Mark Johnston [Thu, 30 Jun 2022 14:19:23 +0000 (10:19 -0400)]
pf: Make sure that pfi_update_status() always zeros counters
pfi_update_status() can return early if the status interface doesn't
exist. But in this case pf_getstatus() was copying uninitialized stack
memory into the output nvlist.
Reported by: Jenkins (KMSAN job)
Reviewed by: kp
Sponsored by: The FreeBSD Foundation
Arseny Smalyuk [Sat, 4 Jun 2022 16:12:29 +0000 (19:12 +0300)]
ipfw: add support radix tables and table lookup for MAC addresses
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.
John Baldwin [Tue, 18 Jan 2022 22:47:13 +0000 (14:47 -0800)]
crypto: Add a simple API for [X]ChaCha20-Poly1035 on flat buffers.
This is a synchronous software API which wraps the existing software
implementation in libsodium. This is different from the code in main
in that this uses libsodium directly. The version in main uses the
software backend shared with OCF, but main required changes that break
the ABI of struct enc_xform that cannot be merged to stable/13.
John Baldwin [Wed, 25 May 2022 21:20:40 +0000 (14:20 -0700)]
etcupdate: Preserve permissions when installing a resolved file.
Similar to the change in 1a04446f088c79cc2cf85fd86e60ebcc228d3075, use
cat to overwrite the contents of the existing file rather than cp so
that metadata of the existing file such as permissions and ownership
is preserved.
John Baldwin [Wed, 25 May 2022 21:02:51 +0000 (14:02 -0700)]
etcupdate: Don't rotate trees for a dry run.
When performing a dry run, remove the temporary tree created rather
than rotating the trees. Rotating the trees meant that etcupdate
thought the latest changes were already merged and would not merge
them on the next real run.
PR: 260281
Reported by: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Fixes: 0611aec3cf3a etcupdate: Always extract to a temporary tree.
John Baldwin [Thu, 30 Jun 2022 17:10:00 +0000 (10:10 -0700)]
crypto: Fix assertions for digest-only sessions with separate output.
Digest-only sessions do not generate modified payload as an output, so
don't bother asserting anything about the payload with respect to the
output buffer other than the payload output start being zero.
In addition, a verify request on a digest-only session doesn't
generate any output at all so should never have a separate output
buffer.
John Baldwin [Tue, 14 Jun 2022 17:52:54 +0000 (10:52 -0700)]
pmcannotate: Don't increment end address passed to objdump -d.
libpmc already returns an end address that is after the end of the
last instruction of a function (on both amd64 and arm64) as the end
address written to the annotate map file is computed as the start
address of the symbol plus the size.
Adding one could result in a curious failure where an entire
function's contents in assembly was reduced instead to only the first
instruction. The reason is that when the end instruction is bumped by
one, objdump -d can append the first instruction of the next function
in its output. However, since pmcannotate concatenates all of the
objdump -d output from various functions into a single file which it
then searches to find the assembly for a given file, if this
additional trailer was earlier in the file than the full function, the
trailer was chosen to represent the entire function resulting in the
truncated listing of the function.
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D35399
John Baldwin [Tue, 14 Jun 2022 17:51:39 +0000 (10:51 -0700)]
newvers.sh: Don't use return to exit.
Commit acfb506b3d00 replaced an exit 0 when using -V with a return
instead. FreeBSD's sh treats a return outside of a function like
exit, but this is a non-portable extension. Other Bourne shells only
permit return to be used within a function and continue execution
(possibly with a warning).
To fix, don't reuse VARS_ONLY (which is intended to be set by other
scripts before sourcing newvers.sh directly) and instead use a new
variable (VARS_ONLY_EXIT) to restore the use of exit for the
non-sourced case.
John Baldwin [Tue, 14 Jun 2022 17:42:51 +0000 (10:42 -0700)]
rc.d/ntpd: Restart ntpd when resuming from sleep.
ntpd does not always gracefully handle clock steps during resume.
This is probably most useful in conjunction with
ntpd_sync_on_start=YES which will work around any clock skew while
suspended.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D35479
John Baldwin [Tue, 14 Jun 2022 17:35:01 +0000 (10:35 -0700)]
ktls_test: Permit an option to skip tests not using ifnet TLS.
If ktls.require_ifnet is set to true, then check the TLS offload mode
for tests sending and receiving records and skip the test if the
offload mode is not ifnet mode.
This can be used along with ktls.host to run KTLS tests against a NIC
supporting ifnet TLS and verify that expected cipher suites and
directions used ifnet TLS rather than software TLS. Receive tests may
result in a false positive as receive ifnet TLS can use software as a
fallback.
John Baldwin [Tue, 14 Jun 2022 17:34:51 +0000 (10:34 -0700)]
ktls_test: Permit connecting to a remote echo server for tests.
Previously ktls tests always executed over a local socket pair.
ktls.host can be set to a host to connect to with a single socket
instead. The remote end is expected to echo back any data received
(such as the echo service). The port can be set with ktls.port which
defaults to "echo".
This is primarily useful to permit testing NIC TLS offload use cases
where the traffic needs to transit the NIC.
Note that the variables must be set via
'kyua -v test_suites.FreeBSD.ktls.host=host'.
John Baldwin [Thu, 9 Jun 2022 18:05:34 +0000 (11:05 -0700)]
hwpmc: Permit the minimum sampling count to be set as a sysctl.
A rarely occurring event (e.g. an event that occurs less than 1000
times during execution of a program) may require a lower minimum
threshold than 1000. Replace the hardcoded 1000 with a sysctl that
the administrator can use to permit smaller sampling count values.
Reviewed by: mhorne, mav
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D35400
John Baldwin [Thu, 20 Jan 2022 20:48:24 +0000 (12:48 -0800)]
Use MOVED_LIBS for the libalias modules being moved to /lib.
This is a bit more unusual in that the modules dropped their major
version suffix at the same time, so the old files being removed by
MOVED_LIBS in this case are the symlinks to the old libraries.
Reviewed by: emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33849
John Baldwin [Thu, 20 Jan 2022 20:47:43 +0000 (12:47 -0800)]
Use MOVED_LIBS for libraries moved between /usr/lib and /lib.
Add a MOVED_LIBS variable similar to OLD_LIBS except that MOVED_LIBS
is used for the cases that a library's name doesn't change, but it
just moves between /usr/lib and /lib. This will be used by a future
change to auto-generate lib32 old files entries for which these cases
need to be ignored (a moved library remains in /usr/lib32).
Suggested by: emaste
Reviewed by: emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33848
John Baldwin [Thu, 13 Jan 2022 22:48:32 +0000 (14:48 -0800)]
Remove lib32 versions of libl.
Reviewed by: imp, emaste
Fixes: eb61f7bdf266 Stop building libl and liby
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33851
John Baldwin [Tue, 11 Jan 2022 19:38:11 +0000 (11:38 -0800)]
Add list-old-{dirs,files,libs} targets.
These targets generate a raw list of the candidate old files roughly
corresponding to the values of OLD_DIRS, OLD_FILES, and OLD_LIBS.
Currently list-old-files also includes uncompressed manpages in
addition to compressed manpages.
Use these targets in the implementation of check-old-* and
delete-old-* to replace duplicated logic.
Reviewed by: imp, emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33327
Mike Karels [Sat, 2 Jul 2022 16:03:36 +0000 (11:03 -0500)]
netstat -i: do not truncate interface names
The field for interface names for netstat -i was 5 characters by
default, which is no longer sufficient with names like "vlan1234"
and "vtnet0". netstat -iW computed the necessary field width, but
also enlarged the address field by a lot (especially with IPv6 enabled).
Make netstat -i compute the field width for interface names with or
without -W. Note that the existing default output does not fit in
80 columns in any case. Update the man page accordingly, documenting
the remaining effect of -W with -i. Also add -W to the list of
General Options, as there are numerous pointers to this.
Reported by: Chris Ross
Reviewed by: melifaro, rgrimes, cy
Differential Revision: https://reviews.freebsd.org/D35703
Apply tentative llvm fix for avoiding fma on PowerPC SPE
Merge llvm review D77558, by Justin Hibbits:
PowerPC: Don't hoist float multiply + add to fused operation on SPE
SPE doesn't have a fmadd instruction, so don't bother hoisting a
multiply and add sequence to this, as it'd become just a library call.
Hoisting happens too late for the CTR usability test to veto using the CTR
in a loop, and results in an assert "Invalid PPC CTR loop!".
Reported by: alfredo
Obtained from: https://reviews.llvm.org/D77558
MFC after: 3 days
Apply clang fix for assertion building llvm with libc++ 15
Merge commit f1b0a4fc540f from llvm git (by Richard Smith):
An expression should only contain an unexpanded parameter pack if it
lexically contains a mention of the pack.
Systematically distinguish between syntactic and semantic references to
packs, especially when propagating dependence from a type into an
expression. We should consult the type-as-written when computing
syntactic dependence and should consult the semantic type when computing
semantic dependence.
Doug Moore [Tue, 21 Jun 2022 00:34:46 +0000 (19:34 -0500)]
iommu_gas: Drop needless bound check in lowermatch
The loop iteration in iommu_gas_lowermatch checks the bound
a->common->lowaddr twice per loop iteration. Rewrite to test only once
per iteration. Do not worry about passing to iommu_gas_match_one a
range wholly beyond lowaddr. Since that function checks the upper end
of the range against lowaddr, it'll get rejected there.
Doug Moore [Tue, 12 Jul 2022 17:33:20 +0000 (12:33 -0500)]
mips_busdma: fix mips errors after merge
The change "vm_extern: use standard address checkers everywhere"
introduced bugs, as well as features, into head. After it was
introduced, but before those bugs were addressed, mips support was
dropped from head, so those mips bugs were never fixed in head. Now,
that change and those fixes have been merged into stable/13. This
change fixes two of those bugs that were fixed everywhere else but
never in mips.
Doug Moore [Sun, 2 Jan 2022 18:37:05 +0000 (12:37 -0600)]
busdma: _bus_dmamap_addseg repaired
A recent change introduced a one-off error into a test allowing
coalescing chunks into segments. This fixes that error.
broke a check in _bus_dmamap_addseg on many architectures. This change makes it clear that it is not a particular range that is being boundary-checked, but the proposed union of the two adjacent ranges.
Reported by: se
Reviewed by: se
Fixes: c606ab59e7f9 vm_extern: use standard address checkers everywhere
Differential Revision: https://reviews.freebsd.org/D33715
Doug Moore [Fri, 31 Dec 2021 05:31:18 +0000 (23:31 -0600)]
vm_phys: #include vm_extern
Arm64 and powerpc don't include vm_extern.h indirectly in vm_phys.c, which
means that for the sake of those architectures, it must be included explicitly.
Also, fix a set-unused warning that jenkins also found.
Reported by: Jenkins
Fixes: c606ab59e7f9 vm_extern: use standard address checkers everywhere
Doug Moore [Fri, 31 Dec 2021 04:09:08 +0000 (22:09 -0600)]
vm_extern: use standard address checkers everywhere
Define simple functions for alignment and boundary checks and use them
everywhere instead of having slightly different implementations
scattered about. Define them in vm_extern.h and use them where
possible where vm_extern.h is included.
Mike Karels [Sun, 3 Jul 2022 23:04:41 +0000 (18:04 -0500)]
mountd startup: enable NFSv4 if needed on restart
The mountd script in rc.d sets vfs.nfsd.server_max_nfsvers correctly
when it is run at system startup, relying on the kernel default.
However, if NFSv4 was enabled in /etc/rc.conf later, and the script
was re-run to restart mountd, the sysctl was still set to 3.
Set the sysctl to the right value in all cases.
Doug Moore [Tue, 10 May 2022 16:53:52 +0000 (11:53 -0500)]
bitstring: fix ff_area() when start!=0
commit 84e2ae64c597000a0 introduced an error in the ff*_area_at
functions for nonzero start parameters when the bit range sought was
found immediately. It mistakenly replaced '_value = _start' with
'_value = 0' in initialization. Undo that mistake.
Reported by: markj
Reviewed by: markj
Tested by: markj
Fixes: 84e2ae64c597 vm_reserv: use enhanced bitstring for popmaps
Differential Revision: https://reviews.freebsd.org/D35157
Doug Moore [Wed, 12 Jan 2022 17:03:53 +0000 (11:03 -0600)]
vm_reserv: use enhanced bitstring for popmaps
vm_reserv.c uses its own bitstring implemenation for popmaps. Using
the bitstring_t type from a standard header eliminates the code
duplication, allows some bit-at-a-time operations to be replaced with
more efficient bitstring range operations, and, in
vm_reserv_test_contig, allows bit_ffc_area_at to more efficiently
search for a big-enough set of consecutive zero-bits.
Make bitstring changes improve the vm_reserv code. Define a bit_ntest
method to test whether a range of bits is all set, or all clear.
Define bit_ff_at and bit_ff_area_at to implement the ffs and ffc
versions with a parameter to choose between set- and clear- bits.
Improve the area_at implementation. Modify the bit_nset and
bit_nclear implementations to allow code optimization in the cases
when start or end are multiples of _BITSTR_BITS.
Doug Moore [Fri, 24 Dec 2021 18:59:16 +0000 (12:59 -0600)]
vm: alloc pages from reserv before breaking it
Function vm_reserv_reclaim_contig breaks a reservation with enough
free space to satisfy an allocation request and returns the free space
to the buddy allocator. Change the function to allocate the request
memory from the reservation before breaking it, and return that memory
to the caller. That avoids a second call to the buddy allocator and
guarantees successful allocation after breaking the reservation, where
that success is not currently guaranteed.
Doug Moore [Fri, 24 Dec 2021 08:47:21 +0000 (02:47 -0600)]
Fix clerical error in page alloc
Fix a very recent change that introduced a page accounting error in
case of a reserveration being broken.
Reviewed by: alc
Fixes: fb38b29b5609 (page_alloc_br) vm_page: Remove extra test, dup code from page alloc
Differential Revision: https://reviews.freebsd.org/D33645
Doug Moore [Fri, 24 Dec 2021 04:45:47 +0000 (22:45 -0600)]
vm_page: Remove extra test from page alloc
Extract code from vm_page_alloc_contig_domain into a new function. Do
so in a way that eliminates a bound-to-fail reservation test after a
reservation is broken by a call from vm_page_alloc_contig_domain.
Some systems put sensors on non-0 lun, so we should not omit it. This
was the only difference with the Linux driver, where DIMM sensors could
be queried, but not on FreeBSD.
See this report[1] on the FreeBSD forums:
https://forums.freebsd.org/threads/freebsd-cannot-get-dimm-temperature-sensor-value.85166/
Reviewed by: philip
Tested by: Andrey Lanin[1]
Differential Revision: https://reviews.freebsd.org/D35612
Handle IPMB requests using SEND_MSG (sent as driver request as we do not
need to return anything back to userland for this) and GET_MSG (sent as
usual request so we can return the data for RECEIVE_MSG ioctl) pair.
This fixes fetching complete sensor data from boards (e.g. HP ProLiant
DL380 Gen10).
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D35605
Doug Moore [Sun, 19 Jun 2022 16:55:44 +0000 (11:55 -0500)]
tree.3: document RB_AUGMENT
Document the RB_AUGMENT macro, and provide an example of its use.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D35518
Kirk McKusick [Tue, 28 Jun 2022 04:46:15 +0000 (21:46 -0700)]
Correctly update fs_dsize in growfs(8)
When growing a UFS/FFS filesystem, the size of the summary information
may expand into additional blocks. These blocks must be removed from
fs_dsize which records the number of blocks in the filesystem that can
be used to hold filesystem data.
While here also update the fs_old_dsize and fs_old_size fields for
compatibility with kernels that were compiled before the addition
of UFS2.
We have a more reliable way of obtaining pid already defined in rc.subr
and available when protect(1) needs it. We can simply `eval $_pidcmd`
which also invokes `check_process` but properly accounts for existing
pidfile, procname and interpreter settings.
With the change the pidfile is properly obtained.
Submitted by: Adam Wolk <a.wolk at fudosecurity.com>
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D30367