BSD Commit Log Search

if_vxlan(4): Add checking for loops and nesting of tunnels

User misconfiguration, either tunnel loops, or a large number of
different nested tunnels, can overflow the kernel stack. Prevent that
by using if_tunnel_check_nesting().

PR:             278394
Diagnosed by:   markj
Reviewed by:    kp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45197

usb_vendors: update to 2024.03.18

(cherry picked from commit 79bffdf3f42e2e8e62223fcffd537d5d254ddbb7)

pci_vendors: update to 2024.05.14

(cherry picked from commit b0b9435ef1ec64c21f7243dbd02ad10e7f612149)

nuageinit: by default to not enable nuageinit

MFC After:      1 day
Reported by:    karels@

(cherry picked from commit 5681636ead6790d5ad2c24a4712f010fcdfc926c)

atf: Guard against multiple evaluation.

Note that the ATF-C++ macros have the same issue, but they are not as
easily fixed.

MFC after:      3 days
Reviewed by:    ngie
Differential Revision:  https://reviews.freebsd.org/D45148

(cherry picked from commit a7beca6fb113986839de73b7cf73d933464898c6)

Import atf 0.22 snapshot 55c21b2c5fb189bbdfccb2b297bfa89236502542

The main improvement is the ability to skip a test that is expected to
fail.

(cherry picked from commit 71a1ae7cebd3791d4d18ac9620a7a4ce8cf15819)

atf-sh: fix comment typo

Signed-off-by: Igor Ostapenko <pm at igoro.pro>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/895
(cherry picked from commit d4d14d965fb92d2bceb744be41310dc47f27ab80)

ldns: Ignore commented-out lines in resolv.conf.

This merges upstream PR 238 + an additional bug fix.

PR:             278721
MFC after:      1 week

(cherry picked from commit 3b092e4936c433889cc668ea9563c8fd437d1a3e)

ifconfig: Add format shortcuts.

MFC after:      1 week
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D45166

(cherry picked from commit 847ef59d4b5eab234bd1f8eb947ad74bdab5614e)

ldns: Ignore commented-out lines in resolv.conf.

This merges upstream PR 238 + an additional bug fix.

PR:             278721
MFC after:      1 week

(cherry picked from commit 3b092e4936c433889cc668ea9563c8fd437d1a3e)

atf: Guard against multiple evaluation.

Note that the ATF-C++ macros have the same issue, but they are not as
easily fixed.

MFC after:      3 days
Reviewed by:    ngie
Differential Revision:  https://reviews.freebsd.org/D45148

(cherry picked from commit a7beca6fb113986839de73b7cf73d933464898c6)

ifconfig: Add format shortcuts.

MFC after:      1 week
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D45166

(cherry picked from commit 847ef59d4b5eab234bd1f8eb947ad74bdab5614e)

ifconfig: Markup nits.

MFC after:      3 days
Reviewed by:    imp, allanjude
Differential Revision:  https://reviews.freebsd.org/D45209

(cherry picked from commit 42b28f815214aa582fe4ca707687d3af47850230)

Merge commit 87f3407856e6 from llvm-project (by Phoebe Wang):

  [X86][Driver] Do not add `-evex512` for `-march=native` when the target doesn't support AVX512 (#91694)

This prevents problems with ports that fail to build with
CPUTYPE=native, if the native CPU supports AVX512F, resulting in errors
like:

  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
    197 |         const vec_t ones = VSET1_8(1);
        |                            ^
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
    116 | #  define VSET1_8(a)            _mm512_set1_epi8(a)
        |                                 ^
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'evex512' enabled changes the ABI
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
    116 | #  define VSET1_8(a)            _mm512_set1_epi8(a)
        |                                 ^


    [11 lines not shown]

Merge commit 87f3407856e6 from llvm-project (by Phoebe Wang):

  [X86][Driver] Do not add `-evex512` for `-march=native` when the target doesn't support AVX512 (#91694)

This prevents problems with ports that fail to build with
CPUTYPE=native, if the native CPU supports AVX512F, resulting in errors
like:

  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
    197 |         const vec_t ones = VSET1_8(1);
        |                            ^
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
    116 | #  define VSET1_8(a)            _mm512_set1_epi8(a)
        |                                 ^
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'evex512' enabled changes the ABI
  /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
    116 | #  define VSET1_8(a)            _mm512_set1_epi8(a)
        |                                 ^


    [11 lines not shown]

if_ovpn: cope with loops

User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.

Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e)

if: guard against if_ioctl being NULL

There are situations where an struct ifnet has a NULL if_ioctl pointer.

For example, e6000sw creates such struct ifnets for each of its ports so it can
call into the MII code.

If there is then a link state event this calls do_link_state_change()
-> rtnl_handle_ifevent() -> dump_iface() -> get_operstate() ->
get_operstate_ether(). That wants to know if the link is up or down, so it tries
to ioctl(SIOCGIFMEDIA), which doesn't go well if if_ioctl is NULL.

Guard against this, and return EOPNOTSUPP.

PR:             275920
MFC ater:       3 days
Approved by:    re (cperciva)
Sponsored by:   Rubicon Communications, LLC ("Netgate")


    [2 lines not shown]

loader: fix stupid typos

Sponsored by:           Netflix

textvidc: Reindent

Since this is now 'new code' go ahead and reindent for modern project
preferences.

Sponsored by:           Netflix

loader: stlye(9) nit: Space between return and the value

Sponsored by:           Netflix

loader/ofw: Style(9) pass over return statements

Make these consistent. Some files weren't even consistent with
themselves. Make them all either return <space> ( <value> ); or
return;

Sponsored by:           Netflix

efi_console: Use c99 initializers

Sponsored by:           Netflix

userboot: Use C99 Initializers for each of the consoles here

Sponsored by:           Netflix

ofw: Use C99 initializers for the console struct

Sponsored by:           Netflix

uboot: Use c99 initializers for the console struct

Sponsored by:           Netflix

loader: c_init returns 0 or 1

c_init returns 0 (success) or 1 (failure). Don't return other values.

Sponsored by:           Netflix

i386/spinconsole: Use C99 initializers

Sponsored by:           Netflix

kboot: Use C99 initialiers for hostconsole.

Sponsored by:           Netflix

i386/nullconsole: Use C99 initializers

Sponsored by:           Netflix

kboot: Initialize hostfs_root sooner (and remove kboot.conf)

Move the initialization of hostfs_root to be a bit sooner. While it
doesn't matter for the default case, we may want to use hostfs files
sooner.

Also, while we're here, remove kboot.conf. It duplicates the command
line and has proven difficult to use. It will be replaced by an early
script that can influence the state of the boot loader before we select
a device to boot from (including strongly suggesting which one to boot
from).

Sponsored by:           Netflix

boot/i386: Use C99 initializer for textvidc

Sponsored by:           Netflix