This was a comment in a configuration example.
Reported by: bapt
Reviewed by: bapt, jlduran
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48810
(cherry picked from commit 513c4e20790a24526cb1c2f5a4725971a09d928a)
In 4cc5d081d8c23, a change was introduced that manipulated
drv_ioctl_data->reqcap using IFCAP2 bits. This was noticed
when creating a mixed lagg with mce0 and ixl0 caused the
interfaces' txcsum caps to be disabled.
Fixes: 4cc5d081d8c23
Reviewed by: glebius
Sponsored by: Netflix
MFC After: 7 days
(cherry picked from commit 36fdc42c6a4c828d334471438c4f852e4b5a25e2)
I didn't notice this during testing because invariants-enabled kernels
implicitly include asan.h via kassert.h.
Reported by: Lexi Winter <lexi@le-Fay.org>
Fixes: 800da341bc4a ("thread: Simplify sanitizer integration with thread creation")
(cherry picked from commit 7a7063cc54274a44192fb65c71360a5e72c171b9)
fork() may allocate a new thread in one of two ways: from UMA, or cached
in a freed proc that was just allocated from UMA. In either case, KASAN
and KMSAN need to initialize some state; in particular they need to
initialize the shadow mapping of the new thread's stack.
This is done differently between KASAN and KMSAN, which is confusing.
This patch improves things a bit:
- Add a new thread_recycle() function, which moves all kernel stack
handling out of kern_fork.c, since it doesn't really belong there.
- Then, thread_alloc_stack() has only one local caller, so just inline
it.
- Avoid redundant shadow stack initialization: thread_alloc()
initializes the KMSAN shadow stack (via kmsan_thread_alloc()) even
through vm_thread_new() already did that.
- Add kasan_thread_alloc(), for consistency with kmsan_thread_alloc().
No functional change intended.
Reviewed by: khng
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44891
(cherry picked from commit 800da341bc4a35f4b4d82d104b130825d9a42ffa)
ELECOM EDC-QUA3C is a USB3.1 Gen1 Type-A/C 2.5GBASE-T network adapter.
This also works as a cdce(4) device by:
usbconfig -d X.Y set_config 1
or
usbconfig -d X.Y set_config 2
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/1578
(cherry picked from commit dc273058cb0b6bef075e77272afc66f1a1fd3889)
This eases porting of DTrace to CHERI, where uintptr_t and size_t aren't
interchangeable.
No functional change intended.
Reviewed by: Domagoj Stolfa <domagoj.stolfa@gmail.com>
MFC after: 2 weeks
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D48625
(cherry picked from commit ba9cff7aa2eb62d84bead503cd606d1586ea8388)
libslirp can invoke a callback when received data is removed from a
socket buffer, generally because the guest ACKed some data. Previously
it didn't do anything, but it needs to wake up the poll thread to get
reasonable throughput.
Suppose one is using scp to copy data into a guest filesystem via the
slirp backend. Data is received on libslirp's socket, which we poll for
data in slirp_pollfd_td_loop(). That data gets buffered in priv->pipe,
and eventually is placed in the device model's RX rings by the backend's
mevent handler. When implementing TCP, libslirp holds on to a copy of
data until it's ACKed by the guest via slirp_send(), at which point it
drops that data and invokes the notify callback.
The initial implementation of this backend didn't take into account the
fact that slirp_pollfds_fill() will not add libslirp's socket to the
pollfd set if more than a threshold amount of data is already buffered.
Then poll() needs to time out before the backend sends more data to the
guest. With a default timeout of 500ms, this kills throughput.
Use a pipe to implement a simple in-band signal to the poll thread so
that it reacts quickly when more buffer space becomes available.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D48192
(cherry picked from commit 20a51e6073f488440e108c7c628231cd6ae6757e)
When using the slirp backend with the e1000 frontend, I otherwise get
hangs in readv(), caused by the e1000 emulation not checking whether
bytes are available before trying to read them. In particular, that
device model expects the recv callback to return 0 if no bytes are
available, and with slirp it would end up blocking forever. The virtio
device model uses the peek_recvlen to check first, so I didn't notice
the problem when implementing the slirp backend.
Make the slirp backend more flexible to accommodate e1000.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D48164
(cherry picked from commit d3bdfa583044dbfb76ef777939b86bb68baebee7)
In 886653492945f we added checks for packets to only go out if the
station is known to the firmware (amongst others) as there are
implications in drivers.
Unfortunately rtw88 does not support the mac80211 (*sta_state)() KPI
but only the fallback (*sta_add/remove)() in which case the station is
only added to firmware when going from AUTH to ASSOC. That means we
had no chance to get authenticated anymore.
PR: 283142, 274382
Fixes: 886653492945f (make sure we can send DISASSOC or DEAUTH frames)
Tested by: imb protected-networks.net, oleg.nauman gmail.com
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48161
(cherry picked from commit 2372f8cc640c2f4ab82831e6ac0e27ab6c18321a)
Standardize the definition of a UFS dinode
Differential Revision: https://reviews.freebsd.org/D48472
(cherry picked from commit 1111a44301da39d7b7459c784230e1405e8980f8)
(cherry picked from commit aa90fbed151de512ab6e59f75df009533a15751f)
(cherry picked from commit 256389eaf158acaf67f0530764be8af68edee78c)
(cherry picked from commit 6cd973d903c8f214d84daf91eb75047631bf1618)
(cherry picked from commit e1ebda4458bbaf7d85fb803e20f3afc5441f24d9)
When an interface is moving to/from a vnet jail, it may still have BPF
descriptors attached. The userland (e.g. tcpdump) does not get noticed
that the interface is departing and still opens BPF descriptors thus
may result in leaking sensitive traffic (e.g. an interface is moved
back to parent jail but a user is still sniffing traffic over it in
the child jail).
Detach BPF descriptors so that the userland will be signaled.
Reviewed by: ae
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D45727
(cherry picked from commit 1ed9b381d4701fc9f66741256e93b96e22273217)
ifnet: Fix build without BPF
The newly introduced function bpf_ifdetach() is only available when
device bpf is enabled.
Fixes: 1ed9b381d470 ifnet: Detach BPF descriptors on interface vmove event
(cherry picked from commit d8413a1c3ba235a79ae6b8cc35767a861855c7e2)
if_detach_internal() never fail since change [1]. As a consequence,
also does its caller if_vmove(). While here, remove a stall comment.
No functional change intended.
This reverts commit c7bab2a7ca.
[1] a779388f8b if: Protect V_ifnet in vnet_if_return()
Reviewed by: glebius
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D48820
(cherry picked from commit bb0348a17974d83671becbd32ea0e4bd2ea61906)
There're two possible race conditions,
1. Concurrent bpfattach() and bpf_setif(), i.e., BIOCSETIF ioctl,
2. Concurrent bpfdetach() and bpf_setif().
For the first case, userland may see BPF interface attached but it has
not been in the attached interfaces list `bpf_iflist` yet. Well it
will eventually be so this case does not matter.
For the second one, bpf_setif() may reference `dead_bpf_if` and the
kernel will panic (spotted by change [1], without the change we will
end up silently corrupted memory).
A simple fix could be that, we add additional check for `dead_bpf_if`
in the function `bpf_setif()`. But that requires to extend protection
of global lock (BPF_LOCK), i.e., BPF_LOCK should also protect the
assignment of `ifp->if_bpf`. That simple fix works but is apparently
not a good design. Since the attached interfaces list `bpf_iflist` is
the single source of truth, we look through it rather than check
against the interface's side, aka `ifp->if_bpf`.
This change has performance regression, that the cost of BPF interface
attach operation (BIOCSETIF ioctl) goes back from O(1) to O(N) (where
N is the number of BPF interfaces). Well we normally have sane amounts
of interfaces, an O(N) should be affordable.
[1] 7a974a649848 bpf: Make dead_bpf_if const
Fixes: 16d878cc99 Fix the following bpf(4) race condition ...
MFC after: 4 days
Differential Revision: https://reviews.freebsd.org/D45725
(cherry picked from commit 7def047a1ae93b3b10bd57ed1bd28e861f94b596)
This allows the parent jail to retrieve or set kernel state when child
does not have sysctl(8) installed (e.g. light weighted OCI containers
or slim jails).
This is especially useful when manipulating jail prison or vnet sysctls.
For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`.
Reviewed by: dfr (previous version), markj
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D48618
(cherry picked from commit 08aa7128dea4d14811ae4a0225d7c678869cfe62)
Let the caller open the file and pass in the file handler. This can
benefit an upcoming change so that we will have cleaner logic.
No functional change intended.
Suggested by: markj
MFC after: 1 week
(cherry picked from commit 6193855fc76c591ffabe6168cd674e6ec0dafa8e)
This will make it easier to manage address selection policies of vnet
jails, especially for those light weighted OCI containers or slim jails.
Requested by: dfr
Reviewed by: dfr, markj
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D48679
(cherry picked from commit 6dcdd79a251b5e62ff9ce562ad451e92dec39408)
The additional arguments are useless but may tempt user a wrong usage.
Reviewed by: dfr
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D48701
(cherry picked from commit 13ce55b66fad2b2b4054a89a1a906f58dc33683b)
Jan 14, 2025
Fix incorrect error line number issues. unput has
no business managing lineno. Thanks to Ozan Yigit.
Jan 05, 2025
Fix hex detection in is_valid_number.
Fix indirect field specification with non-numeric string
eg. $("foo") in indirect. This is not illegal.
Thanks to Arnold Robbins.
Jan 01, 2025
Fixed openfile to not try to read from a directory.
Thanks to Arnold Robbins.
Sponsored by: Netflix
(cherry picked from commit dd78d987cb38ef162d40aad86229f1dc19884f78)
While we're here, send the etcupdate log from generating base.txz
to stdout instead of /dev/null (see e972e408d19a) as well.
Reviewed by: emaste, gordon, jrtc27
MFC after: 1 week
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D48719
(cherry picked from commit ace4637ee0c666c6f5a1c664f8956f7302234edd)
reduce is uninitialized, if the code path for logging is reached via
goto old_method;.
Reviewed by: rrs, Peter Lei
CID: 1557359
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48346
(cherry picked from commit 4c89d59e0cdac4d83fb5841aefae9214545b2273)
Bring back the code, which was accidentally removed. While there,
indent a comment correctly.
Reviewed by: rrs
CID: 1540026
Fixes: e18b97bd63a8 ("Update to bring the rack stack with all its fixes in.")
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48340
(cherry picked from commit e8ec28047df5185582a95c5211ed75682fad5ec5)
bw is unsigned and not zero. So it cannot be smaller than 1.
No functional change intended.
Reviewed by: rrs, cc
CID: 1523791
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48323
(cherry picked from commit c28fefe1dc44b69743dd18d038440da38a2867a7)
Do not jump to a place in the code, which requires several variables
to be set (segsize, minseg, idle, len, sb_offset), which is not true.
To avoid using these variables, start the HPTS timer explicitly.
This fix only applies to the client side using TCP fast open.
Approved by: rrs
CID: 1523766
CID: 1523770
CID: 1523786
CID: 1523801
CID: 1523809
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48322
(cherry picked from commit bb9525f30214e8b6c53c6cccd9e8f02e8f8e8c42)
minslot is initialized to 0 and never changed. It is not clear to me
under which condition minslot should be set to which value.
Therefore, remove it and the code checking that it is not zero.
No functional change intended.
Reviewed by: rrs
CID: 1523812
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48321
(cherry picked from commit 84e894ce1309b426aa5d1a20ec194401f35dc478)
rc_bbr_substate is a 3-bit unsigned int, so it can't be larger than
or equal to 8. The wrap around already happens.
No functional change intended.
Reviewed by: rrs
CID: 1523795
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48320
(cherry picked from commit 4bce1a19fcfac0c9f22c11278daa510546ccd3f2)
There is no need to check partially for bbr->r_ctl.crte being NULL,
since this can't be true in this path.
No functional change intended.
Reviewed by: rrs
CID: 1523810
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48312
(cherry picked from commit 305c40dc552f9c150eacce95c181798031368cd9)
rsm cannot be NULL, when calling bbr_update_bbr_info().
So no need to check partially for it. No functional change intended.
Reviewed by: rrs
CID: 1523803
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48293
(cherry picked from commit 4173a3a009a42c47f1ec2d1cbfb99347aaf195da)
It is already known that rsm != NULL, so no need to check for it.
Reviewed by: rrs
CID: 1523815
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48282
(cherry picked from commit 8471791eb6eeedaedd4d70e1076cfd143bf12fca)
Indicate that the missing of the break is intentionally.
Reviewed by: rrs
CID: 1523782
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48273
(cherry picked from commit 0ce13b1d580f05f96e3d85afb0824f672cb0c7a2)
When storing the old beta values in rack_swap_beta_values(),
ensure that the newreno_flags field is initialized appropriately
instead of using an uninitialized value.
Since the stored newreno_flags aren't actually used, this fix
should not have any functional change.
Reviewed by: rrs
CID: 1523796
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48260
(cherry picked from commit 4f3a0c719780fdd57c660ceb353bbc71fc555600)
Instead of dealing with ifp == NULL, which should never happen,
assume that this is not true. Use KASSERT to make this clear.
No functional change intended.
Reviewed by: glebius, rrs
CID: 1523767
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48258
(cherry picked from commit 4940584bbf0b809130f6ac1a7a0c6b00d373af1e)
Do not return an uninitialized value from ctf_do_queued_segments()
in case no packets are actually processed (all are skipped).
Reviewed by: rrs
CID: 1523774
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48217
(cherry picked from commit b5739c8b12226c791bc8e7a4ac6e48965333509a)
Actually check the conditions that are enforced by the error checking
code instead of a condition which is
* checking a number to be non-negative instead of positive
* depending on a random number
Perform the checks consistently for ICMPv4 and ICMPv6.
Reviewed by: glebius, rrs, cc
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48001
(cherry picked from commit c9febea3dc8ac8e308e8fc5a2e74dd0313fdc5d2)
