bge: disable TXCSUM if UDP transmit checksum offloading is disabled
The bge interface is special with respect to transmit checksumi
offloading. In the default settings, an bge interface announces TXCSUM
capabilities, but only supports TCP/IPv4 and not UDP/IPv4 due to
limitations of some of the NICs. This results in problems when the bge
interface becomes a member of a bridge. Since currently only the
TXCSUM capabilities are synced when a member is added to a bridge and
not the protocol specific capabilities, this can result in a situation
where UDP packets are sent out using a bge interface without having a
correct checksum.
To mitigate this problem, initially don't announce TXCSUM capabilities,
when UDP transmit checksum is disabled. It is still possible to enable
TXCSUM capabilities via ifconfig.
PR: 291420
Reviewed by: Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54486
ipv6: account for jumbo payload option
If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.
Reported by: syzbot+73fe316271df473230eb at syzkaller.appspotmail.com
Reviewed by: markj, Timo Voelker
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54394
dwc: improve IPv4 transmit checksum offloading
This patch provides two improvements for TCP/IPv4 and UDP/IPv4
transmit checksum offloading:
(1) Use *CIC_SEG instead of *CIC_FULL, since FreeBSD always provides
a pseudo header checksum.
(2) Don't make transmit IPv4 header checksum offloading a prerequisite
for TCP/IPv4 or UDP/IPv4 transmit checksum offloading.
This is the root cause of PR 291696, since right now the epair
interface does not support transmit IPv4 header checksum offloading,
but TCP/IPv4 and UDP/IPv4 transmit checksum offloading.
PR: 291696
Reviewed by: Timo Voelker
Tested by: Marek Benc
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54395
lib/virtual_oss: don't (over)link to libsamplerate
These plugins require samplerate.h due to virtual_oss's int.h including
it, but don't use any symbols directly so don't link to the library.
Centralize adding the include path.
Reviewed by: christos
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D54705
virtual_oss: build system tidying
general:
- find libsamplerate's headers in the temporary sysroot instead of
digging in the source tree.
- use LIBADD where possible
lib/virtual_oss:
- centralize SHLIBDIR define
- centralize include path for internal headers
- don't try to find libsamplerate directly in .OBJDIR
No functional changes.
Reviewed by: christos
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D54704
iflib: remove convoluted custom zeroing code
Replace a collection of aliasing violations and ifdefs with memset
(which now expands to __builtin_memset and should be quite reliably
inlined.) The old code is hard to maintain as evidenced by the most
recent change to if_pkt_info_t updating the defines, but not the zeroing
code.
Reviewed by: gallatin, erj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Fixes: 43d7ee540efe ("iflib: support for transmit side nic KTLS offload")
Differential Revision: https://reviews.freebsd.org/D54605
(cherry picked from commit 31e7dc6b9a000b02353bfc41cbd897533287cda2)
LinuxKPI: 802.11: assign sequence numbers to frames
While all native drivers were converted to call
ieee80211_output_seqno_assign() after changes to net80211 if needed,
LinuxKPI 802.11 was not fixed. Add the missing call.
Given we are currently only supporting STA mode, we can provide
sequence numbers for all frames (mgmt/beacon would be a problem in
AP mode).
This greatly helps LinuxKPI based drivers other than iwlwifi(4).
If drivers do their own sequence numbers, they will overwrite what we
pre-set unless we would pass a txflag not to do so (beware the
consequences).
Sponsored by: The FreeBSD Foundation
Fixes: eabcd1773fa3, 785edcc2af5a
(cherry picked from commit 9cf85457b13bc7aa125388d63c82acf2b21e9e9e)
LinuxKPI: 802.11: reset hdr after crypto in lkpi_80211_txq_tx_one()
When lkpi_80211_txq_tx_one() calls into the crypto offloading parts to
possibly make space in the headroom, the beginning of our frame moves.
We have to reset hdr after that call as otherwise later classifications
based on the hdr->frame_control will fail or cause wrong classificaiton
of packets.
This makes sure frames will either be directly sent using (*mo_tx)()
or use the correct tid for the correct queue. This helps to get
rtwx8 packets flowing after BA was negotiated.
Sponsored by: The FreeBSD Foundation
Fixes: 11db70b6057e4
(cherry picked from commit f0395993e1ea83705e0da6623843e7d5d03f7269)
LinuxKPI: 802.11: fix rx_nss with VHT
When fixing single-stream chipsets, like iwlwifi(4) AX101, we started
masking the announced with the hardware supported values. This would
probably limit, e.g., rx_nss. During these works we fixed a loop
checking from the highest nss=7 to lowest nss=0 (8..1) and would set
rx_nss if the stream was supported. This left us with always setting
rx_nss on nss=0 to nss + 1 = 1. Instead only update once when we hit
the first supported MCS value (highest number of supported streams).
Looking at the diff of the mentioned commit hash which gets fixed it
looks like even the old code was not correct either.
This only fixes the logic to calculate rx_nss. This does not yet help
with modern drivers to actually update the value. Code for this will
come in a later commit.
Sponsored by: The FreeBSD Foundation
Fixes: adb4901ac9ae
(cherry picked from commit 8494be1b5af7fe4f765532f802ac0a145e061d73)
LinuxKPI: bitcount fix builds with gcc and older llvm
LLVM before 19 and gcc before 14 do not support __builtin_popcountg().
Use __const_bitcount<n> from sys/bitcount.h as a replacement in these
cases. This should still allow drm-kmod to build where the size needs
to be known at compile-time.
Remove the conditional for gcc around the iwlwifi modules build,
which was collateral damage in all this.
Sponsored by: The FreeBSD Foundation
Fixes: 7cbc4d875971, 5e0a4859f28a
Reviewed by: brooks, emaste (without the sys/modules/Makefile change)
Differential Revision: https://reviews.freebsd.org/D54297
(cherry picked from commit 34892a8e30055000352d9612ad985be550c82bea)
sys/bitcount.h: add __const_bitcount<n>
Add a version of __const_bitcount<n> which can be used to get the
numbers at compile-time when __builtin_popcountg() is not available
(see sys/compat/linuxkpi/common/include/linux/bitops.h for LLVM before
19 and gcc before 14).
Obtained from: https://reviews.freebsd.org/D50995#1174884 by obiwac
Sponsored by: The FreeBSD Foundation
Reviewed by: brooks, emaste
Differential Revision: https://reviews.freebsd.org/D54301
(cherry picked from commit 27aa23cee81088b0ffa974eec9f03c654c36438e)
LinuxKPI: 802.11: add compat.linuxkpi.80211.IF.dump_stas_queues
Extend the normal compat.linuxkpi.80211.IF.dump_stas sysctl by
queue information. This was helpful for debugging various issues,
like selecting the outbound queue, stopping queues for BAR and helped
finding multiple bugs.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 32ea8209825af594cbfa1fc654d45eb9a6aab528)
powerpc: fix release image building for Apple partitions
awk changed somewhere between 14 and 15 and it stopped accepting
a hexadecimal number as its input - it will always return 0.
This results in a very badly written apple boot block.
So just remove it; do the math in shell.
PR: kern/292341
Differential Revision: https://reviews.freebsd.org/D54639
Reviewed by: imp
MFC after: 1 week
(cherry picked from commit 7afa03963c448a14b1735a10eaf84941b0b74862)
libjail: extend struct handlers to included MAC labels
MAC label handling is a little special; to avoid being too disruptive,
we allocate a `mac_t *` here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:
- A custom free() handler to avoid leaking the *jp_value
- A custom jailparam_get() handler to mac_prepare() the mac_t and
populate the iove properly, so that the kernel doesn't have to
do something funky like copyin, dereference, copyin again.
- A custom jailparam_set() handler to similarly populate the iovec
properly.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53960
libjail: start refactoring struct ioctl support
Instead of ad-hoc comparisons against the struct type in a few places,
start to abstract out an interface for dealing with struct types. For
now, this just means that we have some special jailparam_import and
jailparam_export handling for the ip addr types, but in the next commit
we'll extend it further to support MAC labels.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53959
jail: document the mac.label parameter
In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators. Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.
Differential Revision: https://reviews.freebsd.org/D54067
mac_set_fd(3): add support for jail descriptors
We'll still add an old-fashioned jail param to configure jail MAC
labels, but for testing it's really easy to grab a jaildesc and use
that.
Reviewed by: jamie, olce
Differential Revision: https://reviews.freebsd.org/D53956
kern: mac: add various jail MAC hooks
This adds the following hooks:
- mpo_prison_check_attach: check for subject capability to attach to
a given jail
- mpo_prison_check_create: check for subject capability to create a
jail with the given option set
- mpo_prison_check_get: check for subject capability to fetch the
given parameters for a jail
- mpo_prison_check_set: check for subject capability to set the
given parameters for a jail
- mpo_prison_check_remove: check for subject capability to remove the
jail
check_get wouldn't typically be a privileged operation, but is included
to give MAC policies a wider range of capabilities at a relatively low
cost. We also add two more for the purpose of label propagation:
- mpo_prison_created: surface the creation of a jail so that one can
do propagation to, e.g., the root vnode or any mounts
[28 lines not shown]
kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.
We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53957
kern: add a mac.label jail parameter
Have it take a `struct mac` and we'll paper over the difference for
jail(8)/jls(8) in libjail(3). The mac_syscalls.h model is taken from
mac_set_proc_*() that were previously done.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53958
