if_vxlan(4): Add checking for loops and nesting of tunnels
User misconfiguration, either tunnel loops, or a large number of
different nested tunnels, can overflow the kernel stack. Prevent that
by using if_tunnel_check_nesting().
PR: 278394
Diagnosed by: markj
Reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45197
Merge commit 87f3407856e6 from llvm-project (by Phoebe Wang):
[X86][Driver] Do not add `-evex512` for `-march=native` when the target doesn't support AVX512 (#91694)
This prevents problems with ports that fail to build with
CPUTYPE=native, if the native CPU supports AVX512F, resulting in errors
like:
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
197 | const vec_t ones = VSET1_8(1);
| ^
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
116 | # define VSET1_8(a) _mm512_set1_epi8(a)
| ^
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'evex512' enabled changes the ABI
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
116 | # define VSET1_8(a) _mm512_set1_epi8(a)
| ^
[11 lines not shown]
Merge commit 87f3407856e6 from llvm-project (by Phoebe Wang):
[X86][Driver] Do not add `-evex512` for `-march=native` when the target doesn't support AVX512 (#91694)
This prevents problems with ports that fail to build with
CPUTYPE=native, if the native CPU supports AVX512F, resulting in errors
like:
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
197 | const vec_t ones = VSET1_8(1);
| ^
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
116 | # define VSET1_8(a) _mm512_set1_epi8(a)
| ^
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: AVX vector return of type '__m512i' (vector of 8 'long long' values) without 'evex512' enabled changes the ABI
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:116:23: note: expanded from macro 'VSET1_8'
116 | # define VSET1_8(a) _mm512_set1_epi8(a)
| ^
[11 lines not shown]
if_ovpn: cope with loops
User misconfiguration may lead to routing loops where we try to send the tunnel
packet into the tunnel. This eventually leads to stack overflows and panics.
Avoid this using if_tunnel_check_nesting(), which will drop the packet if we're
looping or we hit three layers of nested tunnels.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 59a6666ec91d71f97aaae5195bbfafd9d422db2e)
if: guard against if_ioctl being NULL
There are situations where an struct ifnet has a NULL if_ioctl pointer.
For example, e6000sw creates such struct ifnets for each of its ports so it can
call into the MII code.
If there is then a link state event this calls do_link_state_change()
-> rtnl_handle_ifevent() -> dump_iface() -> get_operstate() ->
get_operstate_ether(). That wants to know if the link is up or down, so it tries
to ioctl(SIOCGIFMEDIA), which doesn't go well if if_ioctl is NULL.
Guard against this, and return EOPNOTSUPP.
PR: 275920
MFC ater: 3 days
Approved by: re (cperciva)
Sponsored by: Rubicon Communications, LLC ("Netgate")
[2 lines not shown]
loader/ofw: Style(9) pass over return statements
Make these consistent. Some files weren't even consistent with
themselves. Make them all either return <space> ( <value> ); or
return;
Sponsored by: Netflix
kboot: Initialize hostfs_root sooner (and remove kboot.conf)
Move the initialization of hostfs_root to be a bit sooner. While it
doesn't matter for the default case, we may want to use hostfs files
sooner.
Also, while we're here, remove kboot.conf. It duplicates the command
line and has proven difficult to use. It will be replaced by an early
script that can influence the state of the boot loader before we select
a device to boot from (including strongly suggesting which one to boot
from).
Sponsored by: Netflix