pf: allow ICMP messages related to an SCTP state to pass
Much like we already do for TCP and UDP we should also parse SCTP-in-ICMP
messages to see if they apply to an SCTP connection we've already allowed. If so
we should allow the ICMP packet to pass, even if we'd otherwise block it.
Add a test case where we generate an 'ICMP unreachable - need to frag' packet
and check that it passes through pf.
MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D48170
TCP BBR: simplify expression
There is no need to check partially for bbr->r_ctl.crte being NULL,
since this can't be true in this path.
No functional change intended.
Reviewed by: rrs
CID: 1523810
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D48312
LinuxKPI: 802.11: implement wiphy_{,un}lock()
This will help us to get minimally better lock coverage in iwlwifi
though not yet against the LinuxKPI implementation which will likely
switch to this in the future. At least the TODO() logging noise is
out of the way.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
sysctl: Do not serialize requests when running as root
Bugs or unexpected behaviour can cause a user thread to block in a
sysctl handler for a long time. "procstat -kka" is the most useful tool
to see why this might happen, but it can block on sysctlmemlock too.
Since the purpose of this lock is merely to ensure userspace can't wire
too much memory, don't require it for requests from privileged threads.
PR: 282994
Reviewed by: kib, jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47842
(cherry picked from commit 7d1d9cc440f800858b6ec8dfb5a41c853fc8c36d)
inpcb: Factor out parts of in6_pcbbind() and in_pcbbind_setup()
A large portion of these functions just determines whether the inpcb can
bind to the address/port. This portion has no side effects, so is a
good candidate to move into its own helper function. This patch does
so, making the callers less complicated and reducing indentation.
While moving this code, also make some changes:
- Load socket options (SO_REUSEADDR etc.) only once. There is nothing
preventing another thread from toggling the socket options, so make
this function easier to reason about by avoiding races.
- When checking whether the bind address is an interface address, make a
separate sockaddr rather than temporarily modifying the one passed to
in_pcbbind().
Reviewed by: ae, glebius
MFC after: 1 month
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
[3 lines not shown]
jail: Handle jail removal in a dedicated thread
Otherwise a deadlock is possible: the system taskqueue thread removes a
prison and calls vnet_destroy(), vnet_vlan_uninit() destroys the if_vlan
cloner, the vlan_clone_destroy() callback calls taskqueue_drain() on the
thread taskqueue.
Fix the problem by introducing a new thread for jail removals.
Ideally, the taskqueue interface would let consumers define queues
without having to map them to threads, as that'd make it possible to
avoid such deadlocks without extra threads; for now, this is the only
solution.
Reviewed by: jamie
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47991
(cherry picked from commit 8cf955f3f48a45db22a3cc3ad89a22b543fa38ce)
riscv: Permit spurious faults in kernel mode
Right now, pmap_enter() does not issue an sfence.vma after overwriting
an invalid PTE, so the kernel can trigger a page fault when accessing a
freshly created mapping. In this case, pmap_fault() can handle the
exception, but we may panic before that. Move the check; this is
consistent with arm64 and serves to ensure that we don't call vm_fault()
etc. from a context where that's not permitted.
Also fix a related bug: don't enable interrupts if they were disabled in
the context where the exception occurred.
Reviewed by: br
Tested by: br
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47688
(cherry picked from commit c226f193515c8c0665610cb519fe381987f8ee24)
libusb: fix hotplug sigbus
When a hotplug callback has been registered, and the program using
libusb is calling libusb_exit then the thread handler is set to
NO_THREAD which result in the variable controlling the loop the be set
to 0, it does a last pass through device available without having done
a scan, which result in a sigbus after it tried to unregister all the
devices.
directly break the loop instead and cleanup the list of devices
this fixes the tests with LGPLed libusb's hotplugtest program
MFC After: 3 days
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D48298
timeout(1): Add -v/--verbose option to show diagnosis info
The -v/--verbose option enables this utility to show diagnosis
info to stderr about any signal sent on timeout.
This implementation refers to GNU coreutils's timeout(1).
Reviewed by: bapt, Alexander Ziaee (manpages)
Approved by: bapt (src)
Obtained from: DragonFlyBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D48225
modules: dtb: allwinner: Remove sun8i-h2-plus-orangepi-r1.dts
Remove sun8i-h2-plus-orangepi-r1.dts for now, latest update changed some
/delete-node/ places and this confuse our dtc.
ascii(7): Correct the history section
The man page ascii(7) first appears in the first edition manual.
Reviewed by: imp, Alexander Ziaee
Obtained from: OpenBSD
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D48224
timeout(1): Some minor tweaks and improvements
- Define exit status and macros and use them
- Improve the second kill logic by setting 'do_second_kill = false'
after configuring the second kill
- Minor style tweaks
- Reorder options in the man page, as well as the usage help
- Reorder the exit status in the man page
- Enhance the HISTORY section in the man page (obtained from NetBSD)
Reviewed by: bapt, Alexander Ziaee (manpages)
Approved by: bapt (src)
Obtained from: DragonFlyBSD
Differential Revision: https://reviews.freebsd.org/D47866
(cherry picked from commit 06690044dac183ea1d93c2ae227e261da3bdca2a)
Export additional __aeabi_ symbols from arm's libgcc_s
Some programs depend on these symbols, when they are compiled for armv6
or armv7. Closes #1560 (slightly changed due to sorting of the symbols).
PR: 271087
Reported by: fuz
Submitted by: jfc at mit.edu
MFC after: 1 week
(cherry picked from commit caab831338f4eeaa7455e981478be9fd414b7969)
Export additional __aeabi_ symbols from arm's libgcc_s
Some programs depend on these symbols, when they are compiled for armv6
or armv7. Closes #1560 (slightly changed due to sorting of the symbols).
PR: 271087
Reported by: fuz
Submitted by: jfc at mit.edu
MFC after: 1 week
(cherry picked from commit caab831338f4eeaa7455e981478be9fd414b7969)
pf: netlink KPI use cleanup
- use nlf_p_empty instead of declaring own empty array
- don't declare _IN() macro when we don't parse a header
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D48306
