will need to be done manually, but
I'll likely just do them all manually, commit, then run the script and
commit any legitimate updates after confirming the output matches what
I did manually.
Whilst Clang does not use these, recent GCC does, and so on systems such
as FreeBSD that wish to use compiler-rt as the system runtime library
but also wish to support building programs with GCC these interfaces are
needed.
This is a light adaptation of the code committed to GCC by Sebastian Pop
<spop@amazon.com>, relicensed with permission for use in compiler-rt.
Martin Matuska [Thu, 7 Sep 2023 15:18:12 +0000 (17:18 +0200)]
libarchive: merge security fix from vendor branch
This commit fixes a couple of security vulnerabilities in the PAX writer:
1. Heap overflow in url_encode() in archive_write_set_format_pax.c
2. NULL dereference in archive_write_pax_header_xattrs()
3. Another NULL dereference in archive_write_pax_header_xattrs()
4. NULL dereference in archive_write_pax_header_xattr()
Security: No known reference yet
Obtained from: https://github.com/libarchive/libarchive/commit/1b4e0d0f9