sys: enable both SCHED_ULE and SCHED_4BSD for some configs

Globally enable both schedulers for LINT.
Enable both schedulers for GENERIC on amd64.

Reviewed by: olce
Tested by: pho
Sponsored by: The

sys: enable both SCHED_ULE and SCHED_4BSD for some configs

Globally enable both schedulers for LINT.
Enable both schedulers for GENERIC on amd64.

Reviewed by: olce
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54831

show more ...

aq: remove from NOTES; it's unfortunately amd64 only

Unfortunately the aq driver is using readl/writel calls instead
of bus space routines.

This broke, well, everything else.
Fixes: c75eff16ef54aa

aq: remove from NOTES; it's unfortunately amd64 only

Unfortunately the aq driver is using readl/writel calls instead
of bus space routines.

This broke, well, everything else.
Fixes: c75eff16ef54aaae7b5dc52ed894cc73a855f469

show more ...

aq: Add to amd64 GENERIC and to sys/conf/NOTES

Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D54633

Remove the DEBUG_VFS_LOCKS kernel option

After commit 3bd8fab2415b ("vfs: Move DEBUG_VFS_LOCKS checks to
INVARIANTS"), this option has no effect. Let's finish the removal.

There are a couple of ad

Remove the DEBUG_VFS_LOCKS kernel option

After commit 3bd8fab2415b ("vfs: Move DEBUG_VFS_LOCKS checks to
INVARIANTS"), this option has no effect. Let's finish the removal.

There are a couple of additional uses in zfs, I will submit a separate
patch upstream for them.

Reviewed by: mckusick, kib
Differential Revision: https://reviews.freebsd.org/D54662

show more ...

rge: Add to amd64 GENERIC and to sys/conf/NOTES

Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D54609

ipfilter: Disable ipfs(8) by default

At the moment ipfs(8) is a tool that can be easily abused. Though the
concept is sound the implementation needs some work.

ipfs(8) should be considered experime

ipfilter: Disable ipfs(8) by default

At the moment ipfs(8) is a tool that can be easily abused. Though the
concept is sound the implementation needs some work.

ipfs(8) should be considered experimental at the moment.

This commit also makes ipfs support in the kernel optional.

Reviewed by: emaste, glebius
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53787

show more ...

NOTES: fix typos and unify terminology in comments

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src

NOTES: fix typos and unify terminology in comments

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901

show more ...

NOTES: Fix a typo in a comments

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1899

random: allow disabling of entropy harvesting from keyboard & mice

Reviewed by: jmg
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D53390

random: TPM_HARVEST should have been named RANDOM_ENABLE_TPM

* Enable RANDOM_ENABLE_TPM by default

* The commit of TPM_HARVEST failed to add it to NOTES
so that the LINT kernel would build the co

random: TPM_HARVEST should have been named RANDOM_ENABLE_TPM

* Enable RANDOM_ENABLE_TPM by default

* The commit of TPM_HARVEST failed to add it to NOTES
so that the LINT kernel would build the code.

Fixes: 4ee7d3b0118c82e651712bb65da53d08e78cd7b1
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D53460

show more ...

random: remove hifn(4)

The Hifn 7955 & 7956 only supports deprecated & NIST disallowed
algorithms (NIST SP800-224idp): SHA1 and SHA1-HMAC.

Furthermore the entropy RNG of the Hifn 7751, 7951, 7811,

random: remove hifn(4)

The Hifn 7955 & 7956 only supports deprecated & NIST disallowed
algorithms (NIST SP800-224idp): SHA1 and SHA1-HMAC.

Furthermore the entropy RNG of the Hifn 7751, 7951, 7811, 7955,
and 7956 has no NIST Entropy Source Validation (ESV) certificate
and cannot be used in a FIPS-140-3 nor Common Criteara environment.

Furthermore the most prolific instance for FreeBSD was the
Soekris Engineering vpn1201, vpn1211, vpn1401, and vpn1411
offerings. These are all 32-bit only processors. The i386
kernel was de-supported in 15.0.

Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D53182

show more ...

Add FENESTRASX to LINT to avoid breakage

tcp: improve testing of HPTS

Improve the HPTS API to allow testing and add several tests.

Reviewed by: tuexen
Sponsored by: Netflix, Inc.

u2f(4): Invert U2F_MAKE_UHID_ALIAS kernel build option

This makes non-GENERIC kernel configs easier to maintain.

Requested by: glebius
MFC after: 2 days

NOTES: Fix whitespace in "options MAC_DO"

For "options", we put a space before a TAB so that commenting out an
option doesn't move the columns.

No functional change.

Fixes: c8d8cac2a847 (

NOTES: Fix whitespace in "options MAC_DO"

For "options", we put a space before a TAB so that commenting out an
option doesn't move the columns.

No functional change.

Fixes: c8d8cac2a847 ("mac_do(4): allow compiling into kernel")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation

show more ...

sys: NOTES: Fix comment for wlan_* devices; GENERIC*: Re-order 'wlan_tkip'

Fix the comment introducing the 'wlan_*' devices (AES-CCMP is missing)
after introducing AES-GCMP.

While here, re-order th

sys: NOTES: Fix comment for wlan_* devices; GENERIC*: Re-order 'wlan_tkip'

Fix the comment introducing the 'wlan_*' devices (AES-CCMP is missing)
after introducing AES-GCMP.

While here, re-order the devices in order of appearance of the related
technologies.

No functional change (intended).

Reviewed by: adrian, emaste
Fixes: 7bf82ea4fdda ("sys: add wlan_gcmp to GENERIC kernels as appropriate")
MFC after: 3 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52444

show more ...

NOTES: improve HIDRAW_MAKE_UHID_ALIAS description

Reviewed by: aokblast
Differential Revision: https://reviews.freebsd.org/D51611

u2f(4): a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4) and
hidraw(4) drivers, this driver adds some additional features an does
steps to ti

u2f(4): a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4) and
hidraw(4) drivers, this driver adds some additional features an does
steps to tighten the security of FIDO/U2F access.

- It automatically loads through devd.
- Automatically enables HQ_NO_READAHEAD for FIDO/U2F devices.
- Implements only miminum set of features.
- Do not requires external devfs configuration to set character device
permissions.
- Names character device as u2f/# to make possible capsicum or any
other pledge()-style sandboxing.

PR: 265528
Differential Revision: https://reviews.freebsd.org/D51612

show more ...

qat: add disable safe dc mode for QAT SPR devices

Build and sysctl configuration modes are introduced for QAT SPR
devices to disable safe dc mode. A new QAT driver build option
‘QAT_DISABLE_SAFE_DC_

qat: add disable safe dc mode for QAT SPR devices

Build and sysctl configuration modes are introduced for QAT SPR
devices to disable safe dc mode. A new QAT driver build option
‘QAT_DISABLE_SAFE_DC_MODE’ is required to build the QAT driver
with code that allows a request to be sent to FW to override the
‘History Buffer’ mitigation. Default QAT driver builds do not
include this ‘QAT_DISABLE_SAFE_DC_MODE’ build option. Even if the
QAT driver was built with code that allows a request to be sent to
FW to override the ‘History Buffer’ mitigation, the QAT driver must
still be configured using sysctl to request an override of the
‘History Buffer’ mitigation if desired. The default QAT driver
configuration option sysctl dev.qat.X.disable_safe_dc_mode does not
allow override of the mitigation. The new sysctl attribute
disable_safe_dc_mode is to be set to 1 for overriding the history
buffer mitigation. Firmware for qat_4xxx is updated for this change.
If this mode is enabled, decompression throughput increases but may
result in a data leak if num_user_processes is more than 1.
This option is to be enabled only if your system is not prone to
user data leaks.

Reviewed by: markj, ziaee
MFC after: 2 weeks
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D50379

show more ...

mac_do(4): allow compiling into kernel

The manual page says this is possible, but it's not. Make it possible.

Reviewed by: olce, kevans
Approved by: kevans (mentor)
Differential Revision: https://

mac_do(4): allow compiling into kernel

The manual page says this is possible, but it's not. Make it possible.

Reviewed by: olce, kevans
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50451

show more ...

mbuf: Allow clusters to fill an entire jumbo page.

The assumption that MCLBYTES == MJUMPAGESIZE can only happen if pages
are small is incorrect: it can also happen if MCLSHIFT is adjusted to
increas

mbuf: Allow clusters to fill an entire jumbo page.

The assumption that MCLBYTES == MJUMPAGESIZE can only happen if pages
are small is incorrect: it can also happen if MCLSHIFT is adjusted to
increase the size of clusters. Restore the ability to have clusters
fill a jumbo page, while still disallowing them from exceeding them.

MFC after: 1 week
Fixes: 840327e5ddf3, 9c3ad5ba932b
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: siderop1_netapp.com, kevans, brooks
Differential Revision: https://reviews.freebsd.org/D50242

show more ...

mpi3mr: Broadcom's MPT-Fusion version 4 is amd64 and aarch64 only

Broadcom's MPT-Fusion version 4 driver only works on 64-bit systems, and
has only been tested in amd64 and aarch64, so move it's bui

mpi3mr: Broadcom's MPT-Fusion version 4 is amd64 and aarch64 only

Broadcom's MPT-Fusion version 4 driver only works on 64-bit systems, and
has only been tested in amd64 and aarch64, so move it's building to just
those. I didn't notice this in the review and neglected to test those
cases (since I knew it didn't work there, so was a blind spot).

Pointy-hat: imp
Fixes: 9cdd40759617
Sponsored-by: Netflix

Sponsored by: Netflix

show more ...

mpi3mr: Allow driver to be in-kenrel and add to GENERIC

Registered the mpi3mr driver source files in sys/conf/files, enabling it
to be compiled into the base kernel image. This matches the approach

mpi3mr: Allow driver to be in-kenrel and add to GENERIC

Registered the mpi3mr driver source files in sys/conf/files, enabling it
to be compiled into the base kernel image. This matches the approach
used for existing Broadcom drivers such as mrsas, mps, and mpr.

Add mpi3mr to sys/conf/NOTES.

With this change, the mpi3mr driver will be built as part of the base
kernel, allowing automatic loading during boot when supported hardware
is detected.

Below changes are suggested by chs@:
- Corrected the file name typo mistake in /sys/conf/files from
mpi3mr_app.c.c to mpi3mr_app.c
- Added mpi3mr driver entries in "sys/amd64/conf/GENERIC" and
"sys/i386/conf/GENERIC"

Reviewed by: ssaxena, chs, imp
Differential Revision: https://reviews.freebsd.org/D49754

show more ...

tcp: remove support for TCPPCAP

This feature could be used to store the last sent and received TCP
packets for a TCP endpoint. There was no utility to get these packets
from a live system or core.
T

tcp: remove support for TCPPCAP

This feature could be used to store the last sent and received TCP
packets for a TCP endpoint. There was no utility to get these packets
from a live system or core.
This functionality is now provided by TCP Black Box Logging, which also
stores additional events. There are tools to get these traces from a
live system or a core.
Therefore remove TCPPCAP to avoid maintaining it, when it is not
used anymore.

Reviewed by: rrs, rscheff, Peter Lei, glebiu
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D49589

show more ...

sys: add wlan_gcmp to GENERIC kernels as appropriate

Add wlan_gcmp wherever CCMP is defined in kernel configs.

Differential Revision: https://reviews.freebsd.org/D49343
Reviewed by: bz, cy