BSD Commit Log Search

mlx5: report IPSEC offload capabilities whenever IPSEC_OFFLOAD is configured

Do it always for bootverbose if offload was enabled in the kernel
config, not only if the device actually supports all required
capabilities to do the offload. Otherwise, having the code to print the
caps is pointless.

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah at nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

ipsec_offload: add comment stating why ipsec_accel_sa_newkey_cb() returns 0

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah at nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

mlx5: convert GET_TRUNK_IF() to function

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah at nvidia.com>
Sponsored by:   Nvidia networking
MFC after:      1 week

netipsec/ipsec_offload.c: handle failures to install SA nicely

If driver refused to install SA, record rejected handle for SA on the
interface always, not only for EOPNOTSUPP case.  The
ipsec_accel_output() function did the right thing if there is no
rejection handle, but not having the handle allows further attempts to
install the SA on the interface.

If driver installed the SA, but ipsec_accel_handle_sav() returned error,
uninstall the SA from the interface.  Hardware must not be set up to
process packets for which kernel expects no processing is done.

In both cases, free the drv_spi if a handle was not installed.  But keep
drv_spi allocated if the deinstall returned an error from the driver.

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah at nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()

nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too.  The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
   usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
   true,
4. the first thread incorrectly unlocks the lower vnode.

Fix this by testing VN_IS_DOOMED directly.  Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.

Thanks to leres@ for patiently helping to track this down.

PR:             288345
MFC after:      1 week

    [2 lines not shown]

tcp: improve handling of segments in TIME WAIT

The check for excluding duplicate ACKs needs to consider only TH_SYN
and TH_FIN. We know that TH_ACK is set and TH_RST is cleared. All
other flags, in particular TH_ECE, TH_CWR, and TH_AE needs to be
ignored for the check.

PR:                     292293
Reviewed by:            rrs
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D55489

tcp: BBLog incoming packets in TCPS_TIME_WAIT

PR:                     292293
Reviewed by:            rrs, rscheff, pouria, Nick Banks, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D5546

When TCP ECN decides it wants to assure an ACK is sent it needs to do it correctly and with some limits.

So in testing I have found two interesting cases where ECN is going
to make it so that an ack will be sent right away. These cases need
to be limited to being in the ESTABLISHED state. You don't want ECN
sending ACK's when we are transitioning in front or end states.
Also we don't start a delayed ack timer <and> at the same time set
the ACKNOW flag, thats just plain wrong.

Reviewed by: tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55460>

sctp: fix so_proto when peeling off a socket

Reported by:            glebius
Reviewed by:            rrs
Fixes:                  d195b3783fa4 ("sctp: fix socket type created by sctp_peeloff()")
Differential Revision:  https://reviews.freebsd.org/D55454

mpool/mpool_get.c: Avoid clobbering 'errno' when handling 'pread' errors

POSIX.1-2024 states that the 'free' function "shall not modify errno if
ptr is a null pointer or a pointer previously returned as if by malloc()
and not yet deallocated". However this is a fairly recent addition
and non-compliant allocators might still clobber 'errno', causing
'mpool_get' to return the wrong error code. Fix this by saving
and restoring 'errno' after calling 'free'.

Sponsored by:   Klara, Inc.
Reviewed by:    obiwac
Differential Revision:  https://reviews.freebsd.org/D55463
MFC after:      1 week

pf: avoid NULL deref on purged states

States can be invalidated and still be present in the state table for a
while (until the pf_purge thread cleans them up). These states might not
have keys set, so we must make sure a state is not purged before we try
to access those keys.

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")

(cherry picked from commit d60082f16e4c91d4b97d8b3b56b39fa348ecfbda)

asmc: introduce the concept of generic models

Having to enter in each of the models for Apple hardware, recompiling,
etc, is tedious. Provide generic models so end-users can leverage some
of the capabilities provided by the driver, i.e., common features like
minimal fans and lights (if present on the generic model) support.

The generic models are as follows:
- Macmini
- MacBookAir
- MacBookPro
- MacPro

This sort of follows the pattern established by the `applesmc` driver in
Linux.

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55395

asmc: add Wake-on-LAN control via sysctl

Apple Mac systems support Wake-on-LAN from powered-off state (S5/G2) via
the AUPO SMC key.

This change adds a convenience sysctl, `dev.asmc.0.wol`. This can be
disabled if set to 0 and enabled if set to 1.

The AUPO key is volatile and resets to 0x00 on every boot, so WoL must
be manually enabled before each shutdown to work from powered-off state.
Users need to run: `sysctl dev.asmc.0.wol=1` before shutting down the
system. The sysctl is best set to persist in `/etc/sysctl.conf`.

MFC after:      1 week
Reviewed By:    markj, ngie
Differential Revision:  https://reviews.freebsd.org/D54439

chore: replace {0, 0} with {DEV,KOBJ}METHOD_END

Both of the aforementioned macros have been present in FreeBSD
for well over a decade: 2009 for `KOBJMETHOD_END`; 2011 for
`DEVMETHOD_END`.

Adapt all hardcoded references of `{0, 0}` with `DEVMETHOD_END`
and `KOBJMETHOD_END` as appropriate. This helps ensure that
future adaptations to drivers following patterns documented
in driver(9) can be made more easily/without issue.

MFC after:      1 week
Differential Revision:   https://reviews.freebsd.org/D55414

syscall_timing: add Makefile.depend

This was part of review D44761. It was separated into another commit for
better clarity.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D44761

Use NO_SHARED instead of explicitly using -static flag

NO_SHARED is the proper way to declare linking a program without
shared libraries.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D44761

LinuxKPI: 802.11: adjust assoc check before key deletion

There is a discrepancy between the vif assoc state and the sta state
(see comment in lkpi_sta_run_to_init()).
Adjust the check in lkpi_iv_key_delete() and add it to
lkpi_sta_del_keys() so that we can take way the keys after whatever
comes first: the sta went away from AUTHORIZED (RUN) or if the vif is
no longer marked assoc.
This is needed as we may only take the sta down partially back to
State 2 (cf. 802.11-2024, Figure 11-23) and key material is no longer
valid before the vif gets cleaned up and the sta is removed entirely.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: fold the sta state machine again

In and around d9f59799fc3e7 we adjusted the initial sta state machine
implementation and unfolded some functions, duplicating code.
This version tries to undo some of that as it seems that we can get
away with doing it more cleanly these days.

There are 5 main functions for the path from INIT to RUN (UP1,2,3.1,3.2,4)
and 4 main functions for the path from RUN to INIT (DOWN1,2,3,4).
The reason there is one more on the patch up is that we can go directly
from AUTH to RUN without going through ASSOC first.
In addition there are further functions relying only on these 9 base
state change functions in order to implement the remaining possible
state transitions net80211 can do (without CSA and SLEEP).

Another change is that we no longer take a sta always through INIT/SCAN
first and then back up to AUTH, that is, we are no longer deleting the
sta from the firmware unless net80211 would also take us down to that
state and in a follow-up back up.

    [12 lines not shown]

LinuxKPI: 802.11: improve crypto debug logging

Add a log entry to lkpi_ieee80211_iterate_keys() in order to be able
to determine if there are still keys available when a driver calls
into this (e.g., iwlwifi does before removing the sta to make sure
the keys are gone).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

pkg-stage.sh: Add ext2 and ntfs

Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.

Suggested by:   vladlen, ziaee
MFC after:      3 days

(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)

cxgbe tom: Use the same WRs as iSCSI to send PDUs for NVMe

Reviewed by:    np (earlier version)
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D55470

sys: Declare 'end' as an extern char[]

While here, remove an unused declaration.

Reviewed by:    jrtc27
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53898

Do not fail 'devctl clear driver' if another driver is not found

Detaching the bhyve(4) ppt driver from an unsupported PCI device
should not raise a "Device not configured" error.  We do not expect
that a new driver must take over the device in this case.

Reviewed by:    imp, jhb
Differential Revision:  https://reviews.freebsd.org/D52050

kern/sched_shims.c: back to ifunc

Reported by:    kevans
Reviewed by:    kevans, mhorne
Fixes:  0d3652f67d246348e2c017205c6782caf4484449
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D55490

qoriq / nxp: Fix spelling take II

Fix spelling of NXP, which is not NPX, in two places.

Improves:       a4e30909ec98
Reported by:    Kevin Bowling (kevin.bowling kev009.com), qoriq_dw_pci.c
MFC after:      3 days

LinuxKPI: 802.11: do not leak BA sessions when tearing down state

In certain cases we may tear down state of a node with 'ongoing'
BA sessions.  This can trigger a firmware crash with iwlwifi as
reported in [1] when trying to remove the sta from the firmware.

   0x2010303A | ADVANCED_SYSASSERT
   ..
   0x00000000 | umac data1 (sta id=0)
   ..
   0x0088030C | last host cmd (STA_RM)

[1] https://lists.freebsd.org/archives/freebsd-wireless/2025-November/003901.html

I hit the same problem while running regression tests after
reworking some LinuxKPI 802.11 sta state machine bits.

Add the missing calls to lkpi_sta_run_to_assoc() and lkpi_sta_run_to_init()
to make sure (through net80211) we call (*ampdu_action) with

    [10 lines not shown]

vfs_mount.c: Don't call VFS_MOUNT() if only exports are being updated

PR#293198 reports a hang within ZFS when exports
are being updated concurrently with a VOP_SETEXTATTR().
The hang appears to be caused by mishandling of the
z_teardown_lock, but fixing handling of this lock appears
to be a major effort. Since the hang occurs when
VFS_MOUNT() acquires a write/exclusive z_teardown_lock,
which rarely occurs, except when exports are being updated,
this patch avoids the VFS_MOUNT() call for this case.

Avoiding a VFS_MOUNT() call fixes the hang for the case
reported by PR#293198 and is also an optimization.
As such, this patch avoids the VFS_MOUNT() call when only exports
are being updated similar to what was already being done
within vnet prisons.

PR:     293198

(cherry picked from commit 935cf3284f520c90a63baaadb762caaa30084f5c)

qoriq: fix spelling in device_set_desc()

The product series is called NXP QorIQ Layerscape.  Remove the extra 'e.

MFC after:      3 days
Reviewed by:    mmel, emaste
Differential Revision: https://reviews.freebsd.org/D55388

ofed: reduce usage of struct dma_attrs *dma_attrs

ib_verbs.h still uses struct dma_attrs *dma_attrs everywhere.
It is beyond my knowledge when that struct got deprecated upstream but
it is still supported by our LinuxKPI.  The problem is that the
functions called with that argument (dma_map_single_attrs,
dma_unmap_single_attrs, dma_map_sg_attrs, dma_unmap_sg_attrs) so far
are #defines in LinuxKPI and drop the last argument (attrs) so it was
never a problem.

In preparation to pass the attrs to the actual implementation in LinuxKPI,
which has gained support for them, we now pass dma_sttrs->flags which
is the expected unsigned long bit field.

If anyone has serious interest in updating our ofed implementation they
could look into this some more and remove the usage of struct dma_attrs
entirely.

Sponsored by:   The FreeBSD Foundation

    [3 lines not shown]

ahci: Restrict NVMe redirection by BAR size

Attempts to access vendor-specific registers on emulator of older
Intel hardware was reported to confuse one.  Since the redirection
obviously require BAR size bigger than normal 2KB of AHCI, add
the condition, similar to what Linux is doing.

Requested by:   kib
MFC after:      2 weeks

(cherry picked from commit b9d3945831fc7a60f2065c7a0afc747dc5653c9f)