Also hide the other vht options on -vht and only show vht40/80/160/80p80
when vht is enabled.
While here fix some whitespace and comments.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian, emaste
Differential Revision: https://reviews.freebsd.org/D48326
(cherry picked from commit 42410c6d682c4e00ce6147f99b51a55f6f3fe075)
For certain users or chipsets (reports were for CNVi devices but
we are not sure if this is limited or specific to them) loading
if_iwlwifi hangs.
The reason for this is that a SYSINIT (module_load_order()) has not
yet run in this case and the Linux driver tries to load the
chipsets-specific module. On FreeBSD all supported sub-modules are
part of if_iwlwifi so we do not have to load them separately but
calling into kern_kldload via LinuxKPI request_module while loading
the module gives us a hard hang.
iwlwifi calls request_module_nowait() so we can simply skip over this
and continue and the SYSINIT will do the job later if no other
dependencies fail.
Sponsored by: The FreeBSD Foundation
PR: 282789
Tested by: Ruslan Makhmatkhanov, Pete Wright
Differential Revision: https://reviews.freebsd.org/D47994
(cherry picked from commit 87e140a5c6f89eea7ea6320d1ae34566492abfc0)
(cherry picked from commit 5d09d1070737c43738e433b547af1a90c0f10bf1)
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
98f7e32f20d28ec452afb208f9cffc08448a2652 ( tag: v6.11 ).
Sponsored by: The FreeBSD Foundation
(cherry picked from commit a4128aad8503277614f2d214011ef60a19447b83)
These were reported by `mandoc -T lint ...` as errors.
The rendered output (in ascii and html) is not affected by this commit.
Additional clarification: there was a non-breaking space in
lib/libcasper/services/cap_grp/cap_grp.3.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1449
(cherry picked from commit c8b31033c3971b2b7349804ffda0cea5e4835b40)
There're two possible race conditions,
1. Concurrent bpfattach() and bpf_setif(), i.e., BIOCSETIF ioctl,
2. Concurrent bpfdetach() and bpf_setif().
For the first case, userland may see BPF interface attached but it has
not been in the attached interfaces list `bpf_iflist` yet. Well it
will eventually be so this case does not matter.
For the second one, bpf_setif() may reference `dead_bpf_if` and the
kernel will panic (spotted by change [1], without the change we will
end up silently corrupted memory).
A simple fix could be that, we add additional check for `dead_bpf_if`
in the function `bpf_setif()`. But that requires to extend protection
of global lock (BPF_LOCK), i.e., BPF_LOCK should also protect the
assignment of `ifp->if_bpf`. That simple fix works but is apparently
not a good design. Since the attached interfaces list `bpf_iflist` is
the single source of truth, we look through it rather than check
against the interface's side, aka `ifp->if_bpf`.
This change has performance regression, that the cost of BPF interface
attach operation (BIOCSETIF ioctl) goes back from O(1) to O(N) (where
N is the number of BPF interfaces). Well we normally have sane amounts
of interfaces, an O(N) should be affordable.
[1] 7a974a649848 bpf: Make dead_bpf_if const
Fixes: 16d878cc99ef Fix the following bpf(4) race condition ...
MFC after: 4 days
Differential Revision: https://reviews.freebsd.org/D45725
(cherry picked from commit 7def047a1ae93b3b10bd57ed1bd28e861f94b596)
This got lost many years ago in 8eb6488ebb0dcd92517625e4833ddf7d26e3b3a3
It is used by the driver's DBG printfs.
(cherry picked from commit bf6f0db8a762966b08430692c92ae34e667948db)
Just like we already do for IPv6 set the PFIL_FWD flag when we're forwarding
IPv4 traffic. This allows firewalls to make more precise decisions.
Reviewed by: glebius
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D48824
This driver does not need to retrieve those tunable during early boot.
Meanwhile SYSCTL_INT can provide rich info such as description.
Also `sysctl net.link.vxlan.[legacy_port|reuse_port]` can report the
current settings.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D48621
(cherry picked from commit 92632371b360010709fad60146f1aee0b8b99776)
In an AMA session on the FreeBSD Discord, it was revealed that no
logic remains calling GPART_BOOTCODE_PARTONLY. It was removed in
aa2a0e0fc311 for FreeBSD 12. git grep shows no other references.
No functional change intended.
MFC after: 2 weeks
Fixes: aa2a0e0fc311 (Enable new UEFI+GELI support)
Reported by: Antranig Vartanian <antranigv@freebsd.am>
Reviewed by: emaste, mhorne
Approved by: emaste, mhorne (src)
Approved by: mhorne, carlavilla (mentors)
Differential Revision: https://reviews.freebsd.org/D48086
(cherry picked from commit 347eb42dbcb352f3266e716a2101898fe054bdba)
Currently packets are logged before pf_create_state() is called, so we
might log a packet as passed that is subsequently dropped due to state
creation failure. In particular, the drop is not logged, which is
wrong.
Improve the situation a bit: force logging if state creation fails.
This isn't totally right as we'll end up logging the packet twice in
this case, but it's better than not logging the drop at all.
Add a regression test.
Discussed with: kp, ks
Co-authored-by: Franco Fichtner <franco@opnsense.org>
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: OPNsense
Differential Revision: https://reviews.freebsd.org/D47953
(cherry picked from commit 886396f1b1a727c642071965612e2c2c9dd11d6c)
In the window during conflict resolution, copies of installed files with
conflicts are added here with the default mode. Restrict access.
Approved by: so
Security: FreeBSD-SA-25:03.etcupdate
PR: 277470
Reviewed by: philip, jhb, emaste
Differential Revision: https://reviews.freebsd.org/D48576
(cherry picked from commit c43ae7ab4bf89c2b274c1cbefe663c456e9211d1)
(cherry picked from commit 93836ff92be84a1d4e7611577ffe116a0e30d008)
File system specific *fid structures are copied into the generic
struct fid defined in sys/mount.h.
As such, they cannot be larger than struct fid.
This patch packs the structure and checks via a __Static_assert().
Approved by: so
Security: FreeBSD-SA-25:02.fs
Reviewed by: markj
MFC after: 2 weeks
(cherry picked from commit 4db1b113b15158c7d134df83e7a7201cf46d459b)
(cherry picked from commit 155987e2019089a5bd2eef77ed7bcc5cc26c362e)
File system specific *fid structures are copied into the generic
struct fid defined in sys/mount.h.
As such, they cannot be larger than struct fid.
This patch packed the structure and checks via a __Static_assert().
Approved by: so
Security: FreeBSD-SA-25:02.fs
Reviewed by: markj
MFC after: 2 weeks
(cherry picked from commit bfc8e3308bee23d0f7836d57f32ed8d47da02627)
(cherry picked from commit 7a3a0402aeb626a7379addd344cbfd8900e83baa)
File system specific *fid structures are copied into the generic
struct fid defined in sys/mount.h.
As such, they cannot be larger than struct fid.
This patch packs the structure and checks via a __Static_assert().
Approved by: so
Security: FreeBSD-SA-25:02.fs
Reported by: Kevin Miller <mas@0x194.net>
Reviewed by: olce, imp, kib, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47879
(cherry picked from commit 205659c43d87bd42c4a0819fde8f81e8ebba068e)
(cherry picked from commit 54974e731f279941ef7aebd7d30ba2e9299a4056)
syscallenter() has a slow path to handle syscall auditing and dtrace
syscall tracing. It uses AUDIT_SYSCALL_ENTER() to check whether to take
the slow path, but this macro also has side effects: it writes the audit
log entry. When systrace (dtrace syscall tracing) is enabled, this
would get short-circuited, and we end up not writing audit log entries.
Introduce a pure macro to check whether auditing is enabled, use it in
syscallenter() instead of AUDIT_SYSCALL_ENTER().
Approved by: so
Security: FreeBSD-EN-25:02.audit
Reviewed by: kib
Reported by: Joe Duin <jd@firexfly.com>
Fixes: 2f7292437d0c ("Merge audit and systrace checks")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48448
(cherry picked from commit f78fe930854cac6eed55859b45e0a7b5d87189d6)
(cherry picked from commit 4b9ba274d736de74676051c8f13e7d3dd536334b)
The sockaddr passed to ktrcapfail() may be smaller than
sizeof(struct sockaddr), and the trailing bytes in the sockaddr
structure will be uninitialized, whereupon they get copied out to
userspace.
Approved by: so
Security: FreeBSD-SA-25:04.ktrace
PR: 283673
Reviewed by: jfree, emaste
Reported by: Yichen Chai <yichen.chai@gmail.com>
Reported by: Zhuo Ying Jiang Li <zyj20@cl.cam.ac.uk>
Fixes: 9bec84131215 ("ktrace: Record detailed ECAPMODE violations")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D48499
(cherry picked from commit 5b86888bae651e54ccc0adde0ed897ec1c1e0d45)
(cherry picked from commit 99d5ee8738a354e0d8f12453a82ed87e47bd62f1)
garp_rexmit() is a callback, so is not in net_epoch, which
arprequest_internal() expects.
Enter and exit the net_epoch.
PR: 284073
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 38fdcca05d09b4d5426a253d3c484f9481a73ac2)
It is harmless but pointless to invoke vxlan_stop event handler when the
interface was not previously configured. This change will also prevent
an assert panic from t4_vxlan_stop_handler().
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D48494
(cherry picked from commit 960c5bb0f6bf44aeb09fa14fd0f82c2e82ebe2e2)
On ATF side it is named "is.exclusive".
Reviewed by: ngie, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D47671
(cherry picked from commit 2ed24e28d1d95c62cc37ca3534d4d33360b4cef2)
7f7ef494f11d introduced a compile time option PF_DEFAULT_TO_DROP to make
the pf(4) default rule to drop. While this change exposes a vnet loader
tunable 'net.pf.default_to_drop' so that users can change the default
rule without re-compiling the pf(4) module.
This change is similiar to that for IPFW [1].
1. 5f17ebf94db5 Convert IPFW_DEFAULT_TO_ACCEPT into a loader tunable 'net.inet.ip.fw.default_to_accept'
Reviewed by: #network, kp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D39866
(cherry picked from commit c531c1d1462c45f7ce5de4f9913226801f3073bd)
This fixes stateful firewall failures after adding TH_AE flag
into TH_FLAGS.
Reported by: ronald
Fixes: 347dd05
(cherry picked from commit 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0)
Ensure we update the mbuf pointer returned by pf_normalize_ip() or
pf_normalize_ip6() even if they fail.
Otherwise we'd risk using a freed mbuf.
PR: 283705
Reported by: Yichen Chai <yichen.chai@gmail.com>, Zhuo Ying Jiang Li <zyj20@cl.cam.ac.uk>
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 5d28f4cab8d5919aba1365e885a91a96c0655b59)
Note that key_spdacquire() is dead code, as the SADB_X_SPDACQUIRE
message handler is not set.
PR: 243057
MFC after: 2 weeks
(cherry picked from commit 378a2b155aaf853933df5b53e174b3880826488c)
Verify that we reset the cleared time when we zero an address' counters in
a table.
PR: 282877, 282984
Reviewed by: kp
MFC after: 2 weeks
Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>
Differential Revision: https://reviews.freebsd.org/D48242
(cherry picked from commit 0749d8134300b8e3c956e161890ab496247d2542)
REMOVE doesn't work properly in the face of hard links. Use UNLINKAT
instead, which is implemented by qemu and bhyve and lets the client
specify the name being removed.
PR: 282432
Reviewed by: dfr
Differential Revision: https://reviews.freebsd.org/D47438
Remove an always-false check for whether the request has already
completed before sleeping. Even if the request is complete, the
response tag is updated while holding the channel lock, which is also
held here.
No functional change intended.
Sponsored by: Klara, Inc.
Otherwise we can end up with a lost interrupt, causing lost request
completion wakeups and hangs in the filesystem layer.
Continue processing until we enable interrupts and then observe an empty
queue, like other virtio drivers do.
Sponsored by: Klara, Inc.
If, when submitting a request, the virtqueue is full, we sleep until an
interrupt has fired, then restart the request. However, while sleeping
the channel lock is dropped, and in the meantime another thread may have
reset the per-channel SG list, so upon retrying we'd (re)submit whatever
happened to be left over in the previous request.
Fix the problem by rebuilding the SG list after sleeping.
Sponsored by: Klara, Inc.
- Remove superfluous newlines.
- Use bool literals.
- Replace an unneeded SYSINIT with static initialization.
No functional change intended.
Sponsored by: Klara, Inc.
This code is using the vnode after it has been released and causing a
panic when a p9fs shared volume is unmounted. In fact, it seems like it's
just duplicated code left behind from a bad merge.
PR: 279887
Reported by: Michael Dexter
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1323
When the module is loaded on a system running on qemu/kvm the "modern"
virtio infrastructure is used and virtio_read_device_config() will end
up calling vtpci_modern_read_dev_config(). This function cannot read
values of arbitrary sizes and will panic if the p9fs mount tag size is
not supported by it.
Use virtio_read_device_config_array() instead. It was tested on both
bhyve and qemu/kvm.
PR: 280098
Co-authored-by: Mark Peek <mp@FreeBSD.org>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1320
device_attach routines are allowed to sleep, and this routine already
has other M_WAITOK allocations.
Reported by: markj
Reviewed by: markj
Fixes: 1efd69f933b6 ("p9fs: move NULL check immediately after alloc...")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45721
Mostly copied from smbfs. This driver in its current state has the exact
same issue that prevents the generic putpages implementation from
working.
Sponsored by: https://www.patreon.com/valpackett
Reviewed by: dfr
Differential Revision: https://reviews.freebsd.org/D45639
MFC after: 3 months
The lib9p implementation takes a strict interpretation of the Twalk RPC
call and returns an error for attempts to lookup ".". The workaround is
to fake the lookup locally.
Reviewed by: Val Packett <val@packett.cool>
MFC after: 3 months
This is derived from swills@ fork of the Juniper virtfs with many
changes by me including bug fixes, style improvements, clearer layering
and more consistent logging. The filesystem is renamed to p9fs to better
reflect its function and to prevent possible future confusion with
virtio-fs.
Several updates and fixes from Juniper have been integrated into this
version by Val Packett and these contributions along with the original
Juniper authors are credited below.
To use this with bhyve, add 'virtio_p9fs_load=YES' to loader.conf. The
bhyve virtio-9p device allows access from the guest to files on the host
by mapping a 'sharename' to a host path. It is possible to use p9fs as a
root filesystem by adding this to /boot/loader.conf:
vfs.root.mountfrom="p9fs:sharename"
for non-root filesystems add something like this to /etc/fstab:
sharename /mnt p9fs rw 0 0
In both examples, substitute the share name used on the bhyve command
line.
The 9P filesystem protocol relies on stateful file opens which map
protocol-level FIDs to host file descriptors. The FreeBSD vnode
interface doesn't really support this and we use heuristics to guess the
right FID to use for file operations. This can be confused by privilege
lowering and does not guarantee that the FID created for a given file
open is always used for file operations, even if the calling process is
using the file descriptor from the original open call. Improving this
would involve changes to the vnode interface which is out-of-scope for
this import.
Differential Revision: https://reviews.freebsd.org/D41844
Reviewed by: kib, emaste, dch
MFC after: 3 months
Co-authored-by: Val Packett <val@packett.cool>
Co-authored-by: Ka Ho Ng <kahon@juniper.net>
Co-authored-by: joyu <joyul@juniper.net>
Co-authored-by: Kumara Babu Narayanaswamy <bkumara@juniper.net>
