| Age | Commit message (Collapse) | Author |
|---|
|
when we have a serial console by introducing the notion of a "primary"
graphics device. The primary graphics device is the one set up and
used by firmware (BIOS, UEFI).
The goal is to make sure that wsdisplay0 and drm0 reliably attach to
the primary graphics device such that X works out of the box even
if you have multiple cards or if you are using a serial console.
This also fixes the situation where inteldrm(4) or radeondrm(4) would
take over the console on UEFI systems even if the kernel was booted
with a serial console.
ok jsg@
|
|
|
|
it's not great in several dimensions, so this is a first step to
removing it. if noone has a (reasonable) teary i'll start removing
the code in a few weeks.
"kill it with fire" deraadt@
|
|
(he suggested 90 but I prefer 80). This is so we learn the downside
from user reports.
|
|
|
|
|
|
|
|
becomes the norm until release is out.
|
|
capable of detecting undefined behavior at runtime and all findings are
printed to the system console, including the offending line in the
source code.
kubsan is limited to architectures using Clang as their default compiler
and is not enabled by default.
Derived from the NetBSD implementation.
ok kettenis@ visa@
|
|
ok deraadt@
|
|
mpe doesnt need ether as a depend while im here.
|
|
ok claudio@
|
|
|
|
objects that readers can access without locking. This provides a basis
for read-copy-update operations.
Readers access SMR-protected shared objects inside SMR read-side
critical section where sleeping is not allowed. To reclaim
an SMR-protected object, the writer has to ensure mutual exclusion of
other writers, remove the object's shared reference and wait until
read-side references cannot exist any longer. As an alternative to
waiting, the writer can schedule a callback that gets invoked when
reclamation is safe.
The mechanism relies on CPU quiescent states to determine when an
SMR-protected object is ready for reclamation.
The <sys/smr.h> header additionally provides an implementation of
singly- and doubly-linked lists that can be used together with SMR.
These lists allow lockless read access with a concurrent writer.
Discussed with many
OK mpi@ sashan@
|
|
Backbone refers to 802.1ah or 802.1Q Provider Backbone Bridges
(PBB), or mac-in-mac, which is like vlans except it completely
encapsulates the inner packet rather than just add a shim to it.
This removes the need for Backbone Core Bridges (ie, switches between
bpe instances) to know all the addresses on all the networks.
|
|
ok deraadt@
|
|
|
|
|
|
locked in stone yet, but the clock starts ticking...
|
|
pseudo-device, get rid of the option. Enabling kcov now requires the following
line to be added to the kernel config:
pseudo-device kcov 1
This is how pseudo devices are enabled in general. A side-effect of this change
is that dev/kcov.c will no longer be compiled by default.
Prodded by deraadt@; ok mpi@ visa@
|
|
|
|
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
|
OK mpi@
|
|
ok mlarkin@, patrick@
|
|
the hardware provides crypto offload, zlib offload, and an rng.
this code only supports the rng at the moment.
this device is present on their amd seatlle platforms, and very
present on their epyc stuff.
ok kettenis@ jmatthew@
|
|
|
|
ok deraadt@
|
|
|
|
|
|
|
|
ok krw@ mpi@
|
|
|
|
put it back.
|
|
having mobileip in gre makes it hard to cut gre up. the current mobileip
code is also broken, so this is def and improvement. it also makes it
easy to disable and remove mobileip in the future.
ok claudio@ henning@
|
|
when syncookies are on, pf will blindly answer each and every SYN with a
syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will
reconstruct the original SYN, shove it through pf_test, where state will
be created if the ruleset permits it. Then massage the freshly created state
(we won't see the SYNACK), set up the sequence number modulator, and call
into the existing synproxy code to start the 3WHS with the backend host.
Add an - somewhat basic for now - adaptive mode where syncookies get enabled
if a certain percentage of the state table is filled up with half-open tcp
connections. This makes pf firewalls resilient against large synflood
attacks.
syncookies are off by default until we gained more experience, considered
experimental for now.
see http://bulabula.org/papers/2017/bsdcan/ for more details.
joint work with sashan@, widely discussed and with lots of input by many
|
|
cause 'make release' fail the first time around after building GENERIC
if /usr/obj/ wasn't cleaned out properly. The proper fix would be to
implement privdrop for kernel builds but this is trickier than it looks
at first sight.
discussed with deraadt
|
|
remove the #ifdef KPROF which seems to be unused since that year.
OK mpi@
|
|
Makes the linker generate a correct i386 gap.o file.
ok kettenis@, deraadt@
|
|
ok kettenis
|
|
the code has rotted, and obviously hasnt been used for ages. it is
also hard to make mpsafe. if we need something like this again it
would be better to do it from scratch.
ok tedu@ visa@
|
|
Suggested by and OK mpi, OK visa
|
|
TCP_FACK was disabled by provos@ in June 1999.
TCP_FACK is an algorithm that decides that when something is lost, all
not SACKed packets until the most forward SACK are lost. It may be a
correct estimate, if network does not reorder packets.
OK visa@ mpi@ mikeb@
|
|
OK deraadt, mpi, visa, job
|
|
FullMAC, in comparison to SoftMAC, does most WiFi handling in the
firmware that's running on the controller. This means we have to
work around the net80211 stack while still implementing all the
WiFi interfaces to userland.
This driver is still in early development. So far it can connect
to open WiFis over the USB bus. SDIO and PCIe support, for devices
like the Raspberry Pi 3 or the Macbooks, is not yet implemented.
Also mbufs on the transmit path leak and are not yet freed.
ok stsp@
|
|
|
|
ok deraadt@
|
|
|
|
From yasuoka.
I really want this fixed in a different way after release is finished.
|
|
ok deraadt@
|
|
|
