BSD Commit Log Search

src.conf.5: regen with MITKRB5

This option doesn't actually do anything yet, but we need to update
src.conf.5 to keep CI happy.

Fixes:          290e8aaa3840 ("share/mk: Add MIT KRB5 build knob")

closefrom: always use close_range(2)

close_range(2) was added prior to 13.0.  There is no need to support
a new userspace on such an old kernel.

Reviewed by:    kevans, imp
Differential Revision:  https://reviews.freebsd.org/D50730

pf: fix panic in pf_return()

We (correctly) NULL out sk and nk before calling pf_return(), but that
function still tried to use them to undo NAT transformations.

Store the old port numbers and use those rather than sk/nk.

This is a partial import of e11dacbf8484adc7bbb61b20fee3ab8385745925
(osport/odport), and the missing parts of
bdea9cbcf2decafeb4da5a0280313efccc09e1b3.

Direct commit to stable/14.

PR:             287254

(cherry picked from commit 6f6ca5288060110c7385b9424e4729b192ed6308)

pctrie_lookup_node: assume parent_out != NULL

Since NULL is never passed as the parent_out parameter to
_pctrie_lookup_node, stop making the assignment to *parent_out check
parent_out for NULL first.

Reported by:    alc
Reviewed by:    alc
Differential Revision:  https://reviews.freebsd.org/D50729

LinuxKPI: 802.11; update frag_threshold and rts_threshold

Update threshold values once we are associated.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: fix lkpi_scan_ies_add() channel lookup

When looking up the channel we may not get a result if no flags are
passed in as net80211 channel list setup and lookup coding requires a
matching flag (band).  So pass in IEEE80211_CHAN_[AG] depending on band
to increase the chances of finding a base channel and from that derive
rates, etc.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: stop queues during key updates

When beginning key updates do stop and afterwards re-enable the tx queues
to avoid packets being passed to the driver.  This is a theoretical
problem at this point but helps some cases.  These functions will likely
need refinement in the future.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: improve queue locking

Introduce an internal lkpi_ieee80211_wake_queues_locked() function
that can be used from context holding the wiphy lock.
Make linuxkpi_ieee80211_wake_queues() a wrapper with locking around
this.

Equally apply the wiphy lock to linuxkpi_ieee80211_wake_queue().

In lkpi_ieee80211_wake_queues() only wakeup the driver if the queue
is not empty;  otherwise weird sideeffects can happen with some drivers.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: adjust logging for key handling

Given there are still problems observed (at least in the Lab) adjust
crypto key handling routines and enhance logging with td_tid, jiffies.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: place lock asserts for key operation

Since b8dfc3ecf7031 we hold the wiphy lock over any key updates.
Assert that on function entry.

Given this invariant there is no need to recheck a kay under lock now,
as the first lookup already is under the lock, so simplify the code.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

nuageinit: more package related functions

Implement package_update and package_upgrade, which allows to launch
an update of the metadata and an upgrade of the packages.

Sponsored by:   OVHCloud

nuageinit: implement packages

Installs a list of packages

Sponsored by:   OVHCloud

nuageinit: add a function to bootstrap pkg if needed

Sponsored by:   OVHCloud

nuageinit: implement runcmd

runcmd contains a list of string, each item will be executed in order.

Sponsored by:   OVHCloud

nuageinit: helper function to setup adduser

To carry out the userdata unit tests, you need to set up the environment in
order to skip adding the default user (nuage.adduser(default_user)

Sponsored by:   OVHCloud

lualoader: rename loop variable to cleanup luacheck

This shadows an `i` used for indexing earlier in the function, and we
don't care that much about the name.

lualoader: allow graphical bits to be disabled with loader_gfx

Some people prefer the old ASCII art look and it's good to have a way
to confirm that the fallbacks still work right on systems that have a
functional framebuffer available. Add a loader_gfx loader.conf(5)
variable to disable the eager use of graphics for these use-cases.

While we're here, clean up the style in the area a little bit; the early
porting that I did to lualoader did a lot of redundant ~= nil that has
carried over into some of the later work.  We can drop some of that, and
also re-organize some of these variables to improve readability.

ziaee notes that the positioning of the orb is a bit off; this is due to
a change in positioning that happened in
1b4e1171315398dec ("loader: Fix orb position") to account for the image
dimensions.  This should be partially reverted to get it right; we
shouldn't assume that we can use the same shift in gfx-* definitions for
both the ASCII art and the associated image -- the {image, image_rl}
pair should be converted to something more like an fbimg or gfx table

    [5 lines not shown]

qat: update API files to use SPDX identifier

API files are updated to have SPDX identifier and remove
longer form of license to ensure consistency with the
license format across all files.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: refactor error handling and add mutex locks

Error handling in qat driver code has been refactored.
Mutex lock handling has also been added during driver
attach and detach. Also pci_disable_busmaster() is called in
adf_detach() to ensure proper cleanup during device detachment.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: driver updates to improve code and fix bugs

Bug fixes and improvements are done for the qat code base
to improve code quality.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: reimplement cpaCyGetXXXInstances as a wrapper

Currently code from sal_instances.c and sal_crypto.c
for getting cy instances or number of instances is duplicated.

This commit replaces cpaCyGetXXXInstances implementation with
Lac_GetCyXXXInstancesByType invocation.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: restrict sysctl access to privileged users

Access to crucial QAT driver internals, such as
firmware counters and transport debug via
sysctl, has been limited to privileged users only.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: move debugfs handling to separate file

Moved handling of debugfs entries to a separate file.
In addition, it will allow to consolidate the addition of
debugfs entries to a single location in the code.

This implementation adds infrastructure to create (and remove)
debugfs entries at two different stages.
- Done when a device is probed, allows to keep debugfs entries
persistent between a transition in device state (up to down or
vice versa).
- Done after the initialization phase, allows to have debugfs
entries that are accessible only when the device is up.

In addition, moved the creation of debugfs entries for configuration
of the newly created function adf_dbgfs_init() and replace symbolic
permissions with octal permissions when creating the debugfs files.

Added sysctl oids storage for proper cleanup on device down.

    [5 lines not shown]

qat: update 4xxx capabilities handling

Some capabilities were not properly fused out based on
the hardware slices. Hence updated the function accordingly.
Both PF and VF are changed.

This change also streamlines capability handling for SYM service:
- Lack of UCS slice does not mean that CIPHER capabilities are not
  available.
- SYM capabilities should be considered disabled only if both
  AUTH and CIPHER capabilities are not present.
- AUTH capability shouldn't disable CIPHER.

SMX slice mask for qat_4xxx is also corrected to check for
both SM3 and SM4 support.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

qat: add disable safe dc mode for QAT SPR devices

Build and sysctl configuration modes are introduced for QAT SPR
devices to disable safe dc mode. A new QAT driver build option
‘QAT_DISABLE_SAFE_DC_MODE’ is required to build the QAT driver
with code that allows a request to be sent to FW to override the
‘History Buffer’ mitigation. Default QAT driver builds do not
include this ‘QAT_DISABLE_SAFE_DC_MODE’ build option. Even if the
QAT driver was built with code that allows a request to be sent to
FW to override the ‘History Buffer’ mitigation, the QAT driver must
still be configured using sysctl to request an override of the
‘History Buffer’ mitigation if desired. The default QAT driver
configuration option sysctl dev.qat.X.disable_safe_dc_mode does not
allow override of the mitigation. The new sysctl attribute
disable_safe_dc_mode is to be set to 1 for overriding the history
buffer mitigation. Firmware for qat_4xxx is updated for this change.
If this mode is enabled, decompression throughput increases but may
result in a data leak if num_user_processes is more than 1.
This option is to be enabled only if your system is not prone to

    [6 lines not shown]

qat: fix typos and formatting issues

Multiple typos are corrected across the source code.
Formatting corrections are done to improve code quality
and maintainability. Some files which did not have proper
Copyright license are updated.

Reviewed by:    markj, ziaee
MFC after:      2 weeks
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D50379

pfctl: void functions and exit(3) on error

Changes:
 voided:
  - pfctl_do_clear_tables
  - pfctl_show_tables
  - pfctl_show_ifaces

Those functions now exit(3) in case of error instead
of passing it up to the callers (where it was ignored).

OK mikeb@, sashan@

Obtained from:  OpenBSD, awolk <awolk at openbsd.org>, c5e9690e42
Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf.conf.5: clarify filter evaluation and anchor loading

* Clarify that filter rules are evaluated once per packet and interface,
not only once per packet.
* Clarify that the syntax   anchor "name" { ... }   both loads and
evaluates the anchor, rather than merely loading it.
Triggered by questions from Benedikt Neuffer <bene at usta dot de>.
OK mikeb@

Obtained from:  OpenBSD, schwarze <schwarze at openbsd.org>, 7528bd0ba2
Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf.conf.5: clarify set prio

the second prio given applies to
1) TCP ACKs
2) packets with ToS=lowdelay
and not TCP ACKs that have ToS=lowdelay
confusion discovered during bsdcan pf tutorial

Obtained from:  OpenBSD, henning <henning at openbsd.org>, ab995ee558
Sponsored by:   Rubicon Communications, LLC ("Netgate")

diff: minor fixes to manual page

* Add missing dash before long option name in synopsis.
* Remove spurious paragraph break and bullet item.
* While there, fix mandoc -T lint complaints.

Reviewed by:    ziaee, des
Differential Revision:  https://reviews.freebsd.org/D48388