Releng/14.2 patch #351
Closed
Releng/14.2 patch #351
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eanbled -> enabled (cherry picked from commit b533280)
Clear the EQ_HW_ALLOCATED flag with the wrq lock held and discard all work requests, pending or new, when it's not set. Sponsored by: Chelsio Communications (cherry picked from commit 0a9d1da)
Add a reset_adapter wrapper that picks the most suitable reset routine internally. Use it in the fatal error handler as well as the sysctl based reset. Sponsored by: Chelsio Communications (cherry picked from commit d668a0b)
Sponsored by: Chelsio Communications (cherry picked from commit 1e584ca)
Now that suspend/resume is supported by the base driver, a fatal error isn't the only reason that the RNIC can stop abruptly. Also, this state is no longer permanent as it's possible to resume operations after a stop. Rename the flag and associated routines to match the new state of affairs. Sponsored by: Chelsio Communications (cherry picked from commit 8254a27)
backlog is an int and not a string. While here, fix an adjacent CTR that was spread over two lines even though it fits in one. Sponsored by: Chelsio Communications (cherry picked from commit 3f250bb)
Avoid a pointless assignment while here. Sponsored by: Chelsio Communications (cherry picked from commit 3b4dcc0)
Stop allocating new resources when the RNIC is stopped but continue to allow previously allocated resources to be freed. Note that t4_tom's uld_stop tears down all TOE connections, including those being used for iWARP, and that triggers the cleanup of iWARP resources. Fail post_send/post_recv early too to avoid the SQ doorbell. Sponsored by: Chelsio Communications (cherry picked from commit 9fdb683)
This fixes a regression in 5241b21 where the driver stopped reporting link down after a fatal error unless t4_reset_on_fatal_err was also set. Fixes: 5241b21 cxgbe(4): Basic infrastructure for ULDs to participate in adapter reset. Sponsored by: Chelsio Communications (cherry picked from commit 7aeec28)
This fixes a panic where the peer's ack to the synack arrives on a different queue and do_pass_establish tries to remove the synqe from synqe_list before it has been added by do_pass_accept_req. Reported by: Sony Arpita Das @ Chelsio Fixes: 283333c cxgbe/t4_tom: Track all synq entries in a per-adapter list. Sponsored by: Chelsio Communications (cherry picked from commit 674cbf3)
The STALE state means the L2T entry is valid in hardware but needs to be refreshed (ARP/NDP) in software. But stop/suspend wipes the hardware L2T and STALE entries need to be updated just like VALID entries to match actual hardware state. Fixes: c1c5248 cxgbe/t4_tom: Implement uld_stop and uld_restart for ULD_TOM. Sponsored by: Chelsio Communications (cherry picked from commit 171e579)
The destination queue for tracing filters is destroyed during stop or suspend and the software state needs to reflect this. A new destination queue will be setup when the adapter resumes operation. Sponsored by: Chelsio Communications (cherry picked from commit d82cb5c)
1. Mark the L2T entry valid only if t4_write_l2e succeeds, which won't happen if the adapter is stopped. This prevents L2T entries from sometimes getting (re)promoted to VALID on Tx activity during stop. 2. Discard a work request immediately instead of enqueueing it to the arp queue if the adapter is stopped. Fixes: c1c5248 cxgbe/t4_tom: Implement uld_stop and uld_restart for ULD_TOM. Sponsored by: Chelsio Communications (cherry picked from commit 07f47e8)
An L2 entry in the driver's hash was marked STALE unconditionally if it changed in the kernel when its driver refcount is 0. Fix the driver to do this for VALID entries only. Sponsored by: Chelsio Communications (cherry picked from commit 3883300)
…start. Tracers have to be recreated after a restart but that's okay given that they are used for debugging only. Sponsored by: Chelsio Communications (cherry picked from commit ee3da60)
* Disable IFCAP_TOE automatically on all ifnets on all adapters during unload. This is user-friendly and avoids panics due to stale ifnet state after t4_tom is unloaded. * Do not allow unload if tids are in use by the TOE on any adapter. Reported by: Bimal Abraham @ Chelsio Sponsored by: Chelsio Communications (cherry picked from commit 9ba8670)
Reviewed by: np Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D45187 (cherry picked from commit 1edf61f)
The ldd32 binary is currently in the utilities package but belongs in utilities-lib32. This patch corrects the situation. PR: 249145 Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47023 (cherry picked from commit 53bb561)
Currently the lib32 crt files (/usr/lib32/Scrt1.o etc.) are placed in
the clibs-dev package rather than the clibs-dev-lib32 package.
The /usr/lib32/dtrace/drti.o file is similarly placed in the dtrace
package rather than the dtrace-lib32 package.
Splitting shared libraries in /usr/lib32 into a -lib32 package is
handled in bsd.lib.mk by adding "lib32" to TAGS. However bsd.files.mk
ignores TAGS and only honors ${group}TAGS since 144c442.
This patch changes the behavior of bsd.files.mk to honor TAGS if the
default FILES group is used. This matches the handling of PACKAGE, which
is also ignored unless the default FILES group is used.
With this patch, both the clibs and dtrace package are split correctly.
PR: 249145
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46991
(cherry picked from commit d5e9faf)
As of 2015 (commit b8c19fd) the fdisk man page claimed the command is obsolete, but had no explicit mention of removal. Add another note that follows our current deprecation notice format. Reviewed by: imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47067 (cherry picked from commit 255d2d9)
Requested by: rgrimes Reviewed by: bapt Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D43585 (cherry picked from commit 86e6632)
Add a special keyword "all" for the group name, which allows genl to monitor all groups in an existing family (cherry picked from commit 65e7a64)
the monitor command now subscribes too all groups if no "multicast group" is provided, this avoid potential collision with a group that could be named "all" (cherry picked from commit f45132d)
(cherry picked from commit 33938d8)
genl monitor nlsysevent is now able to print the messages received (cherry picked from commit 8837228)
Following up from another review using basically the same code: remove useless cast replace uint32_t with unsigned int. No functional changes expected (cherry picked from commit 782766a)
(cherry picked from commit 8bfd7d5)
Since 2020-01-15 the ports manpage are locate in /usr/local/share/man (cherry picked from commit 0fbfb22)
Approved by: re (implicit) Sponsored by: Amazon
Approved by: re (implicit) Sponsored by: Amazon
Add the flavored port for all the supported wireless drivers we recently added support for. Sponsored by: The FreeBSD Foundation Pointed out by: cperciva (as part of the set of changes) Reviewed by: cperciva (#releng) Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47406 (cherry picked from commit 2483a2d) (cherry picked from commit f21cb43)
Introduce -q to quieten other output (unless -v is also given). pkg-install(8) currently has no option to allow skipping unavail packages but it will just fail. We would realy want to try to install as much firmware found as possible from the installer. Work around this by doing one firmware package at a time. For that it is highly helpful to be able to query (or possibly re-query) all outstanding fimrware packages. -q together with -n only shows each package to be installed one by line. Once freebsd/pkg#2195 will be implemented we could undo this part of the change and future changes to the installer and use the new option for pkg-install(8) there. While here switch to getopts so -qn works and not just -q -n. Sponsored by: The FreeBSD Foundation Reviewed by: manu Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47445 (cherry picked from commit 1eb3f15) (cherry picked from commit 814a49d)
The Release Hardware Notes are generated from hardware sections in the manual pages. Create or organize these sections in Wi-Fi driver manuals for information flow, and perform minor maintenance on them while here. After some testing, we have determined that a compact column list is the best for a single column listing in the hardware release notes. This makes very clean subsections and is for some reason denser than using a tagged list. This adds the long requested conversion from netmask to cidr examples. These examples probably shouldn't even be here, but that is a discussion for another day. Reported by: bz (relnotes generation, cidr, test-net-1 ip4addr) Reported by: grahamperrin (HARDWARE order mentioned in fdp-primer) Reported by: Graham Percival <[email protected]> (don't prompt) Reviewed by: bz (anything wrong likely is my polishing fault; incl. iwm.4) Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47508 (cherry picked from commit 8f1a2d5) (cherry picked from commit 93b30f1) (cherry picked from commit 6c140ba)
Approved by: re (cperciva) MFC after: 3 days Reviewed by: ray Differential Revision: https://reviews.freebsd.org/D47570 (cherry picked from commit 79af8f7) (cherry picked from commit 3bcbd39)
Add a menu to the installer to run fwget(8) inside the newly installed system to install firmware known to be needed. This requires working netowrking. This is needed at least for wireless currently for when we entirely stop shipping new firmware in src.git to have working networking on the installed system (we already do need this for at least rtw89). Sponsored by: The FreeBSD Foundation Tested with: 4 different iwlwifi chipsets in a system (earlier version) Suggested improvments by: jrtc27 Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47491 (cherry picked from commit bbe2a1d) (cherry picked from commit 15f6edf)
Make sure an interface is back up before (re-)starting wpa_supplicant in wlanconfig not relying on wpa to UP the interface (though we fixed that). Sponsored by: The FreeBSD Foundation Reviewed by: emaste (in D47491) Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47491 (cherry picked from commit 5399052) (cherry picked from commit 7d0c12e)
Wireless driver firmware is no longer added to the src tree. In order to have wireless support in the installer for the new drivers we install the firmware packages onto disc1 (and memstick) and dvd if built on FreeBSD and NOPKG is not defined (to not break cross-builds from Linux or OSX and to allow people to opt-out). Sponsored by: The FreeBSD Foundation Submitted by: cperciva (the orig. commands and where to place them) Reviewed by: jrtc27 Approved by: re (cperciva) Differential Revision: https://reviews.freebsd.org/D47407 (cherry picked from commit 7e2996c) (cherry picked from commit b620125)
On some platforms (e.g. powerpc) we don't have packages, so we can't install them onto the ISOs. Proceed with building the images anyway. Reported by: Weekly snapshot builds Fixes: 7e2996c ("release: install wireless firmware onto disc1 and dvd") Approved by: re (cperciva) (cherry picked from commit e8263ac) (cherry picked from commit 9431091)
The pkg-bootstrap binary depends on fetch. Approved by: re Reviewed by: cperciva, emaste, bapt Differential Revision: https://reviews.freebsd.org/D47661 MFC after: 1 day (cherry picked from commit ca1f1d2) (cherry picked from commit 4a76879)
Approved by: re (implicit) Sponsored by: Amazon
- Bump BRANCH to RELEASE - Add the anticipated RELEASE announcement date - Set a static __FreeBSD_version Approved by: re (implicit) Sponsored by: Amazon
The sockaddr passed to ktrcapfail() may be smaller than sizeof(struct sockaddr), and the trailing bytes in the sockaddr structure will be uninitialized, whereupon they get copied out to userspace. Approved by: so Security: FreeBSD-SA-25:04.ktrace PR: 283673 Reviewed by: jfree, emaste Reported by: Yichen Chai <[email protected]> Reported by: Zhuo Ying Jiang Li <[email protected]> Fixes: 9bec841 ("ktrace: Record detailed ECAPMODE violations") MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D48499 (cherry picked from commit 5b86888) (cherry picked from commit 99d5ee8)
syscallenter() has a slow path to handle syscall auditing and dtrace syscall tracing. It uses AUDIT_SYSCALL_ENTER() to check whether to take the slow path, but this macro also has side effects: it writes the audit log entry. When systrace (dtrace syscall tracing) is enabled, this would get short-circuited, and we end up not writing audit log entries. Introduce a pure macro to check whether auditing is enabled, use it in syscallenter() instead of AUDIT_SYSCALL_ENTER(). Approved by: so Security: FreeBSD-EN-25:02.audit Reviewed by: kib Reported by: Joe Duin <[email protected]> Fixes: 2f72924 ("Merge audit and systrace checks") MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48448 (cherry picked from commit f78fe93) (cherry picked from commit 4b9ba27)
Changes: https://github.com/eggert/tz/blob/2025a/NEWS Approved by: so Security: FreeBSD-EN-25:03.tzdata (cherry picked from commit 46226b0) (cherry picked from commit a158d26)
File system specific *fid structures are copied into the generic struct fid defined in sys/mount.h. As such, they cannot be larger than struct fid. This patch packs the structure and checks via a __Static_assert(). Approved by: so Security: FreeBSD-SA-25:02.fs Reported by: Kevin Miller <[email protected]> Reviewed by: olce, imp, kib, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47879 (cherry picked from commit 205659c) (cherry picked from commit 54974e7)
File system specific *fid structures are copied into the generic struct fid defined in sys/mount.h. As such, they cannot be larger than struct fid. This patch packed the structure and checks via a __Static_assert(). Approved by: so Security: FreeBSD-SA-25:02.fs Reviewed by: markj MFC after: 2 weeks (cherry picked from commit bfc8e33) (cherry picked from commit 7a3a040)
File system specific *fid structures are copied into the generic struct fid defined in sys/mount.h. As such, they cannot be larger than struct fid. This patch packs the structure and checks via a __Static_assert(). Approved by: so Security: FreeBSD-SA-25:02.fs Reviewed by: markj MFC after: 2 weeks (cherry picked from commit 4db1b11) (cherry picked from commit 155987e)
In the window during conflict resolution, copies of installed files with conflicts are added here with the default mode. Restrict access. Approved by: so Security: FreeBSD-SA-25:03.etcupdate PR: 277470 Reviewed by: philip, jhb, emaste Differential Revision: https://reviews.freebsd.org/D48576 (cherry picked from commit c43ae7a) (cherry picked from commit 93836ff)
Approved by: so
Reviewer's Guide by SourceryThis pull request updates man pages, removes MD5 interceptors, and simplifies some SCTP functions. Class diagram showing removed MD5 interceptor functionsclassDiagram
class MD5_Interceptors {
-MD5Init(context)
-MD5Update(context, data, len)
-MD5Final(digest, context)
-MD5End(context, buf)
-MD5File(filename, buf)
-MD5Data(data, len, buf)
}
note for MD5_Interceptors "All MD5 interceptor functions removed"
Class diagram showing simplified SCTP functionsclassDiagram
class SCTP_Functions {
+sctp_find_ifn(ifn, ifn_index)
+sctp_add_addr_to_vrf(vrf_id, ifn, ifn_index, addr)
+sctp_del_addr_from_vrf(vrf_id, addr, ifn, ifn_index)
-sctp_mark_ifa_addr_down()
-sctp_mark_ifa_addr_up()
}
note for SCTP_Functions "Removed: sctp_mark_ifa_addr_down() and sctp_mark_ifa_addr_up()
Simplified: sctp_find_ifn(), sctp_add_addr_to_vrf(), and sctp_del_addr_from_vrf()"
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @ericbsd - I've reviewed your changes - here's some feedback:
Overall Comments:
- The removal of MD5 (and associated SHA2) interceptors simplifies sanitizer common code; please ensure that all build‐ and runtime tests that depend on these functions have been updated and that no ABI or regression issues occur as a result.
- Many man pages, configuration files, and release scripts were updated (e.g. SPDX license headers, update to release dates, removal of outdated functions, and new OCI support). Please double-check that all documentation and script changes are consistent across the codebase and that any new functionality (such as OCI image build support) is properly exercised and integrated with existing tooling.
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟡 Security: 1 issue found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
sys/kern/kern_proc.c
Outdated
Comment on lines
2719
to
2723
| kve->kve_ref_count = obj->ref_count; | ||
| kve->kve_shadow_count = obj->shadow_count; | ||
| if (obj->type == OBJT_DEVICE || | ||
| obj->type == OBJT_MGTDEVICE) { | ||
| cdev = obj->un_pager.devp.dev; | ||
| if ((obj->type == OBJT_DEVICE || | ||
| obj->type == OBJT_MGTDEVICE) && | ||
| (obj->flags & OBJ_CDEVH) != 0) { |
There was a problem hiding this comment.
🚨 suggestion (security): Use VM_OBJECT_ASSERT_LOCKED when accessing object flags
Add assertions to verify the VM object lock is held when checking flags and accessing the handle field.
Suggested change
| kve->kve_ref_count = obj->ref_count; | |
| kve->kve_shadow_count = obj->shadow_count; | |
| if (obj->type == OBJT_DEVICE || | |
| obj->type == OBJT_MGTDEVICE) { | |
| cdev = obj->un_pager.devp.dev; | |
| if ((obj->type == OBJT_DEVICE || | |
| obj->type == OBJT_MGTDEVICE) && | |
| (obj->flags & OBJ_CDEVH) != 0) { | |
| kve->kve_ref_count = obj->ref_count; | |
| kve->kve_shadow_count = obj->shadow_count; | |
| VM_OBJECT_ASSERT_LOCKED(obj); | |
| if ((obj->type == OBJT_DEVICE || | |
| obj->type == OBJT_MGTDEVICE) && | |
| (obj->flags & OBJ_CDEVH) != 0) { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by Sourcery
Update man pages and remove MD5 interceptors.
Enhancements:
Documentation:
Tests: