Apply 6987c47569 to igc. This is not
expected to have any benefit on current parts with current observed PBA
sizes but will avoid surprises if they are increased in future chips.
Approved by: grehan
Differential Revision: https://reviews.freebsd.org/D35217
(cherry picked from commit 9b88ecd674)
Extend the size of the local rx_buffer_size variable to account for
larger buffer sizes possible on 82580, i350 chips.
From i350 datasheet, 6.2.10 Initialization Control 4 (LAN Base Address
+ Offset 0x13):
When 4 ports are enabled maximum buffer size is 36 KB. When 2 ports are
enabled maximum buffer size is 72 KB. When only a single port is
enabled maximum buffer size is 144 KB.
and 8.3:
The overall available internal buffer size in the I350 for all ports is
144 KB for receive buffers and 80 KB for transmit Buffers. Disabled
ports memory can be shared between active ports and sharing can be
asymmetric. The default buffer size for each port is loaded from the
EEPROM on initialization.
From the reporter:
But for I350 when only 2 ports are used PBA size can be set as 72KB
(see datasheet RXPbsize or e1000_rxpbs_adjust_82580 function in
e1000_82575.c). In this case calculating the rx_buffer_size overflows
as 0x0048 << 10 = 73728 or 0x12000 pushed into u16. It is then set as
0x2000 or 8192.
PR: 263896
Reported by: hannula@gmail.com
Tested by: hannula@gmail.com
Approved by: markj
Differential Revision: https://reviews.freebsd.org/D35167
(cherry picked from commit 6987c47569)
When VLAN HW filter is disabled, the NIC does not pass any vlan tagged
traffic. Setting these flags on the device allows vlan tagged traffic to
pass.
PR: 236983
Tested by: pi
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34824
*_CFG_PAGE ioctl handlers in the mpr, mps, and mpt drivers allocated a
buffer of a caller-specified size, but copied to it a fixed size header.
Add checks that the size is at least the required minimum.
Note that the device nodes are owned by root:operator with 0640
permissions so the ioctls are not available to unprivileged users.
This change includes suggestions from scottl, markj and mav.
Two of the mpt cases were reported by Lucas Leong (@_wmliang_) of
Trend Micro Zero Day Initiative; scottl reported the third case in mpt.
Same issue found in mpr and mps after discussion with imp.
Reported by: Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative
Reviewed by: imp, mav
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34692
(cherry picked from commit 8276c4149b)
(cherry picked from commit 0b29e1b9f9)
Approved by: so
Security: CVE-2022-23086
Security: FreeBSD-SA-22:06.ioctl
The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.
Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days
(cherry picked from commit 3937299165)
(cherry picked from commit 9f600a260a)
Approved by: so
Security: FreeBSD-SA-22:04.netmap
An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.
Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085
(cherry picked from commit 694ea59c70)
(cherry picked from commit 9df8dd3ea3)
Approved by: so
Security: FreeBSD-SA-22:04.netmap
There seem to be systems returning some garbage here. I still don't
know why, but at least I hope this check fix indefinite printf loop.
MFC after: 2 weeks
(cherry picked from commit 3b248a2113)
When executing `ifconfig -v` this will lead to stalls for a second per interface due to the timeout being set to a static 10 without a module placed, this patch makes sure this is only allowed once per insertion.
It seems to be needed only to serialize very old K8 registers access.
Introduce separate lock for that and remove Giant dependency.
MFC after: 2 weeks
(cherry picked from commit 6c101ed7a3)
Minor reformatting nits to make mprsas_scsiio_timeout match
mpssas_scsiio_timeout more closely. The differences aren't necessary and
are distracting when comparing the routines. No functional changes.
Sponsored by: Netflix
(cherry picked from commit 2bbaed4d7f)
Port 9781c28c6d and a8837c77ef to the mps driver. Before this
change devq was frozen only if some command was sent to the target after
reset started, but release was called always. This change freezes the
devq immediately, leaving mprsas_action_scsiio() check only to cover
race condition due to different lock devq use.
This should also avoid unnecessary requeue of the commands, creating
additional log noise and confusing some broken apps. It also avoids a
'busy' requeue of I/Os failing when we're doing recovery that takes
longer than the normal busy timeout. These I/Os failing can lead to
filesystems being unmounted in the force unmount case for I/O errors.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D33228
(cherry picked from commit a10253cffe)
Print cm instead of sc here, as is done in mpr. We can get the sc from
cm, but not vice versa.
Sponsored by: Netflix
(cherry picked from commit b086bc0bf1)
In the acpi_cpu_postattach SYSINIT function cpu_softc may be NULL, e.g.
on arm64 when booting from FDT. Check it is not NULL at the start of
the function so we don't try to dereference a NULL pointer.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 4e50efb194)
While it still looks like previous code worked by coincidence, this
change broke things even more instead of fixing.
Reported by: avg@
MFC after: 1 week
(cherry picked from commit 94a72c5ac4)
Before this device unit number match was coincidental and broke if I
disabled some CPU device(s). Aside of cosmetics, for some drivers
(may be considered broken) it caused talking to wrong CPUs.
(cherry picked from commit d3a8f98acb)
There are already APIC ID, ACPI ID and OS ID for each CPU. In perfect
world all of those may match, but at least for SuperMicro server boards
none of them do. Plus none of them match the CPU devices listing order
by ACPI. Previous code used the ACPI device listing order to number
cpuX devices. It looked nice from NewBus perspective, but introduced
4th different set of IDs. Extremely confusing one, since in some places
the device unit numbers were treated as OS CPU IDs (coretemp), but not
in others (sysctl dev.cpu.X.%location).
(cherry picked from commit c8077ccd70)
With various firmware files used by graphics and wireless drivers
we are exceeding the current 32 character module name (file path
in kldxref) length.
In order to overcome this issue bump it to the maximum path length
for the next version.
To be able to MFC provide backward compat support for another version
of the struct as the offsets for the second half change due to the
array size increase.
MAXMODNAME being defined to MAXPATHLEN needs param.h to be
included first. With only 7 modules (or LinuxKPI module.h) not
doing that adjust them rather than including param.h in module.h [1].
Reported by: Greg V (greg unrelenting.technology)
Sponsored by: The FreeBSD Foundation
Suggested by: imp [1]
Reviewed by: imp (and others to different level)
Differential Revision: https://reviews.freebsd.org/D32383
(cherry picked from commit df38ada293)
Add support for the "snps,dis_rxdet_inp3_quirk" quirk needed
at least on SolidRun's HoneyComb.
Reviewed by: manu, mw
Differential Revision: https://reviews.freebsd.org/D32921
(cherry picked from commit 3987e50611)
This seems to be required even if the watchdog is accessed via the common
MMIO space.
Tested on:
- Ryzen 3 3200U APU;
- Ryzen 7 5800X CPU with X570 chipset.
(cherry picked from commit cca0d3bbd8)
Passing up such descriptors to iflib is obviously wasteful.
But the main conern is that we may overrun iri_frags array because of
them. That's been observed in practice.
Also, assert that the number of fragments / descriptors / segments is
less than IFLIB_MAX_RX_SEGS.
Sponsored by: Panzura LLC
(cherry picked from commit 9c612a5d0a)
1. Doorbell interrupt status may arrive lately when doorbell interrupt on
ARC-1886.
2. System boot up hung when ARC-1886 with no volume created or no device
attached.
Many thanks to Areca for continuing to support FreeBSD.
(cherry picked from commit 6964b77e59)
