There's too many broken hardware out there that wrongly has the
ACPI_FADT_NO_VGA bit set. Ignore it unless running as a virtualized
guest, as then the expectation would be that the hypervisor does
provide correct ACPI tables.
Reviewed by: emaste, 0mp, eugen
Sponsored by: Citrix Systems R&D
PR: 230172
(cherry picked from commit 0518832011)
This codec is found in recent versions of the Framework laptop. Tempo
Semiconductor acquired these products from IDT's Audio Business Unit.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e997f33700)
/usr/freebsd-dist is used used by various programs as the location for
FreeBSD distribution files. In-tree programs following this convention
are bsdinstall(8) and release(7).
Reviewed by: Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34552
(cherry picked from commit 11a6c85d7f)
For an invalid filesystem name used like this:
mount -t asdfs /dev/ada1p5 /usr/obj
emit an error message like this:
mount: /dev/ada1p5: Invalid fstype: Invalid argument
instead of:
mount: /dev/ada1p5: Operation not supported by device
Differential Revision: https://reviews.freebsd.org/D31540
(cherry picked from commit 6e8272f317)
These drivers are broken and have been scheduled for removal since 2012.
They will finally be removed before FreeBSD 14.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 1d7f6de5cf)
Merge commit '971fa603f2bdf16273135a00ff16c5585520c53f'
Changes: https://github.com/eggert/tz/blob/2022a/NEWS
With this merge, we return to our previous long-standing practice of
distributing the IANA Time Zone Database unmodified.
Releases of tzdb since 2021b have merged some time zones where clocks
have agreed since 1970. The overwhelming majority of users will not be
affected by this change. A port of the newly created global-tz fork of
the IANA Time Zone database (misc/global-tz) is available for users who
need more granular pre-1970 time zone history.
(cherry picked from commit 8ea5af2b77)
The zfskeys service script starts before the zfs service script, so that
dataset decryption keys are available when `zfs mount -a` is run. One of
the potential edge cases of this design is that if a key is stored on
ZFS it won't be loaded until `zfs mount -a` is issued.
In order to address that let's try to load the additional keys and mount
related ZFS datasets after the zfs script finishes its standard mounting
procedure.
PR: 262468
Reported by: Graham Perrin <grahamperrin@gmail.com>
Reviewed by: allanjude
Approved by: allanjude (src)
Fixes: 33ff39796f Add zfskeys rc.d script for auto-loading encryption keys
MFC after: 3 days
Sponsored by: Modirum
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D34601
(cherry picked from commit 97aeda2243)
The new dev.netmap.max_bridges sysctl tunable can be set in
loader.conf(5) to change the default maximum number of VALE
switches that can be created. Current defaults is 8.
MFC after: 2 weeks
(cherry picked from commit dd6ab49a9a)
66acf7685b failed to build on riscv (and mips). This is because the
atomic_testandset_int() (and friends) functions do not exist there.
Happily those platforms do have the long variant, so switch to that.
PR: 262571
MFC after: 3 days
(cherry picked from commit 0bf7acd6b7)
The total size of the user-provided nmreq was first computed and then
trusted during the copyin. This might lead to kernel memory corruption
and escape from jails/containers.
Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative
Security: CVE-2022-23084
MFC after: 3 days
(cherry picked from commit 3937299165)
An unsanitized field in an option could be abused, causing an integer
overflow followed by kernel memory corruption. This might be used
to escape jails/containers.
Reported by: Reno Robert and Lucas Leong (@_wmliang_) of Trend Micro
Zero Day Initiative
Security: CVE-2022-23085
(cherry picked from commit 694ea59c70)
Correct the wifi regexp to include iwlwifi and remove wi driver that was
has been retired.
Sponsored by: Netflix
(cherry picked from commit e0ab0ff104)
We don't really use the scsi regexp for anything. The rescan was a
workaround that was fixed a long time ago and has been disabled for
ages. And the regexp was incomplete.
Sponsored by: Netflix
(cherry picked from commit 926e825ef8)
If fstat(2) fails the close(2) won't be called, which will leak the
file descriptor.
The idea was borrowed from OpenBSD, where similar patch
was applied for futimens(2).
MFC after: 1 week
(cherry picked from commit cb54c500d0)
FreeBSD 13+ running as virtual guest may load virtio_random(8) driver
by means of devd(8) unless the driver is blacklisted or disabled
via device.hints(5). Currently, the driver may prevent
the system from rebooting or shutting down correctly.
This change deactivates virtio_random at very late stage
during system shutdown sequence to avoid deadlock
that results in kernel hang.
PR: 253175
Tested by: tom
Relnotes: yes
(cherry picked from commit adbf7727b3)
building libsa needs to use -I${LDRSRC} for some files.
PR: 260083
Submitted by: Ivan Rozhuk
Approved by: re (gjb, early MFC)
(cherry picked from commit 9633c3d874)
Currently armv8crypto copies the scheme used in aesni(9), where payload
data and output buffers are allocated on the fly if the crypto buffer is
not virtually contiguous. This scheme is simple but incurs a lot of
overhead: for an encryption request with a separate output buffer we
have to
- allocate a temporary buffer to hold the payload
- copy input data into the buffer
- copy the encrypted payload to the output buffer
- zero the temporary buffer before freeing it
We have a handy crypto buffer cursor abstraction now, so reimplement the
armv8crypto routines using that instead of temporary buffers. This
introduces some extra complexity, but gallatin@ reports a 10% throughput
improvement with a KTLS workload without additional CPU usage. The
driver still allocates an AAD buffer for AES-GCM if necessary.
Reviewed by: jhb
Tested by: gallatin
Sponsored by: Ampere Computing LLC
Submitted by: Klara Inc.
(cherry picked from commit 26b08c5d21)
This was useful in converting armv8crypto to use buffer cursors. There
are some cases where one wants to make two passes over data, and this
provides a way to "reset" a cursor.
Reviewed by: jhb
(cherry picked from commit 09bfa5cf16)
This is in preparation for using buffer cursors. No functional change
intended.
Reviewed by: jhb
Sponsored by: Ampere Computing LLC
Submitted by: Klara Inc.
(cherry picked from commit 0b3235ef74)
For historical reasons console color number 3 may be either yellow (most
consoles) or brown (VGA palette). The console escape code standard
uses "yellow", but teken color name constants appear to be based on the
VGA scheme and use TC_BROWN for color 3. Even so, the palette table
used 50,50,0 as the RGB percentage tuple, resulting in a dim yellow for
framebuffer consoles at the time teken was introduced.
Amusingly, in 19e2ce2d83 the comment on the palette entry was changed
from "brown" to "dark yellow" but the colour itself was changed from
a pure yellow to being somewhat brown.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e9249ef958)
Accept "bright" or "light" prefix for named colors.
For numeric colors, update error message to specify that values 0 to 15
are allowed, and verify that values are in that range.
Reviewed by: imp, tsoome (both earlier version)
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34512
(cherry picked from commit 425e57e7a2)
This avoids clients using garbage values on the stack and makes
debugging easier.
Sponsored by: NVIDIA Networking
(cherry picked from commit 88a29d89eb)
When there are multiple devices sharing the same USB vendor and product ID,
the wrong device may be selected. Fix this by also matching the bus and
device address, ugen<X>.<Y> .
Sponsored by: NVIDIA Networking
(cherry picked from commit 16346e1401)
/etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is in
use the .eli or .bde device will not exist at the time dumpon runs.
Even if this is addressed it does not make sense to dump core to
encrypted swap, as the encryption key will not be available after
reboot rendering the dump useless. Thus, for the case that dumpdev=AUTO
and encrypted swap is in use, strip the extension and use the underlying
device.
Emit a warning if we are using the underlying device and the user has not
configured dump encryption, so that the user knows that the will not be
encrypted.
PR: 238301
Reported by: Ivan Rozhuk
Reviewed by: jilles
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34474
(cherry picked from commit 67e751f167)
As an unwanted side effect of the performance improvements in
24f0bfbad5, epair interfaces stop forwarding traffic on higher
load levels when running on multi-core systems.
This happens due to a race condition in the logic that decides when to
place work in the task queue(s) responsible for processing the content
of ring buffers.
In order to fix this, a field named state is added to the epair_queue
structure. This field is used by the affected functions to signal each
other that something happened in the underlying ring buffers that might
require work to be scheduled in task queue(s), replacing the existing
logic, which relied on checking if ring buffers are empty or not.
epair_menq() does:
- set BIT_MBUF_QUEUED
- queue mbuf
- if testandset BIT_QUEUE_TASK:
enqueue task
epair_tx_start_deferred() does:
- swap ring buffers
- process mbufs
- clear BIT_QUEUE_TASK
- if testandclear BIT_MBUF_QUEUED
enqueue task
PR: 262571
Approved by: re (gjb, early MFC)
Reported by: Johan Hendriks <joh.hendriks@gmail.com>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D34569
(cherry picked from commit 66acf7685b)