| Age | Commit message (Collapse) | Author |
|---|
|
pmap_free_asid() and therefore pmap_destroy() mpsafe which is important since
we might end up calling that function without holding the kernel lock
as a result of releasing a reference in pmap_page_protect(9).
ok visa@
|
|
OK jmc@
|
|
Since rev 1.36, the instance variable is never read again so we can
simply drop the else clause with the assignment.
While there, also drop the useless increment, as pointed out by tom@.
OK deraadt@ (previous version), millert@, tom@
|
|
We now prefer stronger crypto over weaker crypto over none, prefer 5 GHz
band with reasonable RSSI, and use RSSI as a tie-breaker with a slight
advantage for 5GHz. Candidate APs are now ranked by a score which is
calculated based on these attributes.
There is likely room for improvements to make these heuristics
work well across many different environments, but it's a start.
ok phessler@
|
|
we are currently looking at. No need to fatal.
Found the hard way by naddy
|
|
found by Thomas Klausner <wiz at NetBSD> via a compiler warning
|
|
Unveil /etc/{resolv.conf,hosts,services} which keeps it in sync with
the kernel bypass for pledge("dns").
OK deraadt
pointed out by & OK stsp
|
|
Reported by Bryan Vyhmeister.
|
|
a scenario where MP-unsafe code gets run without the kernel lock
as a consequence of an unlocked system call.
OK mpi@, kettenis@
|
|
sys/sys/socketvar.h r1.57 (2014) moved various struct socket fields into
a new struct sosplice field, this adapts usage accordingly.
OK bluhm
|
|
When the EEPROM is not populated, set the MAC config register
MUE_MAC_CR_AUTO_SPEED. While there, encode the MAC address for the onboard
USB Ethernet for the Rasperry Pi, like smsc(4) does.
|
|
|
|
'Deep Dive: CPUID Enumeration and Architectural MSRs'
ok deraadt@
|
|
ok deraadt
|
|
When the opening square bracket ('[') is abused as the delimiter, the regular
expression contains a bracket expression, and the bracket expression contains
another opening square bracket (sick! - i mean, sic!), then do not require
escaping that innermost bracket and treat a preceding backslash as a literal
backslash character, in accordance with POSIX:
$ printf 'x[x\\x\n' | sed 's[\[[][R[g'
xRx\x
$ printf 'x[x\\x\n' | sed 's[\[\[][R[g'
xRxRx
While here, also make the implementation more readable and insert
some comments.
Joint work with martijn@ (started during g2k18) and OK martijn@.
|
|
Prompted by a remark by jsing
|
|
the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to
a one-byte buffer overrun in all callers of EVP_read_pw_string().
Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C.
Fix this by doing some basic sanity checking in EVP_read_pw_string_min().
Cap the len argument at BUFSIZ and ensure that min < len as well as
0 <= min and 1 <= len. The last two checks are important as these
numbers may end up in reallocarray().
ok bcook (on previous version), jsing, mestre
|
|
|
|
|
|
ok bcook@ beck@ tb@
|
|
|
|
|
|
add a helper function.
|
|
After we successfully connect to the unix socket created by apmd(8) all actions
occur over fds so we can drop only to pledge("stdio").
The code path in the case that the required action is GETSTATUS, and we couldn't
connect to the socket, then after open(2)/ioctl(2) the device /dev/apm directly
we can pledge("stdio") as well since from here on down we only need to
printf(3) messages.
OK deraadt@
|
|
ok dlg@ deraadt@ kettenis@
|
|
used for example in the ditroff(7) manual of the groff package
|
|
|
|
we want to skip all userland-related checks. Discussed with beck and
semarie, tested by stsp.
|
|
KERNELPATH indicates this operation is being done on behalf of the kernel,
not a process, so ignore chroot of the current process context, start at /,
and skip unveil and pledge checks. Discussed with beck and semarie
|
|
argument, rather than manually |= afterwards. Observed by semarie
|
|
(the other cause is implausible, and crashes with a nice *NULL)
|
|
Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this
is helpful for his port to linux. For example on openSUSE nginx and
Apache run as different users so a compile time default user won't cut
it.
Man page tweaks jmc@
While here, consistently log users at debug level; from Andrew.
|
|
|
|
passing the main function directly to kthread_create(9). The start_*
functions are mere stepping stones nowadays and can be pruned.
They used to contain more logic in the pre-kthread era.
While here, set `cleanerproc' and `syncerproc' during the thread
creation rather than expect the threads to set the proc pointer.
Also, rename `sched_sync' to `syncer_thread' to reduce confusion
with the scheduler-related functions.
OK kettenis@, deraadt@, mpi@
|
|
build and is still a work in progress. Tweaks and comments welcome.
|
|
Some access points have a feature called "band steering" where they
will try to push clients from 2 GHz channels to 5 GHz channels.
If a client sends probe-requests on both 2 GHz and 5GHz channels, and
then attempts to authenticate on a 2 GHz channel, such APs will deny
authentication and hope that the client will come back on a 5 GHz channel.
So if we fail to AUTH for any reason, and if there is a different
AP with the same ESSID that we haven't tried yet, try that AP next.
Keep trying until no APs are left, and only then continue scanning.
APs with support for this feature were provided by Mischa Peters.
ok phessler@ mpi@
|
|
ok kettenis@
|
|
ok kettenis@
|
|
if the current BSS has been changed by ieee80211_input().
Needed for upcoming band-steering support in net80211.
ok phessler@ mpi@
|
|
ok markus@
|
|
- Update counters atomatically
- Use IPL_MPFLOOR for pipe's pool.
- Grab the KERNEL_LOCK() before calling km_alloc(9) & km_free(9)
Inputs from kettenis@, ok visa@
|
|
|
|
|
|
|
|
array that stores the option codes. Fixes the issue where it named
an incorrect option on error.
Found by Florian Kaiser
ok krw@
|
|
closing a kqueue file descriptor.
|
|
|
|
double-free under some circumstances.
--
date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@
|
|
The trunk driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only
has options for LACP:
* Mode - Active or Passive (default Active)
* Timeout - Fast or Slow (default Slow)
* System Priority - 1(high) to 65535(low) (default 32768/0x8000)
* Port Priority - 1(high) to 65535(low) (default 32768/0x8000)
* IFQ Priority - 0 to NUM_QUEUES (default 6)
At the moment, ifconfig only has options for lacpmode and lacptimeout
plumbed as those are the immediate need.
The approach taken for the options was to make them on a "trunk" vs a
"port" as what's typically seen on various NOSes (JunOS, NXOS, etc...)
as it's uncommon for a host to have one link "Passive" and the other
"Active" in a given trunk.
Just like on a NOS, when applying lacpmode or lacptimeout, the settings
are immediately applied to all existing ports in the trunk and to all
future ports brought into the trunk.
Tested by many on a plethora of NIC drivers and switches.
Ok remi@
|
|
ok claudio@
|
