| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
still widely used according to code searches on the web, so people
reading existing code will occasionally want to look them up.
While here, correct the return type of X509_CRL_get0_lastUpdate(3)
and X509_CRL_get0_nextUpdate(3), which return const pointers.
Also, add some precision regarding RETURN VALUES.
|
|
use the files referenced in the manifests to build up a list of files
to keep and remove anything that is not in the list after doing the
full computation.
OK job@ benno@
|
|
no functional change
|
|
On powerdown (halt -p), sd(4)'s suspend function tries to powerdown
a USB mass storage using a STOP command. In that case we are already
cold and splhigh(), so that the xhci is supposed to run in polling-
mode.
usb_schedsoftintr() behaves differently when running in polling-mode.
Instead of scheduling a soft interrupt, it immediately dequeues from
the event queue. But dequeueing means touching the xhci registers.
Apparently we need to acknowledge the interrupts before touching those
registers, the hardware doesn't like it otherwise and we will never get
an interrupt status for the second transfer.
ok gerhard@
|
|
ok mpi@
|
|
so that in polled-mode the USB transfers are marked synchronous. In
case that sending commands to the USB mass storage fails, the control
transfers are used to reset the device. Without the synchronous flag,
the STOP command sent by sd(4) on powerdown would wait for completion
indefinitely, possibly hanging the machine.
ok gerhard@
|
|
|
|
RFC 8446 section 9.2 imposes some requirements on the extensions sent
in the ClientHello: key_share and supported_groups must either both be
present or both be absent. If no pre_shared_key was sent, the CH must
contain both signature_algorithms and supported_groups. If either of
these conditions is violated, servers must abort the handshake with a
missing_extensions alert. Add a function that enforces this. If we are
going to enforce that clients send an SNI, we can also do this in this
function.
Fixes failing test case in tlsfuzzer's test-tls13-keyshare-omitted.py
ok beck inoguchi jsing
|
|
protocols and ciphers. So you get a TLS server speaking TLSv1.0 and
supporting cipher suites with RC4 and 3DES encryption, all of which should
be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in
ldapd. All this is also not very clearly called out in the documentation.
This commit switches the defaults to using the libtls defaults for both
protocols and ciphers. If compatibility with the insecure legacy protocols
and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in
ldapd.conf.
tested by abieber.
inoguchi agrees with the direction.
ok beck
|
|
sigh, i don't know how i forgot this.
yes jmatthew@
|
|
|
|
|
|
we have proper bootblocks.
ok visa
|
|
set/trust the scsiconf.c probing limits. Same as was done to
vioblk(4).
ok dlg@
|
|
when sparc64 attaches cpus early during boot, it really just allocates
the software state for them (ie, the devices and the cpu_info
structs) and fills them in with information from openfirmware, but
it doesnt actually spin them up in a physical sense until just
before root is mounted. in between that, we now set up pyro with
an msi event queue per cpu, and target the interrupts for those
event queues at the different cpus. if a device generates an msi
interrupt before the cpus are spun up, pyro will fire an interrupt
at those cpus, but cos they're not running yet, they don't handle
the interrupt, and the event queue never gets processed. because
the msi interrupt state is never cleared by the pyro interrupt
handler because the cpu didn't run it, any further msi interrupts
from that pci device don't cause the eq interrupt to fire again,
so it gets stuck.
one approach to dealing with this is to target all the event queues
that pyro sets up at the boot cpu, and once the other cpus are
running we go through and retarget the event queue interrupts at
the different cpus. this means the boot cpu works on the other cpus
behalf until they're running, and it avoids the eq interrupts being
ignored before the other cpus are running.
another approach is to spin the cpus up when they're attached, so
they'll be set up to process early pyro interrupts, even if they
sit at splhigh until after autoconf has run. i had a quick go at
this and it didn't go well.
the approach we went with was to avoid having the device in question
generate interrupts early.
i left the redistributing code in the tree so people might discover
it if needed, or at least see this description of what's happening.
kettenis@ seemed ok with leaving the code in jmatthew@s
pci_intr_establish_cpu commit, but removing it after. this is that
removal.
|
|
this will make testing easier for everyone.
from Jason A. Donenfeld and Matt Dunwoodie
ok deraadt@ tobhe@
|
|
There is no code anymore that puts angle brackets around swapped out
processes, machine.c r1.54 removed this in 2006.
Typo in first diff spotted by Matthew Martin,
OK jmc (who also pointed out the CVS commit)
|
|
For the sake of simplicity and to reflect that the process list is always
sorted (default is "cpu"), even if not explicitly requested; this makes it
easier to argue about the code around sort order and its selection.
OK millert
|
|
This allows expressions like '/[[/[]/' to parse which are also
allowed by gawk.
|
|
aplomb. 16 lines of 'C' can be so hard to grok at a glance.
Prompted to look more closely at those 16 lines by mpi@.
|
|
ok deraadt@
|
|
at the bottom, reported by Kaushal Modi.
|
|
kernel fonts.
OK mpi@
|
|
Tested on a Cubieboard2.
OK patrick@
|
|
OK deraadt@, patrick@
|
|
possibility. i.e. when bailing out before calling hashinit()..
COVERITY 1452907
ok mpi@
|
|
|
|
From Jason A. Donenfeld" <Jason (at) zx2c4.com>
ok patrick@
|
|
From Jason A. Donenfeld" <Jason (at) zx2c4.com>
ok patrick@
|
|
|
|
ok dlg@
|
|
it means we can do quick hacks to existing drivers to test interrupts
on multiple cpus. emphasis on quick and hacks.
ok jmatthew@, who will also ok the removal of it at the right time.
|
|
systems. MSIs on these systems are delivered to event queues, which
trigger interrupts when non-empty. The interrupt handler dequeues the
MSIs and converts them into soft interrupts, which run on the same cpu
as the event queue interrupt.
To target pci device interrupts to different cpus, we set up an event
queue per cpu in the system, or as many as we can, if there are fewer
event queues available. For now, we don't have a way to feed this
information back to intrmap, so instead we just map interrupts for cpus
that don't have an event queue to another cpu that does have one.
Tested on V215 (pyro), T5120, T4-1, S7-2 (vpci).
dlg@ got the pyro side of it working for me.
ok dlg@ kettenis@
|
|
|
|
time_second and time_uptime are used widely in the tree. This is a
problem on 32-bit platforms because time_t is 64-bit, so there is a
potential split-read whenever they are used at or below IPL_CLOCK.
Here are two replacement interfaces: gettime(9) and getuptime(9).
The "get" prefix signifies that they do not read the hardware
timecounter, i.e. they are fast and low-res. The lack of a unit
(e.g. micro, nano) signifies that they yield a plain time_t.
As an optimization on LP64 platforms we can just return time_second or
time_uptime, as a single read is atomic. On 32-bit platforms we need
to do the lockless read loop and get the values from the timecounter.
In a subsequent diff these will be substituted for time_second and
time_uptime almost everywhere in the kernel.
With input from visa@ and dlg@.
ok kettenis@
|
|
|
|
instead of 48 in the trap setup functions makes it possible to get rid
of the magic offset in proc_trampoline.
Suggested by gkoehler@
|
|
We don't want resettodr(9) to write the RTC until inittodr(9) has
actually run. Until inittodr(9) calls tc_setclock() the system UTC
clock will contain a meaningless value and there's no sense in
overwriting a good value with a value we know is nonsense.
This is not an uncommon problem if you're debugging a problem in early
boot, e.g. a panic that occurs prior to inittodr(9).
Currently we use the following logic in resettodr(9) to inhibit writes:
if (time_second == 1)
return;
... this is too magical.
A better way to accomplish the same thing is to introduce a dedicated
flag set from inittodr(9). Hence, "inittodr_done".
Suggested by visa@.
ok kettenis@
|
|
|
|
are handling "genuine" interrupts like the decrementer and hypervisor
virtualization interrupts).
|
|
|
|
cache. We might want to turn that in a per-proc cache at some point, but
this gets us to the point where we can sucessfully have init(1) do its
first system call.
|
|
|
|
|
|
|
|
|
|
|
|
ok sthen@
|
