Capsicum enhancements to Google's Chromium web browser
Adaptation of gxemul to support the CHERI MIPS unit test suite and certain CHERI features
DO NOT USE. Use llvm-project instead
DO NOT USE. Use llvm-project instead
"Das U-Boot" ported to CHERI
Tool for exploring CHERI and BERI streamtraces.
memorial-ece/teaching-equivalencies 2
Software to track teaching equivalencies in an academic unit
Port of the GNU Assembler to the CHERI CPU
Library for interacting with CHERI streamtraces
FreeBSD ports tree modified to support BERI/CHERI
push eventfreebsd/freebsd-src
commit sha a649f1f6fd7a098ab173a69fe87916c04a8c6f8d
tcp: Deal with DSACKs, and adjust rescue hole on success. When a rescue retransmission is successful, rather than inserting new holes to the left of it, adjust the old rescue entry to cover the missed sequence space. Also, as snd_fack may be stale by that point, pull it forward in order to never create a hole left of snd_una/th_ack. Finally, with DSACKs, tcp_sack_doack() may be called with new full ACKs but a DSACK block. Account for this eventuality properly to keep sacked_bytes >= 0. MFC after: 3 days Reviewed By: kbowling, tuexen, #transport Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D29835
push time in an hour
push eventfreebsd/freebsd-src
commit sha 9ca874cf740ee68c5742df8b5f9e20910085c011
Add TCP LRO support for VLAN and VxLAN. This change makes the TCP LRO code more generic and flexible with regards to supporting multiple different TCP encapsulation protocols and in general lays the ground for broader TCP LRO support. The main job of the TCP LRO code is to merge TCP packets for the same flow, to reduce the number of calls to upper layers. This reduces CPU and increases performance, due to being able to send larger TSO offloaded data chunks at a time. Basically the TCP LRO makes it possible to avoid per-packet interaction by the host CPU. Because the current TCP LRO code was tightly bound and optimized for TCP/IP over ethernet only, several larger changes were needed. Also a minor bug was fixed in the flushing mechanism for inactive entries, where the expire time, "le->mtime" was not always properly set. To avoid having to re-run time consuming regression tests for every change, it was chosen to squash the following list of changes into a single commit: - Refactor parsing of all address information into the "lro_parser" structure. This easily allows to reuse parsing code for inner headers. - Speedup header data comparison. Don't compare field by field, but instead use an unsigned long array, where the fields get packed. - Refactor the IPv4/TCP/UDP checksum computations, so that they may be computed recursivly, only applying deltas as the result of updating payload data. - Make smaller inline functions doing one operation at a time instead of big functions having repeated code. - Refactor the TCP ACK compression code to only execute once per TCP LRO flush. This gives a minor performance improvement and keeps the code simple. - Use sbintime() for all time-keeping. This change also fixes flushing of inactive entries. - Try to shrink the size of the LRO entry, because it is frequently zeroed. - Removed unused TCP LRO macros. - Cleanup unused TCP LRO statistics counters while at it. - Try to use __predict_true() and predict_false() to optimise CPU branch predictions. Bump the __FreeBSD_version due to changing the "lro_ctrl" structure. Tested by: Netflix Reviewed by: rrs (transport) Differential Revision: https://reviews.freebsd.org/D29564 MFC after: 2 week Sponsored by: Mellanox Technologies // NVIDIA Networking
push time in 2 hours
push eventfreebsd/freebsd-src
commit sha 3dbd5ecfe8872c19483f1ce767efeaa7a118fe26
Add myself (khng) as src committer. Approved by: lwhsu (mentor), philip (mentor)
push time in 2 hours
push eventfreebsd/freebsd-src
commit sha 586aab9e0aa6c811758c19fb03831fc1e7305252
pf: Refactor state killing Extract the state killing code from pfioctl() and rephrase the filtering conditions for readability. No functional change intended. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29795
commit sha 065b5c7fb26eb4239e9bd513dde5a55ef78e45c4
pf tests: Test cases for the 'kill state(s)' feature MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29796
commit sha 9af2317423f399b30ff028e078d01eef553efc7f
pf tests: IPv6 test case for the 'kill state(s)' feature Reviewed by: donner MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29797
push time in 3 hours
push eventfreebsd/freebsd-src
commit sha 33f8d79d765230e3189876dec9f0dad2d768de1a
assert.3: Document static_assert and _Static_assert Reviewed by: imp, 0mp MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29833
push time in 5 hours
push eventfreebsd/freebsd-src
commit sha 6bc0bb2936a41674bc992887ba17fddfa928ac90
Enable GitHub actions CI for stable/13 as well All cross-building patches have been merged to stable/13 so it should also build fine on macOS+Linux. Reviewed By: uqs MFC after: immediately Differential Revision: https://reviews.freebsd.org/D29831
push time in 5 hours
push eventfreebsd/freebsd-src
commit sha b24f2d6d34e48705c3c3e0cd58e8ebfdd2ef7c4f
Enable GitHub actions CI for stable/13 as well All cross-building patches have been merged to stable/13 so it should also build fine on macOS+Linux. Reviewed By: uqs MFC after: immediately Differential Revision: https://reviews.freebsd.org/D29831 (cherry picked from commit 6bc0bb2936a41674bc992887ba17fddfa928ac90)
push time in 5 hours
push eventfreebsd/freebsd-src
commit sha ef0ba6bccef34f414f54760747b54ee9ec2f6786
c.7: Fix some typos Those misspellings were not picked up by igor because they are not present in its list of common spelling errors. Reported by: rpokala
push time in 5 hours
push eventfreebsd/freebsd-src
commit sha ca904beafd925719af998a86cd67a9c787f44255
fork.2: Fix a typo in an example Reported by: rpokala MFC with: c4207d867c201a726aa3157e09262f72166c89c4
push time in 5 hours
push eventfreebsd/freebsd-src
commit sha 5d42c19f1fe2f0745869a6b7b269a747f203362c
Explain the newfs naming convention It might be unclear why newfs and newfs_msdos should cross-reference each other. Add a note explaining it. This is a follow-up to 74bd20769706041108a573601cf0b61c755bdc56. Reported by: kib Reviewed by: imp, kib, rpokala MFC after: 3 days (cherry picked from commit 5b9b65e92fb40703038cbcf61feb4616c42e0b6e)
push time in 6 hours
push eventfreebsd/freebsd-src
commit sha 643758d2c26058a153c191128a4f7efe7c6cf820
Explain the newfs naming convention It might be unclear why newfs and newfs_msdos should cross-reference each other. Add a note explaining it. This is a follow-up to 74bd20769706041108a573601cf0b61c755bdc56. Reported by: kib Reviewed by: imp, kib, rpokala MFC after: 3 days (cherry picked from commit 5b9b65e92fb40703038cbcf61feb4616c42e0b6e)
push time in 6 hours
push eventfreebsd/freebsd-src
commit sha b94b7f317594deea9baf4e0fa7036f14adf00954
development(7): mention the Git mirror list in the manual page MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D29234 (cherry picked from commit 8ef03ce6db330fcc20e800c4d15a9f4915c56c43)
push time in 8 hours
push eventfreebsd/freebsd-src
commit sha ac42b63648b1f33daa45352cc6d795ebd9e4071b
powerpc/powermac: Constrain 'cpu_sleep()' for AIM to mpc745x Rename cpu_sleep() to mpc745x_sleep() to denote what it's actually intended for. This function is very G4-specific, and will not work on any other CPU. This will afterward eliminate a platform_smp_timebase_sync() call by directly updating the timebase instead. (cherry picked from commit b6d8f3b517dec010f3dfad1b33e9945eaa606be5)
commit sha cf8bf3edf8ee41bcd21336e197a6195d4d455ea9
powerpc/aim: Update timebase directly on resume instead of through platform This only works on single-CPU G4 systems, and more work is needed for dual-CPU systems. That said, platform sleep does not work, and this is currently only used for PMU-based CPU speed change. The elimination of the platform_smp_timebase_sync() call is so that the timebase sync rendezvous can be enhanced to perform better synchronization, which requires a full rendezvous. This would be impossible to do on this single-threaded run. (cherry picked from commit 921716186f121a2f6a27178cb302415f37412a79)
push time in 10 hours
push eventfreebsd/freebsd-src
commit sha 78ffcb86d98fc9c27ac7a723c65621667036c42d
nfscommon: fix function name in comment MFC after: 2 weeks
push time in 11 hours
push eventfreebsd/freebsd-src
commit sha 32231805fbe2b9438c2de50c229b43c016207a08
linker_set: fix globl/weak symbol redefinitions to work on clang 12 In clang 12.0.0.rc2, going from weak to global is now a hard error: ``` /usr/src/stand/libsa/amd64/_setjmp.S:67:25: error: _longjmp changed binding to STB_GLOBAL .text; .p2align 4,0x90; .globl _longjmp; .type _longjmp,@function; _longjmp:; .cfi_startproc ``` And the other way is a warning, but we have -Werror: ``` error: __start_set_Xcommand_set changed binding to STB_WEAK [-Werror,-Winline-asm] error: __stop_set_Xcommand_set changed binding to STB_WEAK [-Werror,-Winline-asm] ``` ref: https://reviews.llvm.org/D90108 Reviewed By: arichardson MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29159
push time in 12 hours
push eventfreebsd/freebsd-src
commit sha abc1489bcb55698028585d7667166a4a4192e298
usr.sbin/uefisign: prevent specifying certificate, key or output multiple times. (cherry picked from commit 6234a0bfc8630fc556295812c15d72bde0f6427a)
commit sha 26f2ebfbd9ceb608cba74ae84306fcc1de1646a7
usr.sbin/services_mkdb: diff reduction against NetBSD. (cherry picked from commit 57b9a062d147563ecda72227f0bb051f60eff608)
push time in 13 hours
push eventfreebsd/freebsd-src
commit sha 5a89498d19863d0c4cb074f9b93862a70040bf1b
nfsd: fix stripe size reply for the File Layout pNFS server At a recent testing event I found out that I had misinterpreted RFC5661 where it describes the stripe size in the File Layout's nfl_util field. This patch fixes the pNFS File Layout server so that it returns the correct value to the NFSv4.1/4.2 pNFS enabled client. This affects almost no one, since pNFS server configurations are rare and the extant pNFS aware NFS clients seemed to function correctly despite the erroneous stripe size. It *might* be needed for correct behaviour if a recent Linux client mounts a FreeBSD pNFS server configuration that is using File Layout (non-mirrored configuration). MFC after: 2 weeks
push time in 13 hours
push eventfreebsd/freebsd-src
commit sha ba1182e26376987fe424707b2abc4d6532b28623
bsd.compiler.mk: detect Apple Clang for cross-builds Apple clang uses a different versioning scheme, so if we enable or disable certain warnings for Clang 11+, those might not be supported in Apple Clang 11+. This adds 'apple-clang' to COMPILER_FEATURES, so that bootstrap tools Makefiles can avoid warnings on macOS. Reviewed By: imp Differential Revision: https://reviews.freebsd.org/D29680
commit sha bbd421cdf6d8c6102e6fd3979c5bec21ace3c2e3
contrib/flex: Drop local __dead2 patch Upstream flex has added a yynoreturn, so this diff is no longer needed. Partially reverts r181269. Also regenerate the pre-generated files that are used for bootstrapping. Reviewed By: jkim Differential Revision: https://reviews.freebsd.org/D29679
commit sha 0b4ad01d91a3b24cea00d54d25beed0f487c0183
libc/string/bcopy.c: Use intptr_t as the copy type While most 64-bit architectures have an assembly implementation of this file RISC-V does not. As we now copy 8 bytes instead of 4 it should speed up RISC-V. Using intptr_t instead of int also allows using this file for CHERI pure-capability code since trying to copy pointers using integer loads/stores will invalidate pointers. Reviewed By: kib Obtained from: CheriBSD (partially) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29535
commit sha ab147542b7c0bbc41f7f0499b16933bd8f3f31d7
libc/string/memset.c: Use unsigned long for stores While most 64-bit architectures have an assembly implementation of this file, RISC-V does not. As we now store 8 bytes instead of 4 it should speed up RISC-V. Reviewed By: kib MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29536
commit sha 1ad83445fc0f1d2aecd32635f4ae713a057aa091
Allow lib/msun/logarithm_test to pass on ld128 platforms For some reason the ld128 log1pl() implementation is less accurate than logl(), but does at least guarantee precision >= the ld80 implementation. Mark log1p_accuracy_tests as XFAIL for ld128 and increase the log1p tolerance to the ld80 equivalent in accuracy_tests to avoid losing test coverage for the other functions. PR: 253984 Reviewed By: ngie, dim Differential Revision: https://reviews.freebsd.org/D29039
push time in 13 hours
push eventfreebsd/freebsd-src
commit sha faa9ad8a90058cf07e806cea51c0030bf69f88db
Fix off-by-one error in KASSERT from 02f26e98c7f4.
push time in 14 hours
push eventfreebsd/freebsd-src
commit sha 2763a0928aeedc3c76b0953af9fa7b948026d81b
config: style for '\0' and NULL Use NULL for pointers instead of '0' (though hey are the same thing in these cases). Ditto for using the zero character '\0' instead of a naked 0 (ditto). Reviewed by: markj@ Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D29847
push time in 16 hours
push eventfreebsd/freebsd-src
commit sha 59690eab572dde1176886bff7ed0c506df974e5e
e1000: Add support for [Tiger, Alder, Meteor] Lake Add support for current and future client platform PCI IDs. These are all I219 variants and have no known driver changes versus previous generation client platform I219 variants. Reviewed by: markj MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D29801
push time in 16 hours
push eventfreebsd/freebsd-src
commit sha 37c0f4a2077739e735732374d67525cf6de36d21
Fix typo in rtsock_common.h MFC after: 3 days
commit sha 758c9d54d44f8ce957570b8c2ef6d1b3f28a792d
Improve error reporting in rtsock.c MFC after: 3 days
push time in 17 hours
push eventfreebsd/freebsd-src
commit sha 4b38eed76da9c36f09bff33b5cf15687cd99016f
e1000: Correct promisc multicast filter handling There are a number of issues in the e1000 multicast filter handling that have been present for a long time. Take the updated approach from ixgbe(4) which does not have the issues. The issues are outlined in the PR, in particular this solves crossing over and under the hardware's filter limit, not programming the hardware filter when we are above its limit, disabling SBP (show bad packets) when the tunable is enabled and exiting promiscuous mode, and an off-by-one error in the em_copy_maddr function. PR: 140647 Reported by: jtl Reviewed by: markj MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D29789
push time in 18 hours
push eventfreebsd/freebsd-src
commit sha deecaa144526a5d001aeb99149e2139601388427
ixgbe: Clean up unneeded set in ixgbe_if_multi_set We don't need to set the bits here since the if/else if/else statements fully cover setting these bit pairs. Reported by: markj Reviewed by: markj, erj Approved by: #intel_networking MFC aftter: 1 week Differential Revision: https://reviews.freebsd.org/D29827
push time in 18 hours
push eventfreebsd/freebsd-src
commit sha 407abff2b91847e23711625ad7c69c17e99b3d1d
Cirrus-CI: use FreeBSD 13.0 image for base system CI build We generally want to build and test on the highest release version, and FreeBSD 13.0 also brings some performance benefits. Reviewed by: lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29842
push time in 18 hours
push eventfreebsd/freebsd-src
commit sha 41063b40168b69b38e92d8da3af3b45e58fd98ca
pf: change pf_route so pf only runs when packets enter and leave the stack. before this change pf_route operated on the semantic that pf runs when packets go over an interface, so when pf_route changed which interface the packet was on it would run pf_test again. this change changes (restores) the semantic that pf is only supposed to run when packets go in or out of the network stack, even if route-to is responsibly for short circuiting past the network stack. just to be clear, for normal packets (ie, those not touched by route-to/reply-to/dup-to), there isn't a difference between running pf when packets enter or leave the stack, or having pf run when a packet goes over an interface. the main reason for this change is that running the same packet through pf multiple times creates confusion for the state table. by default, pf states are floating, meaning that packets are matched to states regardless of which interface they're going over. if a packet leaving on em0 is rerouted out em1, both traversals will end up using the same state, which at best will make the accounting look weird, or at worst fail some checks in the state and get dropped. another reason for this commit is is to make handling of the changes that route-to makes consistent with other changes that are made to packet. eg, when nat is applied to a packet, we don't run pf_test again with the new addresses. the main caveat with this diff is you can't have one rule that pushes a packet out a different interface, and then have a rule on that second interface that NATs the packet. i'm not convinced this ever worked reliably or was used much anyway, so we don't think it's a big concern. discussed with many, with special thanks to bluhm@, sashan@ and sthen@ for weathering most of that pain. ok claudio@ sashan@ jmatthew@ Obtained from: OpenBSD MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29554 (cherry picked from commit 829a69db855b48ff7e8242b95e193a0783c489d9)
commit sha c20cdf8c1239efa5d0f3ce14d077b4e6e41daa6a
pf: Add static DTrace probe points These two have proven to be useful during debugging. We may as well keep them permanently. Others will be added as their utility becomes clear. Reviewed by: gnn MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29555 (cherry picked from commit f4c02909167b6f791df470afddfe31cabf009c4d)
commit sha a19dad31b1503e0ee512e5f1cd21b671143bf5c8
pf: Do not short-circuit processing for REPLY_TO When we find a state for packets that was created by a reply-to rule we still need to process the packet. The state may require us to modify the packet (e.g. in rdr or nat cases), which we won't do with the shortcut. MFC after: 2 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 6d786845cf63c8bf57174e3e43b0b5c5eca75be3)
commit sha 8ca8248886af583fa2010badfe03e472d8505db8
pf tests: Test multi-wan rdr This replicates an issue observed on pfSense: https://redmine.pfsense.org/issues/11436 In essence, reply-to is needed to ensure that connections always leave the WAN interface they came in on, but this confused the state tracking. MFC after: 2 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit f37667e2359245ad123fd775c072fd82c81bc476)
push time in 19 hours
push eventfreebsd/freebsd-src
commit sha 71c2e35decdff685b98af7c0e2907f51bc342009
pf: change pf_route so pf only runs when packets enter and leave the stack. before this change pf_route operated on the semantic that pf runs when packets go over an interface, so when pf_route changed which interface the packet was on it would run pf_test again. this change changes (restores) the semantic that pf is only supposed to run when packets go in or out of the network stack, even if route-to is responsibly for short circuiting past the network stack. just to be clear, for normal packets (ie, those not touched by route-to/reply-to/dup-to), there isn't a difference between running pf when packets enter or leave the stack, or having pf run when a packet goes over an interface. the main reason for this change is that running the same packet through pf multiple times creates confusion for the state table. by default, pf states are floating, meaning that packets are matched to states regardless of which interface they're going over. if a packet leaving on em0 is rerouted out em1, both traversals will end up using the same state, which at best will make the accounting look weird, or at worst fail some checks in the state and get dropped. another reason for this commit is is to make handling of the changes that route-to makes consistent with other changes that are made to packet. eg, when nat is applied to a packet, we don't run pf_test again with the new addresses. the main caveat with this diff is you can't have one rule that pushes a packet out a different interface, and then have a rule on that second interface that NATs the packet. i'm not convinced this ever worked reliably or was used much anyway, so we don't think it's a big concern. discussed with many, with special thanks to bluhm@, sashan@ and sthen@ for weathering most of that pain. ok claudio@ sashan@ jmatthew@ Obtained from: OpenBSD MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29554 (cherry picked from commit 829a69db855b48ff7e8242b95e193a0783c489d9)
commit sha 8601d1baf13da4f4241ecead4854839c076558d5
pf: Add static DTrace probe points These two have proven to be useful during debugging. We may as well keep them permanently. Others will be added as their utility becomes clear. Reviewed by: gnn MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29555 (cherry picked from commit f4c02909167b6f791df470afddfe31cabf009c4d)
commit sha 1a4fc03222255f6bcd2662389bebfeec0691cd68
pf: Do not short-circuit processing for REPLY_TO When we find a state for packets that was created by a reply-to rule we still need to process the packet. The state may require us to modify the packet (e.g. in rdr or nat cases), which we won't do with the shortcut. MFC after: 2 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 6d786845cf63c8bf57174e3e43b0b5c5eca75be3)
commit sha a3ce3d6b1f79d4ddf85772d1a0ace7b976dc1d68
pf tests: Test multi-wan rdr This replicates an issue observed on pfSense: https://redmine.pfsense.org/issues/11436 In essence, reply-to is needed to ensure that connections always leave the WAN interface they came in on, but this confused the state tracking. MFC after: 2 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit f37667e2359245ad123fd775c072fd82c81bc476)
push time in 19 hours
push eventfreebsd/freebsd-src
commit sha de703e98e6c863874aa6012e3ce1a61eee58c846
Fix direct route installation with net/bird. Slighly relax the gateway validation rules imposed by the 2fe5a79425c7, by requiring only first 8 bytes (everyhing before sdl_data to be present in the AF_LINK gateway. Reported by: olivier PR: 255089 (cherry picked from commit 7f5f3fcc32bfa553faa007579dfcaed84be3b047)
push time in 19 hours
push eventfreebsd/freebsd-src
commit sha d3f0c032fb8b2d2ee8d491fa95108a3790541662
bsdinstall: restore time selection screen Apparently new dialog does not like the height of 2 for the timebox widget, use 0 (minimum size) instead. Do the same for calendar widget as it does not change the appearance and to prevent possible future surprises. Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D29720
push time in 19 hours