[Git][hardenedbsd/HardenedBSD][hardened/current/master] 4 commits: rss_config: Add option to enable rss udp hashing

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch hardened/current/master at HardenedBSD / HardenedBSD


Commits:
283ef95d by bigJ at 2026-03-16T12:22:35+03:30
rss_config: Add option to enable rss udp hashing

Added optional system tunable parameter to enable
4-tuple rss udp hashing.

Signed-off-by: bigJ <bi...@solanavibestation.com>
Reviewed by: adrian, pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/2057

- - - - -
fed90174 by zxbv3 at 2026-03-16T13:24:13+03:30
crypto_request.9: Fix typo on crypto_initreq arguments

The function signature of `crypto_initreq()` was
incorrectly documented.

Signed-off-by: Zixu Wu <z...@bv3.dev>
Reviewed by: ziaee, pouria
Pull Request: https://github.com/freebsd/freebsd-src/pull/2077

- - - - -
33e0568d by Rafael Kitover at 2026-03-16T14:07:37+03:30
ure(4): Fix spurious link flaps from MII

A race condition in the MII layer causes spurious link down events.
In `statchg`, on link down, check if the PHY reports the link as
actually down using the BMSR register, if not, force the status of the
link to back up and restart TX. Do the same in a MII `linkchg` handler.
On actual link up, restart TX in case it went idle and down.

PR: 252165
Signed-off-by: Rafael Kitover <rkit...@gmail.com>
Reviewed by: pouria
Differential Revision: https://reviews.freebsd.org/D55682

- - - - -
8a7d8651 by HardenedBSD Sync Services at 2026-03-16T06:02:21-06:00
Merge branch 'freebsd/current/main' into hardened/current/master

- - - - -


3 changed files:

- share/man/man9/crypto_request.9
- sys/dev/usb/net/if_ure.c
- sys/net/rss_config.c


Changes:

=====================================
share/man/man9/crypto_request.9
=====================================
@@ -51,7 +51,7 @@
.Ft "struct cryptop *"
.Fn crypto_getreq "crypto_session_t cses" "int how"
.Ft void
-.Fn crypto_initreq "crypto_session_t cses" "int how"
+.Fn crypto_initreq "struct cryptop *crp" "crypto_session_t cses"
.Ft void
.Fn crypto_use_buf "struct cryptop *crp" "void *buf" "int len"
.Ft void


=====================================
sys/dev/usb/net/if_ure.c
=====================================
@@ -128,6 +128,7 @@ static usb_callback_t ure_bulk_write_callback;
static miibus_readreg_t ure_miibus_readreg;
static miibus_writereg_t ure_miibus_writereg;
static miibus_statchg_t ure_miibus_statchg;
+static miibus_linkchg_t ure_miibus_linkchg;

static uether_fn_t ure_attach_post;
static uether_fn_t ure_init;
@@ -184,6 +185,7 @@ static device_method_t ure_methods[] = {
DEVMETHOD(miibus_readreg, ure_miibus_readreg),
DEVMETHOD(miibus_writereg, ure_miibus_writereg),
DEVMETHOD(miibus_statchg, ure_miibus_statchg),
+ DEVMETHOD(miibus_linkchg, ure_miibus_linkchg),

DEVMETHOD_END
};
@@ -443,6 +445,8 @@ ure_miibus_statchg(device_t dev)
struct mii_data *mii;
if_t ifp;
int locked;
+ uint16_t bmsr;
+ bool new_link, old_link;

sc = device_get_softc(dev);
mii = GET_MII(sc);
@@ -455,6 +459,7 @@ ure_miibus_statchg(device_t dev)
(if_getdrvflags(ifp) & IFF_DRV_RUNNING) == 0)
goto done;

+ old_link = (sc->sc_flags & URE_FLAG_LINK) ? true : false;
sc->sc_flags &= ~URE_FLAG_LINK;
if ((mii->mii_media_status & (IFM_ACTIVE | IFM_AVALID)) ==
(IFM_ACTIVE | IFM_AVALID)) {
@@ -475,14 +480,72 @@ ure_miibus_statchg(device_t dev)
}
}

- /* Lost link, do nothing. */
- if ((sc->sc_flags & URE_FLAG_LINK) == 0)
- goto done;
+ new_link = (sc->sc_flags & URE_FLAG_LINK) ? true : false;
+ if (old_link && !new_link) {
+ /*
+ * MII layer reports link down. Verify by reading
+ * the PHY BMSR register directly. BMSR link status
+ * is latched-low, so read twice: first clears any
+ * stale latch, second gives current state.
+ */
+ (void)ure_ocp_reg_read(sc,
+ URE_OCP_BASE_MII + MII_BMSR * 2);
+ bmsr = ure_ocp_reg_read(sc,
+ URE_OCP_BASE_MII + MII_BMSR * 2);
+
+ if (bmsr & BMSR_LINK) {
+ /*
+ * PHY still has link. This is a spurious
+ * link-down from the MII polling race (see
+ * PR 252165). Restore IFM_ACTIVE so the
+ * subsequent MIIBUS_LINKCHG check in
+ * mii_phy_update sees no change.
+ */
+ device_printf(dev,
+ "spurious link down (PHY link up), overriding\n");
+ sc->sc_flags |= URE_FLAG_LINK;
+ mii->mii_media_status |= IFM_ACTIVE;
+ }
+ }
done:
if (!locked)
URE_UNLOCK(sc);
}

+static void
+ure_miibus_linkchg(device_t dev)
+{
+ struct ure_softc *sc;
+ struct mii_data *mii;
+ int locked;
+ uint16_t bmsr;
+
+ sc = device_get_softc(dev);
+ mii = GET_MII(sc);
+ locked = mtx_owned(&sc->sc_mtx);
+ if (locked == 0)
+ URE_LOCK(sc);
+
+ /*
+ * This is called by the default miibus linkchg handler
+ * before it calls if_link_state_change(). If the PHY
+ * still has link but the MII layer lost IFM_ACTIVE due
+ * to the polling race (see PR 252165), restore it so the
+ * notification goes out as LINK_STATE_UP rather than DOWN.
+ */
+ if (mii != NULL && (mii->mii_media_status & IFM_ACTIVE) == 0) {
+ (void)ure_ocp_reg_read(sc,
+ URE_OCP_BASE_MII + MII_BMSR * 2);
+ bmsr = ure_ocp_reg_read(sc,
+ URE_OCP_BASE_MII + MII_BMSR * 2);
+ if (bmsr & BMSR_LINK)
+ mii->mii_media_status |= IFM_ACTIVE;
+ }
+
+ if (locked == 0)
+ URE_UNLOCK(sc);
+}
+
/*
* Probe for a RTL8152/RTL8153/RTL8156 chip.
*/


=====================================
sys/net/rss_config.c
=====================================
@@ -150,6 +150,11 @@ int rss_debug = 0;
SYSCTL_INT(_net_inet_rss, OID_AUTO, debug, CTLFLAG_RWTUN, &rss_debug, 0,
"RSS debug level");

+static u_int rss_udp_4tuple = 0;
+SYSCTL_INT(_net_inet_rss, OID_AUTO, udp_4tuple, CTLFLAG_RDTUN,
+ &rss_udp_4tuple, 0,
+ "Enable UDP 4-tuple RSS hashing (src/dst IP + src/dst port)");
+
/*
* RSS secret key, intended to prevent attacks on load-balancing. Its
* effectiveness may be limited by algorithm choice and available entropy
@@ -488,19 +493,24 @@ rss_gethashconfig(void)
* So for now disable UDP 4-tuple hashing until all of the other
* pieces are in place.
*/
- return (
+ u_int config;
+
+ config =
RSS_HASHTYPE_RSS_IPV4
- | RSS_HASHTYPE_RSS_TCP_IPV4
- | RSS_HASHTYPE_RSS_IPV6
- | RSS_HASHTYPE_RSS_TCP_IPV6
- | RSS_HASHTYPE_RSS_IPV6_EX
- | RSS_HASHTYPE_RSS_TCP_IPV6_EX
-#if 0
- | RSS_HASHTYPE_RSS_UDP_IPV4
- | RSS_HASHTYPE_RSS_UDP_IPV6
- | RSS_HASHTYPE_RSS_UDP_IPV6_EX
-#endif
- );
+ | RSS_HASHTYPE_RSS_TCP_IPV4
+ | RSS_HASHTYPE_RSS_IPV6
+ | RSS_HASHTYPE_RSS_TCP_IPV6
+ | RSS_HASHTYPE_RSS_IPV6_EX
+ | RSS_HASHTYPE_RSS_TCP_IPV6_EX;
+
+ if (rss_udp_4tuple) {
+ config |=
+ RSS_HASHTYPE_RSS_UDP_IPV4
+ | RSS_HASHTYPE_RSS_UDP_IPV6
+ | RSS_HASHTYPE_RSS_UDP_IPV6_EX;
+ }
+
+ return (config);
}

/*



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/3ca155da1e39eab9243cd5389b01c8bc25b7143e...8a7d86510dbcbca12e0972d69fc63d2ade5bf824

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/3ca155da1e39eab9243cd5389b01c8bc25b7143e...8a7d86510dbcbca12e0972d69fc63d2ade5bf824
You're receiving this email because of your account on git.hardenedbsd.org.