| Age | Commit message (Collapse) | Author |
|---|
|
Also bfdset() calls pool_get(9) with PR_WAITOK flag so it should be done
before we check the existence of this `bfd', otherwise it could be added
multiple times.
We have BFD disabled in the default kernel so this diff is for
consistency mostly.
ok mpi@
|
|
ok deraadt
|
|
The only indication we get is sendto(2) failing, so if our UDP packet
is silently dropped somewhere we won't notice.
This has been observed in the wild with a dhcp server at the remote
end of a VPN. The dhcp server is reachable via broadcast so we get an
initial lease. However the server is not in the same subnet as the
lease we are getting so to reach it unicast we depend on a default
route being set. When the VPN goes down we lose the default route [*]
and when dhcpleased then tries to renew the lease (unicast), sendto(2)
fails with "network unreachable".
[*] The exact mechanics on how this happens are unclear. I.e. why
didn't dhcpleased(8) see a link-state change and transitioned to
REBOOTING / INIT? Regardless, we shouldn't ignore sendto(2) errors.
Reported by stsp, OK benno
|
|
After fixing previous syzbot issues related to lock contention, the reproducer code managed to hit an issue where it can exhaust kernel memory by allocating vcpus. Since each vcpu (regardless if it's SVM or VMX-capable) requires wiring some number of pages of memory, it was possible to starve other parts of the kernel.
This change limits the total number of vcpus to 512, a conservative number given vmm(4) only supports single vcpu guests at the moment.
ok mlarkin@
|
|
|
|
|
|
|
|
|
|
as in all other palces. Check the EXFLAG_SET flag first and if not set
grab the CRYPTO_LOCK_X509 before calling x509v3_cache_extensions().
OK tb@ beck@
|
|
DISK_open(). So eliminate pointless check when printing geometry.
Replace unit_lookup() with units_size(), reducing four
conversion dances to one. Return pointer to the unit_type used in
the conversion. unit_types[] is now needed only in misc.c.
Fewer variables make for cleaner logic.
No intentional functional change.
|
|
|
|
|
|
|
|
pmap_extract() has to lock user pmap to prevent concurrent pruning
of the page table. The kernel pmap is exempt from this because it uses
a fixed page table structure.
|
|
|
|
using config(8);
the contents of this configuration file will be fed to config(8) after
kernel relinking is done, so on the next boot the new kernel will have
all the configuration changes set by the user
this comes handy if you still want to use KARL while making changes
to the GENERIC kernel
diff from Paul de Weerd with input from several developers
|
|
|
|
are ongoing.
|
|
so that configurations without a broadcast address are detected as well
ok sthen@
|
|
|
|
|
|
dl.d_secsize.
Leave unit_types[SECTORS].ut_conversion at 0, and test that to
determine if a size needs to be converted from a sectors value.
Use consistent dance to find the desired size value to print.
Logic is clearer, unit_types[] is now const, nobody but misc.c
knows about SECTORS.
No intentional functional change.
|
|
The pre-OpenSSL 1.1.0 default was to use explicit curve parameter
encoding. Most applications want to use named curve parameter encoding
and have to opt into this explicitly.
Stephen Henson changed this default in OpenSSL commit 86f300d3 6 years
ago and provided a new OPENSSL_EC_EXPLICIT_CURVE define to opt back into
the old default. According to Debian's codesearch, no application
currently does this, which indicates that we currently have a bad default.
In the future it is more likely that applications expect the new
default, so we follow OpenSSL to avoid problems.
Prompted by schwarze who noted that OPENSSL_EC_EXPLICIT_CURVE is missing.
ok beck inoguchi jsing
|
|
|
|
|
|
for as of now unknown reasons.
|
|
(researched by mlarkin). With this, and the latest BIOS which added S3,
the lenovo x1r9 and x1nano can resume.
ok kettenis mlarkin
|
|
Same approach as on Linux and NetBSD. This fixes bwfm(4) Wi-Fi on the
Raspberry Pi 3 Model B Plus.
help and ok kettenis@
|
|
from the OpenSSL 1.1.1 branch, which is still under a free license
|
|
walking the page tables and another thread calling pmap_remove() that ends
up removing a page table page.
tested by sthen@
ok deraadt@, mpi@
|
|
branch, which is still under a free license.
While here, also merge a few other improvements, mostly regarding
EC_GROUP_get_order(3) and EC_GROUP_get_cofactor(3); in particular,
some statements below RETURN VALUES were outright wrong.
This patch includes a few minor tweaks and an addition to HISTORY by me.
Feedback and OK tb@.
|
|
This will hopefully prevent the device from ever writing to the former
DMA address of a buffer which has been taken off the Tx ring.
As far as I understand, the Linux driver unmaps (parts of) Tx descriptors
that are done. We use a static DMA mapping for the entire descriptor array,
so unmapping is not an option for us.
Tested by several as part of my Tx aggregation support patch.
|
|
Clear the byte-count for the correct frame while taking frames off the ring.
This should fix some 'fatal firmware errors' seen under load, and prevent
memory corruption: The device could access an mbuf we have freed, but which
is still marked as used in the byte count table and which still has a DMA
address in its Tx descriptor. Problem observed by mlarkin with NFS while
testing my patch for Tx aggregation support.
|
|
OK tb@
|
|
Instead, in non-interactive mode, exit sftp(1), like for other serious errors.
As pointed out by dtucker@, when compiled without editline(3) support in
portable OpenSSH, the el == NULL branch is also used for interactive mode.
In that case, discard the input line and provide a fresh prompt to the user
just like in the case where editline(3) is used.
OK djm@
|
|
and BN_lebin2bn(3) from the OpenSSL 1.1.1 branch,
which is still under a free license.
While here, tweak a number of details for clarity.
OK tb@
|
|
transfer error occurs. This matches original scp/rcp behaviour.
ok dtucker@
|
|
automatically initializes itself. OK tb@
|
|
Suggested by deraadt@ during discussion at k2k21.
With additional input from mlarkin. And deraadt spotted some pointless
splnet() calls which this patch is removing.
Resume from S3 tested by me on an x250 thinkpad with a compatible
ax200 wifi card provided by mlarkin. Hibernate tested by deraadt.
Sync comments about the PCI retry timeout workaround with Linux while here.
ok mlarkin@
|
|
Remove now pointless NULL check in unit_lookup().
No intentional functional change.
|
|
everything into an iov and do some sprintf() formating later. Better
put everything into the iov upfront based on what the output methods
need. Then either the full iov is written or a line is created by
concatenating.
OK martijn@
|
|
|
|
'may as well' deraadt
|
|
|
|
changes
|
|
|
|
|
|
ok beck inoguchi jsing
|
|
becomes unnecessary, prompted by theo.
|
|
ok inoguchi jsing
|
