| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Approved by: so (delphij)
|
| |
| |
| |
| | |
Approved by: so (delphij)
|
| |
| |
| |
| | |
Approved by: benl (maintainer)
|
| |
| |
| |
| | |
Approved by: so (delphij), benl (silence)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Author: David Woodhouse <dwmw2@infradead.org>
Date: Tue Feb 12 14:55:32 2013 +0000
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
Approved by: benl
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
flags, to rwlock. Lock it in read mode when used from subroutines
called from buffer release code paths.
The needsbuffer is now updated using atomics, while read lock of
nblock prevents loosing the wakeups from bufspacewakeup() and
bufcountadd() in getnewbuf_bufd_help().
In several interesting loads, needsbuffer flags are never set, while
buffers are reused quickly. This causes brelse() and bqrelse() from
different threads to content on the nblock. Now they take nblock in
read mode, together with needsbuffer not needing an update, allowing
higher parallelism.
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to !MAP_STACK mapping requests. For MAP_STACK | MAP_FIXED, clear any
mappings which could previously exist in the used range.
For this, teach vm_map_find() and vm_map_fixed() to handle
MAP_STACK_GROWS_DOWN or _UP cow flags, by calling a new
vm_map_stack_locked() helper, which is factored out from
vm_map_stack().
The side effect of the change is that MAP_STACK started obeying
MAP_ALIGNMENT and MAP_32BIT flags.
Reported by: rwatson
Reviewed by: alc
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apparently for VMware Fusion (and presumably VMware Workstation/Player
since the PR states TSO is broken there too, but I cannot test), the
TCP header pseudo checksum calculated should only include the protocol
(IPPROTO_TCP) value, not also the lengths as the stack does instead.
VMware ESXi seems to ignore whatever value is in the TCP header checksum,
and it is a bit surprising there is a different behavior between the
VMware products. And it is unfortunate that on ESXi we are forced to do
this extra bit of work.
PR: kern/185849
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| | |
And it would be bad if 'm' was different from '*m0' at this
point, since we've already populated the SG list.
MFC after: 3 days
|
| |
| |
| |
| |
| | |
Add missing documentation for the 'k' option based on reading the source
code.
|
| |
| |
| |
| | |
Sponsored by: EMC / Isilon Storage Division
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
on USB HUBs by moving the code into the USB explore threads. The
deadlock happens because child devices of the USB HUB don't have the
expected reference count when called from outside the explore
thread. Only the HUB device itself, which the IOCTL interface locks,
gets the correct reference count.
MFC after: 3 days
|
| |
| |
| |
| | |
MFC after: 2 weeks
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows to mostly avoid lock usage in getnewvnode_[drop_]reserve(),
that reduces number of global vnode_free_list_mtx mutex acquisitions
from 4 to 2 per NFS request on ZFS, improving SMP scalability.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Old design with unified thread pool was good from the point of thread
utilization. But single pool-wide mutex became huge congestion point
for systems with many CPUs. To reduce the congestion create several
thread groups within a pool (one group for every 6 CPUs and 12 threads),
each group with own mutex. Each connection during its registration is
assigned to one of the groups in round-robin fashion. File affinify
code may still move requests between the groups, but otherwise groups
are self-contained.
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
|
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
using a direct hook called from kern_vfs_bio_buffer_alloc().
Mark ffs_rawread.c as requiring both ffs and directio options to be
compiled into the kernel. Add ffs_rawread.c to the list of ufs.ko
module' sources.
In addition to stopping breaking the layering violation, it also
allows to link kernel when FFS is configured as module and DIRECTIO is
enabled.
One consequence of the change is that ffs_rawread.o is always linked
into the module regardless of the DIRECTIO option. This is similar to
the option QUOTA and ufs_quota.c.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
| |
| |
| | |
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| | |
This allows to slightly simplify svc_run_internal() code: if we processed
all the requests in a queue, then we know that new one will not appear.
MFC after: 2 weeks
|
| |
| |
| |
| | |
Sponsored by: Yandex LLC
|
| |
| |
| |
| |
| |
| |
| | |
by vmm.ko. This allows the virtual machine to be restarted without having
to destroy it first.
Reviewed by: grehan
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
a partially populated reservation becomes fully populated, and decrease this
field when a fully populated reservation becomes partially populated.
Use this field to simplify the implementation of pmap_enter_object() on
amd64, arm, and i386.
On all architectures where we support superpages, the cost of creating a
superpage mapping is roughly the same as creating a base page mapping. For
example, both kinds of mappings entail the creation of a single PTE and PV
entry. With this in mind, use the page size field to make the
implementation of vm_map_pmap_enter(..., MAP_PREFAULT_PARTIAL) a little
smarter. Previously, if MAP_PREFAULT_PARTIAL was specified to
vm_map_pmap_enter(), that function would only map base pages. Now, it will
create up to 96 base page or superpage mappings.
Reviewed by: kib
Sponsored by: EMC / Isilon Storage Division
|
| |
| |
| |
| |
| | |
Reported by: trociny @
MFC after: 3 days
|
| |
| |
| |
| |
| |
| | |
DATA1 for INTERRUPT endpoints.
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Revert r265427. It appears we are halting the DWC OTG host
controller schedule if we process events only at every SOF. When doing
split transactions we rely on that events are processed quickly and
waiting too long might cause data loss.
- We are not always able to meet the timing requirements of interrupt
endpoint split transactions. Switch from INTERRUPT to CONTROL endpoint
type for interrupt endpoint events until further, hence CONTROL
endpoint events are more relaxed, reducing the chance of data
loss. See comment in code for more in-depth explanation.
- Simplify TT scheduling.
MFC after: 3 days
|
| | |
|
| | |
|
| |
| |
| |
| | |
There are several broken DTS files right now in the arm directory.
|
| |
| |
| |
| |
| | |
Reviewed by: jhb
MFC after: 1 week
|
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
created to a symlink. This restriction (which was
inherited from OpenBSD) is not required by the NFS RFCs.
Since this is allowed by the old NFS server, it is a
POLA violation to not allow it. This patch modifies the
new NFS server to allow this.
Reported by: jhb
Reviewed by: jhb
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| | |
ixgbe/ixv.c still needs a similar fix but it takes a little
more restructuring of the code.
MFC after: 3 days
|
| |
| |
| |
| | |
MFC after: 1 week
|
| |
| |
| |
| | |
MFC after: 3 days
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.
This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/. Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".
Committing this now to ride the UPDATING notice added with r267172 today.
|
| |
| |
| |
| |
| |
| |
| | |
plug a potential mbuf leak, and detect bogus drivers that
return ENOBUFS even when the packet has been queued.
MFC after: 3 days
|
| |
| |
| |
| | |
Submitted by: Dimitar Zhekov
|
| |
| |
| |
| | |
Reviewed by: neel
|
| |
| |
| |
| |
| |
| |
| | |
so it is easier to buil the same code on linux
(this generalizes the change in svn 267142)
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| |
| | |
This exists already in plain.test.mk and tap.test.mk and should have been
added to atf.test.mk too when the feature was first introduced.
(It is probably time to address the related TODOs but I will do that
separately.)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* -Sc was generating code without a return type on main.
* -Sm was generating an unusable clean target due to undefined RM.
* -Sm was generating clean target with extra preceding space.
PR: 185582
Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com>
MFC after: 1 week
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The libatf-* major version numbers in FreeBSD were one version ahead of
upstream because, when atf was first imported into FreeBSD, the upstream
numbers were not respected. This is just confusing and bound to cause
problems down the road.
Fix this by taking advantage of the fact that libatf-* are now private
and that atf is not yet built by default. However, and unfortunately, a
clean build is needed for tests to continue working once "make
delete-old-libs" has been run; hence the note in UPDATING.
|
| | |
|
| | |
|