| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Use size of destination buffer, rather than a constant that may or may not
correspond to the source buffer, to restrict the length of copied strings. In
particular, pr_fname has 16+1 characters but MAXCOMLEN is 18+1.
Use strlcpy instead of strncpy to ensure the result is nul-terminated. This
seems to be what is expected of these fields.
|
| |
|
|
| |
Upgrade Firmware/Bootloader/ResetSeq/Minidump to revision 5.4.62
|
| |
|
|
|
| |
It is just a helper function combining G_PF_WITHER setting with
g_orphan_provider().
|
| |
|
|
|
| |
This is a direct commit to stable/10, inspired by some commits to later
branches.
|
| |
|
|
|
|
|
|
|
|
| |
Previously it was possible to smuggle in addional files that would
be used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
|
| |
|
|
| |
break the build.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the nfsstats structure to include the changes needed by
the patch in D1626 plus changes so that it includes counts for
NFSv4.1 (and the draft of NFSv4.2).
Also, make all the counts uint64_t and add a vers field at the
beginning, so that future revisions can easily be implemented.
There is code in place to handle the old vesion of the nfsstats
structure for backwards binary compatibility.
Subsequent commits will update nfsstat(8) to use the new fields.
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix periodic scripts when an NFS mount covers a local mount
100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
filesystems. But their logic contains an error. They also search through
remote filesystems that are mounted on top of the root of a local
filesystem. For example, if a user installs a FreeBSD system with the
default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
/usr/home over NFS, these scripts would search through /usr/home.
|
| |
|
|
| |
Be more strict when selecting between snapshot/regular mount.
|
| |
|
|
|
|
|
| |
Document thr_suspend(2) and thr_wake(2).
MFC r306506:
Reword the statement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bridge: Fix fragment handling and memory leak
Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted
packet problem and the panic (triggered easly with low RAM) as explain in PR
185633.
bridge_pfil and bridge_fragment relationship:
bridge_pfil() receive (IN direction) packets and sent it to the firewall The
firewall can be configured for reassembling fragmented packet (like pf'scrubing)
in one mbuf chain when bridge_pfil() need to send this reassembled packet to the
outgoing interface, it needs to re-fragment it by using bridge_fragment()
bridge_fragment() had to split this mbuf (using ip_fragment) first then
had to M_PREPEND each packet in the mbuf chain for adding Ethernet
header.
But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain,
then the "main" pointer of this mbuf chain should be updated and this case is
tottaly forgotten. The original bridge_fragment code (Revision 158140,
2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(),
then the original OpenBSD code can't work as-it of FreeBSD.
PR: 185633
Submitted by: Olivier Cochard-Labbé
|
| |
|
|
|
|
|
|
| |
r300879
Merge ACPICA up to 20160527.
Requested by: mav
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a new 'clear driver' command for devctl along with the accompanying
ioctl and devctl_clear_driver() library routine to reset a device to
use a wildcard devclass instead of a fixed devclass. This can be used
to undo a previous 'set driver' command. After the device's name has
been reset to permit wildcard names, it is reprobed so that it can
attach to newly-available (to it) device drivers.
Sponsored by: Chelsio Communications
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add routines to trigger a function level reset (FLR) of a PCI-express
device via the PCI-express device control register. This also includes
support routines to wait for pending transactions to complete as well
as calculating the maximum completion timeout permitted by a device.
Change the ppt(4) driver to reset pass through devices before attaching
to a VM during startup and before detaching from a VM during shutdown.
Sponsored by: Chelsio Communications
|
| |
|
|
| |
rtc: fix inverted resolution check
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
304858:
Enable I/O MMU when PCI pass through is first used.
Rather than enabling the I/O MMU when the vmm module is loaded,
defer initialization until the first attempt to pass a PCI device
through to a guest. If the I/O MMU fails to initialize or is not
present, than fail the attempt to pass a PCI device through to a
guest.
The hw.vmm.force_iommu tunable has been removed since the I/O MMU is
no longer enabled during boot. However, the I/O MMU support can be
disabled by setting the hw.vmm.iommu.enable tunable to 0 to prevent
use of the I/O MMU on any systems where it is buggy.
305485:
Leave ppt devices in the host domain when they are not attached to a VM.
This allows a pass through device to be reset to a normal device driver
on the host and reused on the host. ppt devices are now always active in
some I/O MMU domain when the I/O MMU is active, either the host domain
or the domain of a VM they are attached to.
|
| |
|
|
| |
pci_addr_t has always been 64-bits since r163805.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the loop in PCIIOCGETCONF would terminate as soon as it
found enough matches. Now it will continue iterating through the
PCI device list and only terminate if it finds another matching device
for which it has no room to store a conf structure. This means that
PCI_GETCONF_LAST_DEVICE is reliably returned when the number of
matching devices is equal to the number of slots in the matches
buffer. For example, if a program requests the conf structure for a
single PCI function with a specified domain/bus/slot/function it will
now get PCI_GETCONF_LAST_DEVICE instead of PCI_GETCONF_MORE_DEVS.
While here, simplify the loop conditional a bit more by explicitly
breaking out of the loop if copyout() fails and removing a redundant
i < pci_numdevs check.
Sponsored by: Chelsio Communications
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This tool parses the ACPI DMAR table looking for DMA remapping devices.
For each device it walks the root table and any context tables
referenced to display mapping info for PCI devices.
Note that acpidump -t already parses the info in the ACPI DMAR tables
directly. This tool examines some of the data structures the DMAR
remapping engines use to translate DMA requests.
Sponsored by: Chelsio Communications
|
| |
|
|
|
|
|
|
|
|
| |
- Add constants for the fields in the root-entry table address register,
namely the root type type (RTT) and root table address (RTA) mask.
- Add macros for the bitmask of the domain ID field in the second word
of context table entries as well as a helper macro (DMAR_CTX2_GET_DID)
to extract the domain ID from a context table entry.
Sponsored by: Chelsio Communications
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Microoptimize %p case.
2) Implememt %u for GNU compatibility.
3) Don't forget to advance buf for %w/%u.
4) Fail with incomplete week (week 0) request and no such week in the
year.
5) Fix yday formula when Sunday requested and the week started from Monday.
6) Fail with impossible yday for incomplete week (week 0) and direct %w/%u
request.
7) Shift yday/wday to the first day of the year, if incomplete week
(week 0) requested and no %w/%u used.
8) For already non-standard %z extension implement GNU compatible formats:
+hh and -hh.
9) Check for incorrect values for %z.
PR: 212983 (case 3 only)
|
| | |
|
| |
|
|
| |
Don't treat an error from g_mirror_clear_metadata() as fatal.
|
| |
|
|
|
|
|
| |
Add the ID for the Huawei ME909S LTE modem.
Submitted by: svenauhagen at github
Sponsored by: Rubicon Communications, LLC (Netgate)
|
| |
|
|
| |
Update mkimg(1) author's contact info
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync libarchive with vendor including important security fixes.
Issues fixed (FreeBSD):
PR #778: ACL error handling
Issue #745: Symlink check prefix optimization is too aggressive
Issue #746: Hard links with data can evade sandboxing restrictions
This update fixes the vulnerability #3 and vulnerability #4 as reported in
"non-cryptanalytic attacks against FreeBSD update components".
https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Fix for vulnerability #2 has already been merged in r305192.
Security: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
|
| |
|
|
|
| |
Approved by: kib (mentor)
Sponsored by: Dell Technologies
|
| |
|
|
|
|
| |
Implement BLKSSZGET ioctl for the Linuxulator.
PR: 212700
|
| |
|
|
|
|
|
|
|
|
|
| |
mlx5en: Fix duplicate mbuf free-by-code.
When mlx5e_sq_xmit() returns an error code and the mbuf pointer is set,
we should not free the mbuf, because the caller will keep the mbuf in
the drbr. Make sure the mbuf pointer is correctly set upon function
exit.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
| |
mlx5en: Remove unused pdev pointer.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
| |
mlx5en: Verify port type is ethernet before creating network device
Else the mlx5en driver might attach to infiniband ports.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
|
| |
mlx5en: Allow setting the software MTU size below 1500 bytes
The hardware MTU size can't be set to a value less than 1500 bytes due
to side-band management support. Allow setting the software MTU size
below 1500 bytes, thus creating a mismatch between hardware and
software MTU sizes.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
| |
mlx5en: Factor out common sendqueue code for use with rate limiting SQs.
Try to reuse code to setup sendqueues when possible by making some static
functions global. Further split the mlx5e_close_sq_wait() function to
separate out reusable parts.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
| |
mlx5en: Properly declare doorbell lock for 32-bit CPUs.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
| |
mlx5en: Optimise away duplicate UAR pointers.
This change also reduces the size of the mlx5e_sq structure so that the last
queue_state element will fit into the previous cacheline and then the mlx5e_sq
structure becomes one cacheline less for amd64.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
| |
mlx5en: Make the mlx5e_open_cq() and mlx5e_close_cq() functions global.
Make some functions and structures global to allow for code reuse
when creating rate limiting sendqueues.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
mlx5en: Minor completion queue control path code refactor.
Move setting of CQ moderation mode together with the other
CQ moderation parameters. Pass completion event vector as
a separate argument to mlx5e_open_cq(), because its value is
different for each call. Pass mlx5e_priv pointer instead of
mlx5e_channel pointer so that code can be used by rate
limiting sendqueues.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
| |
mlx5en: Separate the sendqueue from using the mlx5e_channel structure.
This change allows for reusing the transmit path for so called
rate limited senqueues. While at it optimise some pointer lookups
in the fast path.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
| |
Update the MLX5 core module:
- Add new firmware commands and update existing ones.
- Add more firmware related structures and update existing ones.
- Some minor fixes, like adding missing \n to some prints.
Sponsored by: Mellanox Technologies
|
| |
|
|
|
|
|
|
|
|
| |
hyperv/storvsc: Fix SRB length setting.
This fixes disk discovery issue on WS2008R2 Hyper-V, which plagued
us since 10.2-release.
Reported by: many
Sponsored by: Microsoft
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r304691: bspatch: apply style(9)
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
r304807 (allanjude): Capsicumize bspatch
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
r304821: bspatch: remove output file in the case of error
r305486: bspatch: add sanity checks on sizes to avoid integer overflow
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
r305737: bspatch: remove superfluous newlines from errx strings
r305822: bspatch: use #define for header size instead of magic number
r306026: bspatch: Remove backwards-compatibility sys/capability.h support
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
|
| |
|
|
|
|
|
|
|
| |
- Introduce a separate usage() function.
- Don't use argv[0]. Directly name the application, as we do elsewhere.
- Don't prepend the application name.
- Don't print two newlines.
Also apply the unnecessary semicolon cleanup from r298089
|
| |
|
|
| |
Implement multibyte encoding support for -v with fallback
|
| | |
|
| |
|
|
| |
On rename, do not perform truncation of dirhash if the vnode truncation failed.
|
| |
|
|
| |
Do not leak transient ENOLCK error from flush_newblk_dep() loop.
|
| |
|
|
|
| |
When logging unlikely UFS_TRUNCATE() failure in ufs_direnter(),
include error code.
|
