summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-11Defuse `-F all -i interface'kn
Flushing all filter parameters does not make sense on one specific interface only as already noted. However, the main ruleset as well as all tables were still cleared on such invalid usage. Furthermore, an empty interface name was treated like no interface at all, hence source tracking entries, statistics and interface flags were cleared also. Immediately error out if `-i' is given regardless of its argument before flushing anything. OK sashan
2019-01-11When creating tables inside anchors, pfctl warned about namespacekn
collisions with global tables, but only in certain cases and with limited information sometimes leaving users clueless. Deferring the check to process_tabledefs() where tables are eventually created, both anchor and table name are known which allows for checking all existing anchors. With this, warn on all duplicates even in dry-runs (`-n') and print quoted names so they can be copied to fix configurations right away. No functional change in parsing or ruleset production. Discussed with and OK sashan
2019-01-10Zap unnused iface function parameter from pfctl_kill_src_nodes()kn
Killing source tracking entries per interface does not make sense and `-i interface' along with `-K key' is completely ignored anyway. There since import in 2006, probably just copy/pasta. OK sashan
2019-01-10Make mincore lie. The nature of shared memory means it can spy on whatTed Unangst
another process is doing. We don't want that, so instead have it always return that memory is in core. ok deraadt kettenis
2019-01-10syncTheo de Raadt
2019-01-10Hold a read lock on the map while doing the actual device I/O during inMark Kettenis
physio(9) to prevent another thread from unmapping the memory and triggering an assertion or even corruption random physical memory pages. ok deraadt@ Should fix: Reported-by: syzbot+b8e7faf688f8c9d341b1@syzkaller.appspotmail.com Reported-by: syzbot+b6a9255faa0605669432@syzkaller.appspotmail.com
2019-01-10an alloca() snuck into the tree. We don't use alloca() in our tree unlessTheo de Raadt
it is entirely unavoidable (for example libc/*/exec.c), because any erroneous size controlled by an attacker turns into a known-location object placement in a very dangerous region. So use malloc() instead.
2019-01-10unbreak vmd buildStefan Fritsch
include new virtio_pcireg.h header
2019-01-10Properly implement (as far as we can) Event()/Signal()/Wait() AML operations.Mark Kettenis
ok mpi@, tedu@, deraadt@
2019-01-10Move default numer of pools in the multi-threaded case to 8. Various testsOtto Moerbeek
by me and others indicate that it is the optimum.
2019-01-10Make the "not my pool" searching loop a tiny bit smarter, whileOtto Moerbeek
making the number of pools variable. Do not document the malloc conf settings atm, don't know yet if they will stay. Thanks to all the testers. ok deraadt@
2019-01-10regen pcidevs*.hStefan Fritsch
2019-01-10Add virtio 1.x PCI IDsStefan Fritsch
Everything above 0x1040 is 1.x only. Also tweak descriptoin of memory balloon device. There will be a memory device, too ok mlarkin@
2019-01-10Fix previousStefan Fritsch
It accidentally contained a part of a different diff.
2019-01-10Move some PCI-specific defines to a new virtio_pcireg.h fileStefan Fritsch
Also add some virtio 1.0 status and feature bits
2019-01-10Remove some more code if VIRTIO_DEBUG is 0Stefan Fritsch
2019-01-10Move some common defines to virtiovar.hStefan Fritsch
And fix some comments
2019-01-10settime: Don't cancel ongoing adjtime(2) until after full permission checkscheloha
ok jca@ visa@ guenther@ deraadt@
2019-01-10Revert nanosleep(2) loop introduced in v1.25.cheloha
Now that nanosleep(2) handles the full input range transparently there is no longer a 100 million second upper bound and we can remove this loop. ok phessler@ jca@ visa@
2019-01-10"AF_* values are *almost* always the correct choice, particularly withKenneth R Westerback
POSIX APIs". Also sprach guenther@. So switch PF_ROUTE to AF_ROUTE in socket() and setsockopt() calls. Keep PF_ROUTE in sysctl(2) uses. adding a comment for future visitors, Also replace PF_UNSPEC with 0 in socketpair(), as socketpair(2) points out this is the only sensible value. Cluebat from and ok guenther@
2019-01-10Revert back previous commit and stop including strings.hRicardo Mestre
Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
2019-01-10change order of pledge(2) promises to the canonical form.Ricardo Mestre
while here also use NULL as its second argument, instead of "", like it's done everywhere else in the tree. OK florian@
2019-01-10unbound-anchor needs to talk to the internet and write to the trustFlorian Obser
anchor file (create it if it doesn't exist). pledge & unveil accordingly OK sthen
2019-01-10report errno in debug logs and other minor cleanups.Eric Faurot
ok gilles@
2019-01-10After years of gnashing of teeth, i finally found a way to avoidIngo Schwarze
having to write empty list elements for non-compact .Bl -tag lists: 1. Add margin-bottom to the <dd>. Note that margin-top on the <dt> doesn't work because it would put a short <dt> lower than the <dd>; margin-bottom on the <dt> doesn't work because it would put vertical space before the <dd> for a long <dt>; and margin-top on the <dd> doesn't work because it would put a short <dt> higher than the <dd>. Only margin-bottom on the <dd> has none of these adverse effects. 2. Of course, margin-bottom on the <dd> fails to take care of the vertical spacing before the first list element, so implement that separately by margin-top on the <dl>. 3. For .Bl -tag -compact, reset both to zero.
2019-01-10Initializers for file-scope static variables should be compile-timeIngo Schwarze
constants, and while stderr is a compile-time constant in OpenBSD, Kelvin Sherlock <ksherlock at gmail dot com> reports that it isn't on some other systems, for example on FreeBSD or Linux. So do the initialization by calling mandoc_msg_setoutfile() from main() instead.
2019-01-10Use efifb_stolen() to prevent radeondrm from using aperture memoryJonathan Gray
overlapping the framebuffer. Prompted by ring tests failing. Diagnosed, fix suggested by and ok kettenis@
2019-01-10add efifb_stolen() to get the size of the efifb framebufferJonathan Gray
suggested by and ok kettenis@
2019-01-10Drop dead links to loria.fr and cvshome.orgJeremie Courreges-Anglas
Pointed out by Matteo Niccoli, ok bluhm@ sthen@
2019-01-09Printing hex values with right adjustment makes it easier to compareAlexander Bluhm
corresponding digits. So the change the ddb x/x output. OK sashan@ deraadt@ visa@ mpi@
1995-12-19raw import of cvs-1.6Theo de Raadt
2019-01-09Delay keyword expansion in co until after the locks have been resolved.Joris Vink
This way the expansion can happen with the correct values and files do not show up as modified.
2019-01-09When expanding $Log$ make sure a newline is added if rd_log has none.Joris Vink
This can happen on new RCS files. Fixes $Log$ keyword expansion.
2019-01-09Make sure rcs_lock_add() and rcs_lock_remove() properly update theJoris Vink
rd_lock member of the matching delta. Other keyword substitution will not properly work in cases where the RCS file did not have a lock for the revision yet or if the lock is being removed.
2019-01-09Use PF_ROUTE consistently rather than tossing inKenneth R Westerback
a couple of AF_ROUTE.
2019-01-09Use static consistently with definitions of functions that have beenVisa Hankala
declared static. OK guenther@
2019-01-09Eliminate an else branch from m_extunref().Visa Hankala
OK millert@ bluhm@
2019-01-09Make arm64 efiboot can boot from partitions other than "a".YASUOKA Masahiko
ok kettenis
2019-01-09Include strings.h for bzero in usr.bin/ncKinichiro Inoguchi
bzero is defined in strings.h. ok deraadt@
2019-01-09free(9) sizes.Martin Pieuchot
ok visa@
2019-01-09No need to call usbd_fill_deviceinfo() from a task, it doesn't generate I/O.Martin Pieuchot
ok visa@
2019-01-09Enable Spleen in wsfont and modify the font selection logic at runtimeFrederic Cambus
in rasops(9) to allow selecting larger fonts when available. Summary of the changes: - Enable spleen8x16 for all architectures, replacing bold8x16_iso1. - Enable spleen12x24 on all arches but sparc64, replacing gallant12x22. - Enable spleen16x32 and spleen32x64 on amd64, i386, and arm64 for GENERIC kernels. - Modify the font selection logic in rasops(9) so the 16x32 and 32x64 fonts are selected if at least 120 columns can be displayed. Screens with widths equal or larger than 1920px will use the 16x32 font, and screens with widths equal or larger than 3840px the 32x64 one. OK kettenis@, ratchov@, deraadt@
2019-01-09make spelling in previous consistent within the page;Jason McIntyre
2019-01-09implement an if_enqueue handler for vlan(4)David Gwynne
this allows vlan packets to bypass the ifq handling, which allows packets to be encapsulated concurrently by any context. the code falls back to ifqs if hfsc is enabled on the vlan interface, otherwise it encaps the packet immedate and enqueues it on the parent interface. hrove popovski has seen a performance bump in certain configurations from this change. ok mpi@ no objections claudio@
2019-01-09split if_enqueue up so drivers can replace ifq handling if neededDavid Gwynne
if_enqueue() still makes sure packets get handled by pf on the way out, and seen by bridge if needed. however instead of falling through to ifq mapping and output, it now calls a function pointer in the ifnet struct. that pointer defaults to the ifq handling, but drivers can override it to bypass ifq processing. the most obvious users of the function pointer will be virtual interfaces, eg, vlan(4). ifqs are good if you need to serialise access to the thing that transmits packets (like hardware rings on nics), or mitigate the number of times you do ring processing, but neither of those things are desirable on vlan interfaces. ideally vlan could transmit on any cpu without having packets serialised by it's own ifq before being pushed down to an arbitrary number of rings on the parent interface. bypassing ifqs means the driver can push the vlan tag on concurrently and push down to the parent frmo any cpu. ok mpi@ no objection from claudio@
2019-01-09Add LRV, NGD and UNIDaniel Jakots
2019-01-08Disable ret-protector and retpoline protections in the clang compilerAlexander Bluhm
to regain build performance. OK deraadt@ guenther@ kettenis@
2019-01-08Add BBA:Balmaceda, Aysen, ChileTheo de Raadt
2019-01-08With the change to httpd the workflow got much simpler.Florian Obser
2019-01-08Allow httpd(8) to start when TLS is configured but a cert is not yetFlorian Obser
available. Assuming a httpd.conf based on /etc/examples/httpd.conf, httpd(8) will only listen on port 80 and serve the acme-challenge directory for acme-client(1). The workflow to get a certificate then becomes acme-client -vAD example.com && rcctl reload httpd Without the need to edit the httpd.conf yet again. Once the cert is in place and httpd is reloaded it starts to serve on port 443. Idea, tweaks & OK deraadt, OK benno