jhb [Wed, 2 Jan 2019 19:11:49 +0000 (19:11 +0000)]
MFC 341800: Don't report stale signal information in ptrace_lwpinfo.
Once a signal's siginfo was copied to 'td_si' as part of the signal
exchange in issignal(), it was never cleared. This caused future
thread events that are reported as SIGTRAP events without signal
information to report the stale siginfo in 'td_si'. For example, if a
debugger created a new process and used SIGSTOP to stop it after
PT_ATTACH, future system call entry / exit events would set PL_FLAG_SI
with the SIGSTOP siginfo in pl_siginfo. This broke 'catch syscall' in
current versions of gdb as it assumed PL_FLAG_SI with SIGTRAP
indicates a breakpoint or single step trap.
cy [Mon, 31 Dec 2018 03:53:33 +0000 (03:53 +0000)]
MFC r342385:
Remove an empty #if block.
The interesting thing is that looking through Darren's commit logs,
the line containing an extern ppsratecheck() definition was removed
from the v5-1-RELEASE branch but not from HEAD (I have taken his
CVS tree and converted it to GIT). There is a commit adding an
additional #if defined to the empty block. I can only assume that
this was intentional for something later. Looking through HEAD the
extern ppsratecheck() is there. However if we put it back it would
conflict with a static ppsratecheck() definition in fil.c when
building ipftest.
Therefore we remove this empty block.
ppsratecheck() is a function in the FreeBSD kernel. However ipftest
cannot call the ppsratecheck() in the kernel. Therefore one exists in
fil.c for use when building the userland ipftest utility which
approximates the packet filter in userland for testing of ipfilter
rules against packets captured with tcpdump.
cy [Sun, 30 Dec 2018 04:37:49 +0000 (04:37 +0000)]
MFC r342377:
Remove NETBSD_PF. NETBSD_PF is a flag that defines whether the pfil(9)
framework is available. pfil(9) has been in FreeBSD since FreeBSD 5
and according to svn log was first committed to HEAD in 2000, therefore
it is safe to say the check is no longer needed in FreeBSD.
pfil(9) first appeared in NetBSD 1.3 (hence the name NETBSD_PF).
Therefore it is safe to say that it is supported by every NetBSD system
today. The framework also exists in illumos.
As ipfilter code is shared and exchanged between FreeBSD and NetBSD, and
at some point in the future illumos too, and as all three platforms have
pfil(9), the redundant NETBSD_PF #defines and #ifdefs are removed.
cy [Sun, 30 Dec 2018 04:31:51 +0000 (04:31 +0000)]
MFC r341279:
Clean up a redundant non-redefinition of IFNAMSIZ. IFNAMSIZ
is defined in net/if.h, therefore the condition is never met and
confusing to those who follow.
jhb [Sat, 29 Dec 2018 01:19:14 +0000 (01:19 +0000)]
MFC 340441: Revert r332735 and fix MSI-X to properly fail allocations when full.
The off-by-one errors in 332735 weren't actual errors and were
preventing the last MSI interrupt source from being used. Instead,
the issue is that when all MSI interrupt sources were allocated, the
loop in msix_alloc() would terminate with 'msi' still set to non-null.
The only check for 'i' overflowing was in the 'msi' == NULL case, so
msix_alloc() would try to reuse the last MSI interrupt source instead
of failing.
Fix by moving the check for all sources being in use to just after the
loop.
eugen [Sat, 29 Dec 2018 00:44:11 +0000 (00:44 +0000)]
MFC r342367: ifconfig.8, lagg.4: fix documentation bug: -use_flowid
needs to be used to force local hash computation and disable usage
of RSS hash provided by driver.
jhb [Sat, 29 Dec 2018 00:30:17 +0000 (00:30 +0000)]
MFC 340304: Use tcp_state_change() in the cxgbe(4) TOE module.
r254889 added tcp_state_change() as a centralized place to log state
changes in TCP connections for DTrace. r294869 and r296881 took
advantage of this central location to manage per-state counters.
However, TOE sockets were still performing some (but not all) state
change updates via direct assignments to t_state. This resulted in
state counters underflowing when TOE was in use. Fix by using
tcp_state_change() when changing a TOE connection's state.
arybchik [Wed, 26 Dec 2018 10:39:34 +0000 (10:39 +0000)]
MFC r341785
sfxge(4): use n Tx queues instead of n + 2 on EF10 HW
On EF10 HW we can avoid sending packets without checksum offload
or with IP-only checksum offload to dedicated queues. Instead, we
can use option descriptors to change offload policy on any queue
during runtime. Thus, we don't need to create two dedicated queues.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18390
arybchik [Wed, 26 Dec 2018 10:38:51 +0000 (10:38 +0000)]
MFC r341784
sfxge(4): prepare the number of Tx queues on event queue 0 to become
variable
The number of Tx queues on event queue 0 can depend on the NIC family
type, and this property will be leveraged by future patches.
This patch prepares the code for this change.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18389
arybchik [Wed, 26 Dec 2018 10:37:06 +0000 (10:37 +0000)]
MFC r341783
sfxge(4): report support for Tx checksum op descriptors
FreeBSD driver needs a patch to provide a means for packets
which do not need checksum offload but have flow ID set
to avoid hitting only the first Tx queue (which has been used
for packets not needing checksum offload).
This should be possible on Huntington, Medford or Medford2 chips
since these support toggling checksum offload on any given queue
dynamically by means of pushing option descriptors.
The patch for FreeBSD driver will then need a means to figure out
whether the feature can be used, and testing adapter family might
not be a good solution.
This patch adds a feature bit specifically to indicate support
for checksum option descriptors. The new feature bits may have
more users in future, apart from the mentioned FreeBSD patch.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18388
arybchik [Wed, 26 Dec 2018 10:35:41 +0000 (10:35 +0000)]
MFC r341782
sfxge(4): populate per-event queue stats in sysctl
In order to find out why the first event queue and corresponding
interrupt is triggered more frequent, it is useful to know which
events go to each event queue.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18418
arybchik [Wed, 26 Dec 2018 10:28:43 +0000 (10:28 +0000)]
MFC r341327
sfxge(4): rollback last seen VLAN TCI if Tx packet is dropped
Early processing of a packet on transmit may change last seen
VLAN TCI in the queue context. If such a packet is eventually
dropped, last seen VLAN TCI must be set to its previous value.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18288
arybchik [Wed, 26 Dec 2018 10:28:03 +0000 (10:28 +0000)]
MFC r341326
sfxge(4): ensure EvQ poll stops when abort is requested
If an event handler requested an abort, only the inner loop was
guarenteed to be broken out of - the outer loop could continue
if total == batch.
Fix this by poisoning batch to ensure it is different to total.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18287
arybchik [Wed, 26 Dec 2018 10:27:24 +0000 (10:27 +0000)]
MFC r341311
sfxge(4): make last byte of module information available
Adjust bounds so the interface supports reading
the last available byte of data.
Submitted by: Richard Houldsworth <rhouldsworth at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18273
arybchik [Wed, 26 Dec 2018 10:26:58 +0000 (10:26 +0000)]
MFC r341309
sfxge(4): fix MAC Tx stats for less or equal to 64 bytes
This statistic should include 64byte and smaller frames.
Fix EF10 calculation to match Siena code.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18271
arybchik [Wed, 26 Dec 2018 10:26:24 +0000 (10:26 +0000)]
MFC r341302
sfxge(4): fix a typo in unicast filter insertion comment
Submitted by: Ivan Malov <ivan.malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18264
arybchik [Wed, 26 Dec 2018 10:25:55 +0000 (10:25 +0000)]
MFC r341301
sfxge(4): prevent access to the NIC config before probe
NIC config is initialized during NIC probe.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18263
arybchik [Wed, 26 Dec 2018 10:23:16 +0000 (10:23 +0000)]
MFC r341295
sfxge(4): avoid usage of too big arrays on stack
Found by PreFAST static analysis.
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18257
arybchik [Wed, 26 Dec 2018 10:22:49 +0000 (10:22 +0000)]
MFC r341290
sfxge(4): check size of memory to read sensors data to
Size of provided memory should be consistent with specified size.
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18252
arybchik [Wed, 26 Dec 2018 10:21:40 +0000 (10:21 +0000)]
MFC r341214
sfxge(4): fix SAL annotation for input buffers
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18245
arybchik [Wed, 26 Dec 2018 10:20:54 +0000 (10:20 +0000)]
MFC r341213
sfxge(4): fix PreFAST warnings because of unused return
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18244
arybchik [Wed, 26 Dec 2018 10:20:02 +0000 (10:20 +0000)]
MFC r341197
sfxge(4): fix comparison always true warning
Loopback type used as bit index has efx_loopback_type_t type
which is enum. clang complains that it is always true when it
is compared with qword (64 bit) bits number boundary.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18228
arybchik [Wed, 26 Dec 2018 10:19:12 +0000 (10:19 +0000)]
MFC r341038
sfxge(4): add method to make checksum option descriptors
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18160
Falcon support has been withdrawn from libefx, however, there is still
an obsolete Falcon-specific assertion that efx_mac_stats_upload()
and efx_port_poll() aren't concurrent. To be consistent with an overall
Falcon support revocation it's desirable to remove it.
Fix debug build invalid assertion failure.
Submitted by: Ivan Malov <ivan.malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D1813
arybchik [Wed, 26 Dec 2018 10:16:48 +0000 (10:16 +0000)]
MFC r340895
sfxge(4): move BIU test code into Siena-specific file
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18129
Fix warning
"C6001: Using uninitialized memory '*sensor_maskp'"
which could occur when the npages argument to efx_mcdi_sensor_info()
is less than or equal to zero.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18128
arybchik [Wed, 26 Dec 2018 10:15:31 +0000 (10:15 +0000)]
MFC r340892
sfxge(4): remove obsolete check for pre-Siena hardware
The fail4 label was used twice, so it doesn't need removing.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18126
arybchik [Wed, 26 Dec 2018 10:14:29 +0000 (10:14 +0000)]
MFC r340891
sfxge(4): fix warnings from VS2015 C compiler (C4214)
Fix multiple level 4 warnings
"C4214: nonstandard extension used: bit field types other than int";
no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18125
arybchik [Wed, 26 Dec 2018 10:13:42 +0000 (10:13 +0000)]
MFC r340890
sfxge(4): fix warnings from VS2015 C compiler (C4057)
Fix two level 4 warnings
"C4057: 'function': 'const uint8_t *' differs in indirection to
slightly different base types from 'caddr_t'"; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18124
arybchik [Wed, 26 Dec 2018 10:12:15 +0000 (10:12 +0000)]
MFC r340889
sfxge(4): fix warnings from VS2015 C compiler (C4189)
Fix multiple level 4 warnings
"C4189: 'xxx': local variable is initialized but not referenced";
no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18123
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18122
arybchik [Wed, 26 Dec 2018 10:08:28 +0000 (10:08 +0000)]
MFC r340887
sfxge(4): fix warnings from VS2015 C compiler (C4245)
Fix level 4 warning
"C4245: 'initializing': conversion from 'int' to 'uint32_t',
signed/unsigned mismatch" warning; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18121
arybchik [Wed, 26 Dec 2018 10:07:30 +0000 (10:07 +0000)]
MFC r340886
sfxge(4): fix warnings from VS2015 C compiler (C4244)
Fix level 4 warning
"C4244: '+=': conversion from 'unsigned int' to 'uint16_t', possible
loss
of data"; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18120
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18119
arybchik [Wed, 26 Dec 2018 10:05:36 +0000 (10:05 +0000)]
MFC r340884
sfxge(4): fix probes in licensing support
EFSYS_PROBE1 takes one typed value (in addition to the probe name),
whereas EFSYS_PROBE has just the probe name.
Which to use is determined by the probe name - "fail1" probes are
expected to include the function result.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18118
arybchik [Wed, 26 Dec 2018 10:05:03 +0000 (10:05 +0000)]
MFC r340883
sfxge(4): fix diagnostics support build without Siena
The compilation failed because __efx_sram_pattern_fns was used in
efx_nic.c, but defined in efx_sram.c which is only needed when
supporting Siena.
To fix it move all the code using __efx_sram_pattern_fns into
Siena-specific files (except for the definition in efx_sram.c itself,
as that file only needs to be included in Siena-supporting builds
anyway).
The functions to test registers and tables are unlikely to apply to any
new hardware and so can be moved into Siena files. Since Huntington
such tests have been implemented in firmware.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18117
arybchik [Wed, 26 Dec 2018 10:02:05 +0000 (10:02 +0000)]
MFC r340831
sfxge(4): make MAC naming consistent with other modules
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18101
arybchik [Wed, 26 Dec 2018 10:01:25 +0000 (10:01 +0000)]
MFC r340826
sfxge(4): fix ignoring function return value
fix PreFAST issue, add missing annotation that function return value
should not be ignored. Fix alignment.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18096
arybchik [Wed, 26 Dec 2018 10:00:25 +0000 (10:00 +0000)]
MFC r340822
sfxge(4): fix check in NVRAM validate
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18092
arybchik [Wed, 26 Dec 2018 09:59:24 +0000 (09:59 +0000)]
MFC r340814
sfxge(4): fix result code in MCDI NVRAM update finish
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18084
arybchik [Wed, 26 Dec 2018 09:44:08 +0000 (09:44 +0000)]
MFC r340806
sfxge(4): fix default RSS context check on Siena
Default RSS context check is carried out during filter
insertion on Siena and it needs to be fixed
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18076
arybchik [Wed, 26 Dec 2018 09:43:38 +0000 (09:43 +0000)]
MFC r340805
sfxge(4): define a handle to denote default RSS context
Make the existing filter-specific define more general.
This is the same as MC_CMD_RSS_CONTEXT_ALLOC_OUT_RSS_CONTEXT_ID_INVALID.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18075
arybchik [Wed, 26 Dec 2018 09:42:40 +0000 (09:42 +0000)]
MFC r340804
sfxge(4): insert filters for encapsulated packets
On Medford, with full-featured firmware running, encapsulated
packets may not be delivered unless filters are inserted for
them, as ordinary filters are not applied to encapsulated
packets. So filters for encapsulated packets need to be
inserted for each class of encapsulated packet. For simplicity,
catch-all filters are always inserted. These may match more
packets than the OS has asked for, but trying to insert more
precise filters increases complexity for little gain.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18074
arybchik [Wed, 26 Dec 2018 09:41:04 +0000 (09:41 +0000)]
MFC r340803
sfxge(4): support filters for encapsulated packets
This supports filters which match all unicast or multicast
inner frames in VXLAN, GENEVE, or NVGRE packets.
(Additional fields to match on can be added easily.)
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18073
arybchik [Wed, 26 Dec 2018 09:40:13 +0000 (09:40 +0000)]
MFC r340802
sfxge(4): use proper MCDI command for encap filters
MC_CMD_FILTER_OP_IN_EXT is needed to set filters for encapsulated
packets.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18072
arybchik [Wed, 26 Dec 2018 09:37:30 +0000 (09:37 +0000)]
MFC r340800
sfxge(4): let caller know that queue is already flushed
Tx/Rx queue may be already flushed due to Tx/Rx error on the queue or
MC reboot. Caller needs to know that the queue is already flushed to
avoid waiting for flush done event.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18070
arybchik [Wed, 26 Dec 2018 09:36:42 +0000 (09:36 +0000)]
MFC r340799
sfxge(4): fix error code usage
MCDI results returned in req.emr_rc have already been translated
from MC_CMD_ERR_* to errno names, so using an MC_CMD_ERR_* value
is incorrect.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18069
arybchik [Wed, 26 Dec 2018 09:34:26 +0000 (09:34 +0000)]
MFC r340798
sfxge(4): fix out of bounds read in VIs allocation
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18068
arybchik [Wed, 26 Dec 2018 09:33:26 +0000 (09:33 +0000)]
MFC r340767
sfxge(4): limit max TXQ size on Medford to 2048
Queues with 4096 descriptors are not supported as the top bit is used
for vfifo stuffing.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D8948
arybchik [Wed, 26 Dec 2018 09:31:36 +0000 (09:31 +0000)]
MFC r312884
sfxge(4): fix RxQ structure layout vs usage on datapath
Recent changes in the pseudo header accessor prototypes start to
use common code RxQ handle on datapath. The handle was located
at the end of the structure with members not used on datapath.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D9359
mm [Fri, 21 Dec 2018 23:33:28 +0000 (23:33 +0000)]
MFC r339746,339751,339794,340866,340939,342042:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1013: Add missing h_base offset when performing absolute seeks in
xar decompression
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files
PR #1061: Add support for extraction of RAR v5 archives
PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
and v7tar
PR #1067: Fix temporary file path buffer overflow in tests
IS #1068: Correctly process and verify integer arguments passed to
bsdcpio and bsdtar
PR #1070: Don't default XAR entry atime/mtime to the current time
PR #1080: Spelling fixes
PR #1084: RAR5 reader bugfixes
PR #1091: fix use-after-free in delayed newc link processing
PR #1092: Fix a few obvious resource leaks and strcpy() misuses
IS #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1102: RAR5 reader - fix big-endian problems
PR #1105: Fix various crash, memory corruption and infinite loop conditions
RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
sparc64 and riscv64
RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
FreeBSD build
hselasky [Wed, 12 Dec 2018 13:14:41 +0000 (13:14 +0000)]
MFC r341585:
mlx5en: Improve configuration of HW LRO.
In order to enable HW LRO, both the "hw_lro" sysctl in the mlx5en(4) config
space must be set, and the ifconfig(8) LRO capability must be set. Any other
settings will disable HW LRO.
cy [Tue, 11 Dec 2018 01:49:06 +0000 (01:49 +0000)]
As part of the general cleanup of the ipfilter code, special cases
are committed separately to document fixing them separately from
the general cleanup. In this case we don't want to hide the utter
brokenness of what is being fixed.
Clean up a discombobulated block of #if's, with one block unreachable.
ip_fil.c is used in ipftest which is used to dry-run test ipfilter
rules in userspace without loading them in the kernel. The call to
(*ifp->if_output) matches that in the FreeBSD kernel.
Further testing and work will be required to make ipftest fully
functional.
Restore handling of PMTU discovery, removed through an unifdef(1)
following the MFV of r254219 into r255332. In addition the 'FreeBSD'
macro was never defined in ipfilter 5.1.2 thus it never would have
been enabled in the first place.
This work is prompted by a general cleanup of the IP Filter code
prompted by working to resolve a PR. More to follow.
Remove IFF_DRVRLOCK as it is used in IRIX only (and we all know IRIX
is dead). This includes collaterally removing code shared by HP/UX,
SGI, and Linux, where IP Filter will in all likelihood for various
reasons never run again.
emaste [Wed, 5 Dec 2018 21:51:39 +0000 (21:51 +0000)]
MFC r341484: Always treat firmware request and response sizes as unsigned.
This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.
Submitted by: jhb
Reported by: Reno Robert
Security: CVE-2018-17160
emaste [Mon, 3 Dec 2018 02:38:15 +0000 (02:38 +0000)]
MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
r235274 added a sort regression test (it operates by comparing output
against GNU sort). The commit included a number of 0-byte files, one
of which ends in a trailing . which reportedly breaks svn/git checkouts
on Windows.
It appears these were added accidentally, so just remove them.
cy [Fri, 30 Nov 2018 06:47:01 +0000 (06:47 +0000)]
This is a direct commit to the stable/10 branch. This would have been
MFC r340754 except that etc/rc.d has been moved in HEAD which would
have resulted in a tree conflict if merged.
Allow forced start of ipmon in special cases where testing is desired
(or other special cases) and when ipfilter is disabled in rc.conf but
started by other means.
emaste [Thu, 29 Nov 2018 20:14:09 +0000 (20:14 +0000)]
MFC r340260: Avoid buffer underwrite in icmp_error
icmp_error allocates either an mbuf (with pkthdr) or a cluster depending
on the size of data to be quoted in the ICMP reply, but the calculation
failed to account for the additional padding that m_align may apply.
Include the ip header in the size passed to m_align. On 64-bit archs
this will have the net effect of moving everything 4 bytes later in the
mbuf or cluster. This will result in slightly pessimal alignment for
the ICMP data copy.
Also add an assertion that we do not move m_data before the beginning of
the mbuf or cluster.
Reported by: A reddit user
Security: CVE-2018-17156
Sponsored by: The FreeBSD Foundation
eugen [Mon, 26 Nov 2018 13:08:34 +0000 (13:08 +0000)]
makewhatis: do not try to operate on read-only mounted
directories just to fail later. This is direct commit to stable/10
instead of MFC r339817 due to makewhatis.local being moved
in recent branches.
eugen [Mon, 26 Nov 2018 12:47:12 +0000 (12:47 +0000)]
Prevent ip_input() from panicing due to unprotected access
to INADDR_HASH. This is direct commit to stable/10 instead of MFC r339808
due to significant differences in code base.
PR: 220078
Differential Revision: https://reviews.freebsd.org/D12457
Tested-by: Cassiano Peixoto and others
eugen [Mon, 26 Nov 2018 12:19:30 +0000 (12:19 +0000)]
Prevent stf(4) from panicing due to unprotected access
to INADDR_HASH. This is direct commit to stable/10
instead of MFC r339806 due to significant differences
in code base.
PR: 220078
Differential Revision: https://reviews.freebsd.org/D12457
Tested-by: Cassiano Peixoto and others
eugen [Mon, 26 Nov 2018 11:51:44 +0000 (11:51 +0000)]
Prevent multicast code from panicing due to unprotected access
to INADDR_HASH. This is direct commit to stable/10 instead of MFC r339807
due to significant difference in code base.
eugen [Mon, 26 Nov 2018 11:23:01 +0000 (11:23 +0000)]
MFC r339816: mount_msdosfs
mount_msdosfs: do not fail mounts requiring locale name conversion table
that is already present in a kernel statically.
For example, the command "mount_msdosfs -L ru_RU.KOI8-R" fails with error
"mount_msdosfs: msdosfs_iconv: File exists" for a kernel having
options LIBICONV and MSDOSFS_ICONV. After this change, it mounts
successfully.
marius [Wed, 21 Nov 2018 18:54:38 +0000 (18:54 +0000)]
MFC: r340495
- Restore setting the clock for devices which support the default/legacy
transfer mode only (lost with r321385). [1]
- Similarly, don't try to set the power class on MMC devices that comply
to version 4.0 of the system specification but are operated in default/
legacy transfer or 1-bit bus mode as no power class is specified for
these cases. Trying to set a power class nevertheless resulted in an -
albeit harmless - error message.
eugen [Tue, 20 Nov 2018 10:45:46 +0000 (10:45 +0000)]
MFC r339558: New sysctl: net.inet.icmp.error_keeptags
Currently, icmp_error() function copies FIB number from original packet
into generated ICMP response but not mbuf_tags(9) chain.
This prevents us from easily matching ICMP responses corresponding
to tagged original packets by means of packet filter such as ipfw(8).
For example, ICMP "time-exceeded in-transit" packets usually generated
in response to traceroute probes lose tags attached to original packets.
This change adds new sysctl net.inet.icmp.error_keeptags
that defaults to 0 to avoid extra overhead when this feature not needed.
Set net.inet.icmp.error_keeptags=1 to make icmp_error() copy mbuf_tags
from original packet to generated ICMP response.
eugen [Mon, 19 Nov 2018 06:39:00 +0000 (06:39 +0000)]
MFC r339465: rc.initdiskless: add support for auxiliary NVRAM.
Currently, rc.inidiskless assumes that local system configuration
changes are kept in some mountable file system. For example,
nanobsd uses dedicated partition mounted as /cfg for this.
However, small embedded devices like MIPS routers may have no enough flash
space to keep full-blown file system but have only one or couple
small flash blocks to keep persistent local configuration overrides.
This change extends rc.initdiskless and introduces ability to run auxiliary
command /conf/T/M/extract that is supposed to extract configuration overrides
from such local storage.
For example, the command /conf/default/etc/extract may contain something like:
cd "$1" && bsdcpio --quiet -idu < /dev/map/cfg
bsdcpio command extracts compressed archive from the storage to /etc
assuming the storage is exposed by the kernel as /dev/map/cfg to userland.
rmacklem [Sun, 18 Nov 2018 23:48:15 +0000 (23:48 +0000)]
MFC: r339999
Fix NFS client vnode locking to avoid a crash during forced dismount.
A crash was reported where the crash occurred in nfs_advlock() when the
NFS_ISV4(vp) macro was being executed. This was caused by the vnode
being VI_DOOMED due to a forced dismount in progress.
This patch fixes the problem by locking the vnode before executing the
NFS_ISV4() macro.