iflib: document new sysctls
Document the new tx related sysctls I've added to iflib in the
last few months: tx_reclaim_ticks & tx_reclaim_thresh
Sponsored by: Netflix
Reviewed by: ziaee
Differential Revision: https://reviews.freebsd.org/D54564
MFC after: 3 days
linker: Reset DMAP protections in link_elf_unload_file()
On x86, when a preloaded kernel module is unloaded, we free the backing
(physically contiguous) pages. The ET_REL linker will have adjusted
protections on segments of the preloaded file, which updates the direct
map, so the original protections must be restored when unloading the
module.
Previously this was handled in kmem_bootstrap_free(), but there is no
apparent reason not to handle this within the kernel linker. Moreover,
we were not resetting permissions in the kernel map on arm64.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D54438
loader.efi: add stride & offset for MacBookPro3,1
Note that there are three variants of this MacBook. We only have the
stride and offset values for the 17" 1680x1050 model.
Reviewed by: vexeduxr
Pull Request: https://github.com/freebsd/freebsd-src/pull/1584
manuals: Correct some sysctl markup
This enables additional searching the manual by sysctl variable.
This syntax is standardized in style.mdoc(5).
Reported by: bapt
MFC after: 3 days
pf: Avoid taking the pf rules write lock in a couple of ioctls
The DIOCGETRULES ioctl handlers has taken the write lock ever since
fine-grained locking was merged to pf, but I believe it's unneeded. Use
the read lock instead.
DIOCGETRULENV takes the write lock as well but I believe this is only
required when clearing rule counters. Acquire the read lock if that is
not the case.
Reviewed by: kp, allanjude
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54292
(cherry picked from commit ae96ff302f8ae50903a96d3a1857f9acf243f3c4)
pf: Fix state handling when ICMP packets are diverted
Commit 66f2f1c83247 ("pf: handle divert packets") missed a case that I
happened to hit while testing something.
Add a regression test for the ICMP case, based on the existing test.
Fix a buglet in the existing test (missing whitespace after "[").
Reviewed by: kp
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54321
(cherry picked from commit 15178d8ed2904d5c4fa31a1531e60dcb1e0f9209)
ifconfig: Fix the -L flag when using netlink
By default, when ifconfig shows a v6 address derived from a
router-advertised prefix, it shows the initial preferred and valid
lifetimes. When -L is specified, it is supposed to show the remaining
lifetimes, but this was broken in the conversion to netlink.
Fix that, and add a regression test which validates ifconfig output
before and after a short-lived address expires.
Reported by: Franco Fichtner <franco at opnsense.org>
Reviewed by: melifaro, allanjude, Seyed Pouria Mousavizadeh Tehrani
Fixes: 4c91a5dfe483 ("ifconfig: make interface and address listing use Netlink as transport")
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54294
(cherry picked from commit df6861d755c8f72380ae7fb8df535b27eba8c0be)
cxgbe.4: Update for recent HARDWARE
Adjust document description, description section, and hardware section
to include Chelsio T7. Since this driver now supports many generations,
order reverse chronologically. Compare language to ice.4 and bnxt.4,
the other terabit ethernet drivers.
This list of HARDWARE is obtained from the Chelsio prouduct selector.
MFC after: 3 days (T7 support shipped with 15.0)
Discussed with: jhb, np
Differential Revision: https://reviews.freebsd.org/D54276
exports.5: Typo: "auomatically" => "automatically"
Fixes: 9d975e47d5a3 ("exports.5: Clarify that exported dirs should be local mount points")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7521dc5dce35159add70003340e1555456721a2d)
setcred(2): Fix a panic on too many groups from latest commit
kern_setcred_copyin_supp_groups() is documented to always set
'sc_supp_groups', but did not do it if there are more supplementary
groups than 'ngroups_max'. Also, that case was omitted from the herald
comment. Add it there, also including it as a case where
'sc_supp_groups_nb' is reset to 0 as a security measure.
Initially, kern_setcred_copyin_supp_groups() had the usual property that
nothing had to be freed on it returning an error, but was then converted
to relying on the caller to free() even on error, and this part was
missed during the conversion. The benefits of this unusual convention
are that we can zero or NULLify groups-related attributes in advance,
preventing inadvertent use of stale data (defensive security measure),
and we can avoid some small code duplication (no need to have two same
calls to free()). This makes sense as kern_setcred_copyin_supp_groups()
is meant to be a private sub-routine of user_setcred() only. While
here, rename kern_setcred_copyin_supp_groups() =>
user_setcred_copyin_supp_groups().
[6 lines not shown]
MAC: Use the current thread's user ABI to determine the layout of struct mac
This removes mac_label_copyin32() as mac_label_copyin() can now handle
both native and 32-bit struct mac objects.
Reviewed by: olce, brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D53755
(cherry picked from commit 134d00bd2c910cc7cc21c11fba093ff82bbb9344)
setcred(): Remove an optimization for when cr_groups[0] was the egid
Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().
As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'. This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.
Since commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,
[10 lines not shown]
setcred: Move initial copyin of struct setcred out to per-ABI syscall
This is the more typical approach used in the tree for system calls
with per-ABI structure layouts.
Reviewed by: olce, brooks
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D53756
(cherry picked from commit 6292eecfd95c78abc1ab14f20ceaa507ab9c636a)
