In particular, we store a FIB number in both struct socket and in struct
inpcb. When updating the FIB number with setsockopt(SO_SETFIB), make
the update atomic. This is required to support the new bind_all_fibs
mode, since in that mode changing the FIB of a bound socket is not
permitted.
This requires a bit more code, but avoids a layering violation in
sosetopt(), where we hard-code the list of protocol families that
implement SO_SETFIB.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D48666
(cherry picked from commit caccbaef8e263b1d769e7bcac1c4617bdc12d484)
The value passed via old field also needs to be validated.
PR: 283848
Fixes: f34aca55adef1e28cd68b2e6705a0cac03f0238e
(cherry picked from commit 031fbf8dc962ca8d458b217ba2b4a9e637b7e932)
of supplied nexthop sub-attributes. While here, use unsigned types for
length calculations and improve style(9).
PR: 283860
(cherry picked from commit 49a6e213416b5c0c9eccdff0af1c6b01f34c3693)
So far we have not compiled wow.c given we do not enable CONFIG_PM
yet.
Make the necessary file local adjustments to make the file compile
once further changes in LinuxKPI 802.11 code are comitted.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 848fdcae0326db5b7c3edd2e8c264d25254abe1d)
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
38fec10eb60d687e30c8c6b5420d86e8149f7557 ( tag: v6.14 ).
Sponsored by: The FreeBSD Foundation
(cherry picked from commit df279a26d3315e7abc9e6f0744137959a4c2fb86)
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
38fec10eb60d687e30c8c6b5420d86e8149f7557 ( tag: v6.14 ).
Sponsored by: The FreeBSD Foundation
(cherry picked from commit a0ccc12f6882a886d89ae279c541b2c2b62c6aca)
Update the script to support all the sub-drivers we compile now.
Some minor polishing as well.
Update fwget(8) as more IDs were added.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 91f53f4e062715d869f2cb7e957707255390b704)
Following the example of rtw88 and rtw89 only ship iwlwifi firmware
from ports/packages. Users are asked to run fwget(8) to install the
firmware needed for their system or build it from ports
(see also UPDATING).
This is the end of a long story adding wireless support to fwget(8),
migrating the firmware for multiple branches into ports, splitting them
up into flavors, and updating some install media and the installer to
provide firmware.
The overall amount for new firmware amongst all drivers would have
added more than 100M of binary blobs to src.git for the first import,
ignoring future updates which (along with some duplication between
multiple drivers) was considered too much.
While maintenance within the src tree certainly would have been
easier in the longer term this seems to be the better solution and
I would like to thank everyone who helped along the path to get there.
The iwlwififw.4 man page is to stay (for now) and will likely point
at the appropriate firmware package flavor in the future as well
so people may find it easier to transition. In the long term this
information is likely not needed anymore.
Sponsored by: The FreeBSD Foundation
Requested by: core (Oct 2022)
Reviewed by: thj, jrm (earlier)
Differential Revision: https://reviews.freebsd.org/D49713
(cherry picked from commit 558d638896239f9cd25b9d825ecfce62ec54681e)
(cherry picked from commit 918783b75aacb051f2f83dd0198ef68bc9fa5326)
Move some structs into the appropriate header to be visible.
Add new fields to structs and enums.
Remove arguments from two functions (one function currently unused
by drivers in the tree, for the other the argument was unused).
Adjust the iwlwifi accordingly. This is in preparation for new
driver versions to allow a smooth transition.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e6010da63903cc6d9aac0077ab861cfd6bae2aa7)
Given we currently do not ompile the file by default make it compile
again after the last vendor import.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 52a43041d2a864961f0a1a109a7a7c4c6ebed918)
Apply a temporary fix to FreeBSD only to allow AX101 to proceed
further. While this fix results in a debug error message if
firmware debugging is on we currently take this for the version
we have. A proper fix will eventually show up in future versions
of iwlwifi.
Sponsored by: The FreeBSD Foundation
Reported by: bapt
Tested by: bapt
(cherry picked from commit 97ddb6371b7206c622de40745927e98f0dfd2e85)
add a new typedef in if_vlan_var.h to represent the lowest (1) and
highest (4095) valid VLAN IDs in a .1q tag.
change if_vlan to use DOT1Q_VID_MAX instead of a magic number.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D49837
(cherry picked from commit c59492025073bd57c7dc3bb5bd843ab0a1391c7a)
include <sys/_types.h> for u_char and u_short.
to avoid including <sys/types.h>, remove the caddr_t cast from LLADDR.
we are trying to get rid of caddr_t anyway, and since sdl_data is
already an array of char, the cast is unnecessary. this also makes
LLADDR const-correct, i.e. passing a const sockaddr_dl will return a
const pointer.
Reviewed by: des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50065
(cherry picked from commit 70b5c918571b6c79459ee6de66ceb4c83974d542)
Reviewed by: des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50063
(cherry picked from commit a5ba03f6e4f003022968b50161abac24c7ec1d38)
to avoid strange precedence errors, enclose the macro body in
parentheses. this fixes constructs like: if (VLANTAGOF(m) == i)
Reviewed by: kp
(cherry picked from commit f36292f010fcc6391605182f2973fdc12a3bd15f)
When doing a limited retransmit, allow up to 2 * MSS - 1 if the
Nagle algorithm has been disabled.
PR: 282605
Reviewed by: cc, Peter Lei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D49922
(cherry picked from commit 934caaec3afc43638c2a1da8fbe3b672566db4fe)
We populate the kqueue with all of four kevents: three signal handlers and
one for read of the child pipe. Every time we start the child, we rebuild
this kqueue from scratch for the child and tear it down before we exit and
check if we need to restart the child. As a consequence, we effectively
drop any of the signals we're interested in between restarts.
Push the kqueue out into the daemon state to avoid losing any signal events
in the process, and reimplement the restart timer in terms of kqueue timers.
The pipe read event will be automatically deleted upon last close, which
leaves us with only the signal events that really get retained between
restarts of the child.
Approved by: so
Security: FreeBSD-EN-25:06.daemon
PR: 277959
Reviewed by: des, markj
(cherry picked from commit bc1dfc316a2bba97773a14b96f5e976a52524be4)
(cherry picked from commit 7ea2874eadf901b1187772670169b6fc3a44d917)
Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
Note that libbsdxml(3) is only intended to used by utilities in the
FreeBSD base system. None of the vulnerabilities addressed by expat
releases 2.6.1 - 2.7.1 is exploitable on FreeBSD as supported by the
security-officer@ team.
Approved by: so
Security: FreeBSD-EN-25:05.expat
Security: CVE-2024-8176
Security: CVE-2024-50602
Security: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Security: CVE-2024-28757
(cherry picked from commit ffd294a1f4c23863c3e515d16dce31d5509bcb01)
(cherry picked from commit 7fcc9d60956fc482d14acd579786390b989a5057)
(cherry picked from commit ba23ab2168ffabc2c5e647a1a37ab9a8fb482bb8)
(cherry picked from commit 8c7e4d11fef6ba9d5fc26571f72b8d877b0c1efb)
(cherry picked from commit 908f215e80fa482aa953c39afa6bb516f561fc00)
(cherry picked from commit 78ab4c182b9faa09688a040b252ba111952e5e17)
(cherry picked from commit fe9278888fd4414abe2d922e469cf608005f4c65)
(cherry picked from commit 6f7ee9ac036ebd210d70cb177eba0c3c5bc930e3)
(cherry picked from commit 03a1992591b0ae85b6b250255fe56e17f6d919c6)
(cherry picked from commit 50c58014795c63813c508bce59c97895ae2ca3c7)
(cherry picked from commit 00c8538e87c61f1fd57ccd9e02a6d435b68d9a73)
(cherry picked from commit fd4592006b1306e1d63a542612fd66a8374d181f)
Just as for nat anchors we can't print counters for rule anchors. Remove the
incorrect print call.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 0fc3c29fb3dd6ab6436a78c502544ebf2cf63ee2)
When printing a nat anchor we don't have rule information, or rule
counters. Do not attempt to print them. The information is nonsensical
anyway, and this can cause a crash converting the timestamp to a string,
as years in the very distant future use more digits, and we exceed the
30 byte buffer allocated for this.
MFC after: 2 weeks
Sponsored by: Orange Business Services
(cherry picked from commit 168d873ae41fd8bd40555322a79c9f215cb4cb9c)
This is a cosmetic change affecting the "plugged: ..." line in the
output of ifconfig -v. Both the 100G active cables were missing a
closing parenthesis.
Sponsored by: Chelsio Communications
(cherry picked from commit 6460c327f6f3fdf2d1cd4db648baf6cb7d74828e)
In general we are working towards making public headers self-contained.
cdefs.h is included for __packed; just assume that types.h includes
cdefs.h as that's a very common assumption.
PR: 285924
Reviewed by: emaste
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49735
(cherry picked from commit 31d3a94bdda4a9ca4c4d7d4e8e8a0ba1b05c7f18)
Move the necessary extra logics (i.e., noise_remote_enable() and
TAILQ_INSERT_TAIL()) from wg_ioctl_set() to wg_peer_alloc(), and thus
make it easier to be called. Actually, the updated version is more
asymmetric to wg_peer_destroy() and thus less likely to be misused.
Meanwhile, rename it to wg_peer_create() to look more consistent with
wg_peer_destroy().
Reviewed by: aly_aaronly.me (diff), markj
Obtained from: DragonflyBSD 902964ab24ba (with some changes)
(cherry picked from commit 7121e9414f294d116caeadd07ebd969136d3a631)
It appears that the maximum number of APP TLVs supported by the hardware
is 128 according to D45005. Well Daniel Porsch reported an issue PR284073
which shows that the number can exceed the limit, causing out of bound
write to on-stack allocated variable app[128] and the kernel panics.
Limit to 128 while retrieving APP TLVs.
PR: 284073
Reviewed by: markj
Tested by: Daniel Porsch <daniel.porsch@loopia.se>
Fixes: 35b53f8c989f bnxt_en: Add PFC, ETS & App TLVs protocols support
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D48589
(cherry picked from commit 3de231b4d956f7b9c22e31f75805030a417f7bf3)
pfctl_show_nat() is called recursively to print nat anchors. This passes the
anchor path, but this path was modified by pfctl_show_nat(), leading to issues
printing the anchors.
Make a copy of the path ('npath') before we modify it. Ensure we do this
correctly by sprinking in 'const', and add a test case to verify that we do now
print things correctly.
Reported by: Thomas Pasqualini <thomas.pasqualini@orange.com>
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 58164dcb55d62ca73b5e550b8344bf61e2d8a47a)
This seems a bit preferable to open-coding it. No functional change
intended.
Reviewed by: kp, glebius
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49518
(cherry picked from commit 27f70efebf1d9424462f291e9d04e62272083aa7)
This handles copying in install-boot.sh and bsdinstall's bootconfig.
install-boot.sh:
make_esp_file now optionally takes extra arguments so it can copy
multiple files. This is used by the amd64 release scripts.
make_esp_device also takes an extra optional argument for efibootname.
This is currently unused, but it can be used in the future to do
something like:
make_esp_device loader.efi bootx64
make_esp_device loader_ia32.efi bootia32
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
(cherry picked from commit 599273f942b8dc6f957487bb28f36694dab9dad2)
If we fail to attach the stack key that means we've already attached the wire
key. That means the state could be found by other cores, and given that we then
free it, be used after free.
Fix this by not releasing the ID hashrow lock and key locks until after we've
removed the inserted key again, ensuring the state cannot be found by other
cores.
Reported by: markj
Submitted by: glebius
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49550
These routines were all assuming that the sysctl handler has some new
value, but this is not the case. SYSCTL_IN() returns 0 in this
scenario, so they were all operating on an uninitialized address. This
is mostly harmless, but trips KMSAN checks, so let's fix them.
Reviewed by: zlei, rrs, glebius
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D49348
(cherry picked from commit 3ff865c6a7948b2cfc01d7056c619145b696700a)
struct tcp_log_rack is not used, therefore remove it.
Reviewed by: Peter Lei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D49669
(cherry picked from commit b1c62081feec535a4f2eeb4f8deb58913d9e281c)
The sendfile black box logging struct is much smaller than the
encompassing stack specific logging union. Be sure to clear the
trailing unused memory when logging.
Reviewed by: tuexen
Sponsored by: Netflix, Inc.
(cherry picked from commit 3bd1e85fc13cb90853046300dcaa31d63b45ee21)
Thanks to glebius@ for pointing to the problem.
Reported by: syzbot+1d5c164f1c10de84ad8a@syzkaller.appspotmail.com
Fixes: 2d5c48eccd9f ("sctp: Tighten up locking around sctp_aloc_assoc()")
(cherry picked from commit e8623834ca29b562687db945bdd12a3e2fe4aeb1)
Check if CTS bit is set in the mailbox message before waiting for ACK.
Otherwise ACK will never be received causing the function to timeout. Add
a note for ixgbe_write_mbx that it should be called while holding a lock.
Fixes: 6d243d2 ("net/ixgbe/base: introduce new mailbox API")
Cc: stable@dpdk.org
Signed-off-by: Norbert Ciosek <norbertx.ciosek@intel.com>
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Obtained from: DPDK (1f119e4)
(cherry picked from commit 1580f8d9c1740e0c54554e6c185573d34f2dcf76)
Summary:
The device IDs for these were in the driver's list of PCI ids to attach
to, but igc_set_mac_type() had never been setup to set the correct mac
type for these devices. Fix this by adding these IDs to the switch block
in order for them to be recognized by the driver instead of returning an
error.
This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790
PG-ITX/TB4 motherboard, allowing it to be recognized and used.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reviewed by: kbowling@
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D49147
(cherry picked from commit 7ee310c80ea7b336972f53cc48b8c3d03029941e)
m_unshare() can return a new mbuf pointer. We update the 'm' pointer in
ovpn_udp_input(), but if we decide to pass on the packet (e.g. because it's for
an unknown peer) the caller (udp_append()) continues with the old 'm' pointer,
eventually resulting in a use-after-free.
Re-order operations in ovpn_udp_input() so that we don't modify the 'm' pointer
until we're committed to keeping the packet.
PR: 283426
Test case by: takahiro.kurosawa@gmail.com
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Both pf_test() and pf_test6() can end up in a panic while
executing PF_UNLOCK_STATE which points to the state being
removed while it is in use.
The PF_LOCK_STATE in the removal subroutine makes sure
that pf_test/pf_test6 are no longer holding the state
and we can safely test and set PFTM_UNLINK.
The other bits of the OpenBSD commit probably apply as well
but for now make sure that this particular panic comes to
and end.
Based on: https://github.com/openbsd/src/commit/9d9f4dc6c83
It's only needed for in_pcb.c and in6_pcb.c, so can go to the private
header.
No functional change intended.
Reported by: glebius
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
(cherry picked from commit ca94f92c23fd09b28ac3398657ae2ae9367bcdf5)
