mlx5: report IPSEC offload capabilities whenever IPSEC_OFFLOAD is configured
Do it always for bootverbose if offload was enabled in the kernel
config, not only if the device actually supports all required
capabilities to do the offload. Otherwise, having the code to print the
caps is pointless.
Reviewed by: slavash
Tested by: Wafa Hamzah <wafah at nvidia.com>
Sponsored by: NVidia networking
MFC after: 1 week
netipsec/ipsec_offload.c: handle failures to install SA nicely
If driver refused to install SA, record rejected handle for SA on the
interface always, not only for EOPNOTSUPP case. The
ipsec_accel_output() function did the right thing if there is no
rejection handle, but not having the handle allows further attempts to
install the SA on the interface.
If driver installed the SA, but ipsec_accel_handle_sav() returned error,
uninstall the SA from the interface. Hardware must not be set up to
process packets for which kernel expects no processing is done.
In both cases, free the drv_spi if a handle was not installed. But keep
drv_spi allocated if the deinstall returned an error from the driver.
Reviewed by: slavash
Tested by: Wafa Hamzah <wafah at nvidia.com>
Sponsored by: NVidia networking
MFC after: 1 week
nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()
nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too. The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
true,
4. the first thread incorrectly unlocks the lower vnode.
Fix this by testing VN_IS_DOOMED directly. Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.
Thanks to leres@ for patiently helping to track this down.
PR: 288345
MFC after: 1 week
[2 lines not shown]
tcp: improve handling of segments in TIME WAIT
The check for excluding duplicate ACKs needs to consider only TH_SYN
and TH_FIN. We know that TH_ACK is set and TH_RST is cleared. All
other flags, in particular TH_ECE, TH_CWR, and TH_AE needs to be
ignored for the check.
PR: 292293
Reviewed by: rrs
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D55489
tcp: BBLog incoming packets in TCPS_TIME_WAIT
PR: 292293
Reviewed by: rrs, rscheff, pouria, Nick Banks, Peter Lei
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D5546
When TCP ECN decides it wants to assure an ACK is sent it needs to do it correctly and with some limits.
So in testing I have found two interesting cases where ECN is going
to make it so that an ack will be sent right away. These cases need
to be limited to being in the ESTABLISHED state. You don't want ECN
sending ACK's when we are transitioning in front or end states.
Also we don't start a delayed ack timer <and> at the same time set
the ACKNOW flag, thats just plain wrong.
Reviewed by: tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55460>
sctp: fix so_proto when peeling off a socket
Reported by: glebius
Reviewed by: rrs
Fixes: d195b3783fa4 ("sctp: fix socket type created by sctp_peeloff()")
Differential Revision: https://reviews.freebsd.org/D55454
mpool/mpool_get.c: Avoid clobbering 'errno' when handling 'pread' errors
POSIX.1-2024 states that the 'free' function "shall not modify errno if
ptr is a null pointer or a pointer previously returned as if by malloc()
and not yet deallocated". However this is a fairly recent addition
and non-compliant allocators might still clobber 'errno', causing
'mpool_get' to return the wrong error code. Fix this by saving
and restoring 'errno' after calling 'free'.
Sponsored by: Klara, Inc.
Reviewed by: obiwac
Differential Revision: https://reviews.freebsd.org/D55463
MFC after: 1 week
pf: avoid NULL deref on purged states
States can be invalidated and still be present in the state table for a
while (until the pf_purge thread cleans them up). These states might not
have keys set, so we must make sure a state is not purged before we try
to access those keys.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit d60082f16e4c91d4b97d8b3b56b39fa348ecfbda)
asmc: introduce the concept of generic models
Having to enter in each of the models for Apple hardware, recompiling,
etc, is tedious. Provide generic models so end-users can leverage some
of the capabilities provided by the driver, i.e., common features like
minimal fans and lights (if present on the generic model) support.
The generic models are as follows:
- Macmini
- MacBookAir
- MacBookPro
- MacPro
This sort of follows the pattern established by the `applesmc` driver in
Linux.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55395
asmc: add Wake-on-LAN control via sysctl
Apple Mac systems support Wake-on-LAN from powered-off state (S5/G2) via
the AUPO SMC key.
This change adds a convenience sysctl, `dev.asmc.0.wol`. This can be
disabled if set to 0 and enabled if set to 1.
The AUPO key is volatile and resets to 0x00 on every boot, so WoL must
be manually enabled before each shutdown to work from powered-off state.
Users need to run: `sysctl dev.asmc.0.wol=1` before shutting down the
system. The sysctl is best set to persist in `/etc/sysctl.conf`.
MFC after: 1 week
Reviewed By: markj, ngie
Differential Revision: https://reviews.freebsd.org/D54439
chore: replace {0, 0} with {DEV,KOBJ}METHOD_END
Both of the aforementioned macros have been present in FreeBSD
for well over a decade: 2009 for `KOBJMETHOD_END`; 2011 for
`DEVMETHOD_END`.
Adapt all hardcoded references of `{0, 0}` with `DEVMETHOD_END`
and `KOBJMETHOD_END` as appropriate. This helps ensure that
future adaptations to drivers following patterns documented
in driver(9) can be made more easily/without issue.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55414
syscall_timing: add Makefile.depend
This was part of review D44761. It was separated into another commit for
better clarity.
Obtained from: Hewlett Packard Enterprise
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44761
Use NO_SHARED instead of explicitly using -static flag
NO_SHARED is the proper way to declare linking a program without
shared libraries.
Obtained from: Hewlett Packard Enterprise
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D44761
LinuxKPI: 802.11: fold the sta state machine again
In and around d9f59799fc3e7 we adjusted the initial sta state machine
implementation and unfolded some functions, duplicating code.
This version tries to undo some of that as it seems that we can get
away with doing it more cleanly these days.
There are 5 main functions for the path from INIT to RUN (UP1,2,3.1,3.2,4)
and 4 main functions for the path from RUN to INIT (DOWN1,2,3,4).
The reason there is one more on the patch up is that we can go directly
from AUTH to RUN without going through ASSOC first.
In addition there are further functions relying only on these 9 base
state change functions in order to implement the remaining possible
state transitions net80211 can do (without CSA and SLEEP).
Another change is that we no longer take a sta always through INIT/SCAN
first and then back up to AUTH, that is, we are no longer deleting the
sta from the firmware unless net80211 would also take us down to that
state and in a follow-up back up.
[12 lines not shown]
LinuxKPI: 802.11: improve crypto debug logging
Add a log entry to lkpi_ieee80211_iterate_keys() in order to be able
to determine if there are still keys available when a driver calls
into this (e.g., iwlwifi does before removing the sta to make sure
the keys are gone).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
LinuxKPI: 802.11: adjust assoc check before key deletion
There is a discrepancy between the vif assoc state and the sta state
(see comment in lkpi_sta_run_to_init()).
Adjust the check in lkpi_iv_key_delete() and add it to
lkpi_sta_del_keys() so that we can take way the keys after whatever
comes first: the sta went away from AUTHORIZED (RUN) or if the vif is
no longer marked assoc.
This is needed as we may only take the sta down partially back to
State 2 (cf. 802.11-2024, Figure 11-23) and key material is no longer
valid before the vif gets cleaned up and the sta is removed entirely.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
cxgbe tom: Use the same WRs as iSCSI to send PDUs for NVMe
Reviewed by: np (earlier version)
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D55470
Do not fail 'devctl clear driver' if another driver is not found
Detaching the bhyve(4) ppt driver from an unsupported PCI device
should not raise a "Device not configured" error. We do not expect
that a new driver must take over the device in this case.
Reviewed by: imp, jhb
Differential Revision: https://reviews.freebsd.org/D52050