BSD Commit Log Search

ixgbe: fix mailbox ack handling

Check if CTS bit is set in the mailbox message before waiting for ACK.
Otherwise ACK will never be received causing the function to timeout. Add
a note for ixgbe_write_mbx that it should be called while holding a lock.

Fixes: 6d243d2 ("net/ixgbe/base: introduce new mailbox API")
Cc: stable at dpdk.org

Signed-off-by: Norbert Ciosek <norbertx.ciosek at intel.com>
Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
Acked-by: Bruce Richardson <bruce.richardson at intel.com>

Obtained from:  DPDK (1f119e4)

(cherry picked from commit 1580f8d9c1740e0c54554e6c185573d34f2dcf76)

ixgbe: fix mailbox ack handling

Check if CTS bit is set in the mailbox message before waiting for ACK.
Otherwise ACK will never be received causing the function to timeout. Add
a note for ixgbe_write_mbx that it should be called while holding a lock.

Fixes: 6d243d2 ("net/ixgbe/base: introduce new mailbox API")
Cc: stable at dpdk.org

Signed-off-by: Norbert Ciosek <norbertx.ciosek at intel.com>
Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
Acked-by: Bruce Richardson <bruce.richardson at intel.com>

Obtained from:  DPDK (1f119e4)

(cherry picked from commit 1580f8d9c1740e0c54554e6c185573d34f2dcf76)

contrib/expat: import expat 2.7.1

Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
         https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes

Security:       CVE-2024-8176

(cherry picked from commit fe9278888fd4414abe2d922e469cf608005f4c65)

contrib/expat: import expat 2.7.1

Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
         https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes

Security:       CVE-2024-8176

(cherry picked from commit fe9278888fd4414abe2d922e469cf608005f4c65)

libc: tests: add some tests for __cxa_atexit handling

This adds a basic test that __cxa_atexit works, and also adds some tests
for __cxa_atexit handlers registered in the middle of __cxa_finalize.

PR:             285870

libc: allow __cxa_atexit handlers to be added during __cxa_finalize

science/dlib-cpp reveals an interesting scenario that works fine on
other platforms but not on FreeBSD; notably, it ends up creating a new
global object from some destructor which is called during
__cxa_finalize.  This breaks when libdlib is dlopen()ed and then
subsequently dlclose()ed, as we never end up invoking the created
object's dtor until program exit when the shlib is already unmapped.

Fix it by noting when we're in the middle of __cxa_finalize for a dso,
and then restarting the search if __cxa_atexit() was called in the
middle somewhere.

We wait until we've processed the initial set before starting over and
processing the newly added handlers as if it were a complete set of
handlers added during runtime.  The alternative is calling them as
they're added to maintain a LIFO in terms of total ordering, but in
theory a constructor could add another global object that also needs to
be destroyed, and that object needs to be destroyed after the one that

    [9 lines not shown]

gve: Add feature to change TX/RX ring size

This change introduces new sysctl handlers that allow the user to change
RX/TX ring sizes. As before, the default ring sizes will come from the
device (usually 1024). We also get the max/min limits from the device.
In the case min values are not provided we have statically defined
constants for the min values. Additionally, if the modify ring option is
not enabled on the device, changing ring sizes via sysctl will not be
possible.  When changing ring sizes, the interface turns down
momentarily while allocating/freeing resources as necessary.

Signed-off-by: Vee Agarwal <veethebee at google.com>

Reviewed by:    markj
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D49428

gve: Add feature to adjust RX/TX queue counts

This change introduces new sysctl handlers that allow the user to change
RX/TX queue counts. As before, the default queue counts will be the max
value the device can support. When chaning queue counts, the interface turns
down momentarily while allocating/freeing resources as necessary.

Signed-off-by: Vee Agarwal <veethebee at google.com>

Reviewed by:    markj
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D49427

gve: Allocate qpl per ring at ring allocation time

Every tx and rx ring has its own queue-page-list (QPL) that serves as
the bounce buffer. Previously we were allocating QPLs for all queues
before the queues themselves were allocated and later associating a QPL
with a queue. This is avoidable complexity: it is much more natural for
each queue to allocate and free its own QPL.

Signed-off-by: Vee Agarwal <veethebee at google.com>

Reviewed by:    markj
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D49426

vm_object: Fix handling of wired map entries in vm_object_split()

Suppose a vnode is mapped with MAP_PROT and MAP_PRIVATE, mlock() is
called on the mapping, and then the vnode is truncated such that the
last page of the mapping becomes invalid.  The now-invalid page will be
unmapped, but stays resident in the VM object to preserve the invariant
that a range of pages mapped by a wired map entry is always resident.
This invariant is checked by vm_object_unwire(), for example.

Then, suppose that the mapping is upgraded to PROT_READ|PROT_WRITE.  We
will copy the invalid page into a new anonymous VM object.  If the
process then forks, vm_object_split() may then be called on the object.
Upon encountering an invalid page, rather than moving it into the
destination object, it is removed.  However, this is wrong when the
entry is wired, since the invalid page's wiring belongs to the map
entry; this behaviour also violates the invariant mentioned above.

Fix this by moving invalid pages into the destination object if the map
entry is wired.  In this case we must not dirty the page, so add a flag

    [6 lines not shown]

tcp: remove struct tcp_log_rack

struct tcp_log_rack is not used, therefore remove it.

Reviewed by:            Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49669

zfs: remove inclusion of machine/pcpu.h

It was necessary in the beginning for a definition of curthread,
but in the later versions of the patch turned out to be not needed.

Fixes:  5b02365ac656e1cccf293ec1c57a8eb6c5cd51e2
Reported by:    mav

(cherry picked from commit a440b544d566a91fb0e869e3f3828081c3763f94)

zfs: enable FPU on powerpc*

Differential Revision: https://reviews.freebsd.org/D49538

(cherry picked from commit 5b02365ac656e1cccf293ec1c57a8eb6c5cd51e2)

tcp: clear blackbox logging union

Clear the black box logging containing union rather than the u_bbr
structure for clarity and consistency. Currently u_bbr, u_raw, and
u64_raw are the same size.
No functional change intended.

Reviewed by:    tuexen
MFC after:      3 days
Sponsored by:   Netflix, Inc.

tcp: clear sendfile logging struct

The sendfile black box logging struct is much smaller than the
encompassing stack specific logging union. Be sure to clear the
trailing unused memory when logging.

Reviewed by:    tuexen
MFC after:      3 days
Sponsored by:   Netflix, Inc.

tcp: fix typos in comment

Reviewed by:    tuexen
MFC after:      3 days
Sponsored by:   Netflix, Inc.

tcp: fix detection of bad RTOs

If timestamps are enabled, the actions performed by a retransmission
timeout were rolled back, when they should not.
It is needed to make sure the incoming segment advances SND.UNA.
To do this, remove the incorrect upfront check and extend the check in
the fast path to handle also the case of timestamps.

PR:                     282605
Reviewed by:            cc, rscheff, Peter Lei
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49414

(cherry picked from commit fbcf3b74e8f2c0c5ba37f1839bfe9395eb2fd0b1)

ifconfig: decode 256 bit CCM/GCM ciphers and 256 bit 802.1x/none keymgmt

* add AES-GCM-256 and AES-CCM-256 ciphers
* add WPA-PSK-SHA256 and UNSPEC-SHA256 key management

This allows them to show in ifconfig -v wlan0 list scan, eg

RSN<v1 mc:AES-GCMP-256 uc:AES-CCMP-256+AES-GCMP-256 km:8021X-PSK+8021X-PSK-256>

Differential Revision:  https://reviews.freebsd.org/D49481
Reviewed by:    thj

net80211: document the crypto enmic/demic functions.

These functions implement what's needed for TKIP Michael MIC - which
is performed over the entire unencrypted MSDU.  Each potential
fragmented MPDU is encrypted and has its own ICV/MIC.

CCMP/GCMP encrypts each MPDU separately (including the MPDUs that make
up an A-MPDU), so they'll implement null functions here and instead do
the MIC/ICV insertion inline in the crypto functions themselves.

Hopefully this makes it a bit clearer on how things should behave, and
will help figure out and clean up what further hardware offload
features we need.

Differential Revision:   https://reviews.freebsd.org/D49392
Reviewed by:    bz

bhyve: style, add comma to the last line of designated initializer

(cherry picked from commit 299bb57d9b71be2b033a92033268d8b1c732e4fe)

iommu_gas_map_region(): add comment explaining the ma array shift

(cherry picked from commit 45f70f98fc55b753b1e7a7374b4a061aa1f27392)

igc(4): Fix attach for I226-K and LMVP devices

Summary:
The device IDs for these were in the driver's list of PCI ids to attach
to, but igc_set_mac_type() had never been setup to set the correct mac
type for these devices. Fix this by adding these IDs to the switch block
in order for them to be recognized by the driver instead of returning an
error.

This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790
PG-ITX/TB4 motherboard, allowing it to be recognized and used.

Signed-off-by: Eric Joyner <erj at FreeBSD.org>

Reviewed by:    kbowling@
Relnotes:       yes
Differential Revision: https://reviews.freebsd.org/D49147

(cherry picked from commit 7ee310c80ea7b336972f53cc48b8c3d03029941e)

igc(4): Fix attach for I226-K and LMVP devices

Summary:
The device IDs for these were in the driver's list of PCI ids to attach
to, but igc_set_mac_type() had never been setup to set the correct mac
type for these devices. Fix this by adding these IDs to the switch block
in order for them to be recognized by the driver instead of returning an
error.

This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790
PG-ITX/TB4 motherboard, allowing it to be recognized and used.

Signed-off-by: Eric Joyner <erj at FreeBSD.org>

Reviewed by:    kbowling@
Relnotes:       yes
Differential Revision: https://reviews.freebsd.org/D49147

(cherry picked from commit 7ee310c80ea7b336972f53cc48b8c3d03029941e)

mac_do(4): Revamp manual page after MAC/do updates

The new manual page in particular describes MAC/do's new rules syntax
and the jail support, as well as security considerations explaining the
overall design and how to leverage it in the most secure fashion.

Reviewed by:    bapt, otis, Alexander Ziaee <concussious at runbox.com> (in part)
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48153

(cherry picked from commit bc201841d13928c2a088fb07ac0a010b36eafa13)

mac(4): Mention mac_do(4)

Mention also mac_do(4) in the mac(4) manual page.

Reviewed by:    bapt
Differential Revision: https://reviews.freebsd.org/D48255

(cherry picked from commit 4c0435d919b1059a449d97d74abc251c6f526588)

setcred(2): Add manual page

Reviewed by:    Alexander Ziaee <concussious at runbox.com>
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48063

(cherry picked from commit b6f4027ad9a2ede69a7ec11137cc4ea69ec2f0a0)

MAC/do: Apply a rule on real UID/GID instead of effective ones

We intend MAC/do to authorize transitions based on the "real" identity
information of the calling process, rather than transiently-acquired
effective IDs.

Reviewed by:    bapt
Approved by:    markj (mentor)
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D47845

(cherry picked from commit de701f9bdbe0ede691a0439d1c469082b94fe234)

MAC/do: Fix a compilation warning about an unused function

grant_supplementary_group_from_flags() had been used in previous
versions of the recent changes, but recently has not been needed
anymore.  It has been kept around just in case deliberately, by analogy
with grant_primary_group_from_flags() (this one still being used).

(cherry picked from commit f1ddb6fb8c4d051a205dae3a848776c9d56f86ff)

MAC/do: Convert internal TAILQs to STAILQs

We only browse these forward and never need to remove arbitrary elements
from them.

No functional change (intended).

Reviewed by:    bapt, emaste
Approved by:    markj (mentor)
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D47624

(cherry picked from commit c7fc71c6af0761f81ecafdb281dd43a081b3b22f)

MAC/do: Update copyright

Approved by:    emaste (mentor)
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit e94684b3e0d966f755f785e4908317bd6bdd2ea0)