| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| | |
Add deprecation notices for various device drivers removed in 12.0.
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Prune empty sections.
Remove a stale comment.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| | |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure the mlx4en RX DMA ring gets stamped with software ownership
in order to prevent the flow of QP to error in the firmware once
UPDATE_QP is called.
Approved by: re (marius)
Sponsored by: Mellanox Technologies
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC r317542, r317543, r317543
317542 comment fix
317543 set rfb default port
317543 listen on localhost by default for rfb
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC 313727, 317483
In addition, replace the missing caph routines with
small helper functions (bhyverun.c) or an open-coded
replacement (uart_emul.c)
313727 Capsicumize bhyve
317483 Allow CAP_MMAP_RW on memfd for PCI passthru
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| | |
ps2 mouse fixes, found by plan9/9front.
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Retry up to 2 ms to enable bus power as at least with some Intel
SDHCI/eMMC controllers the first attempt after a D3 to D0 transition,
i. e. when the firmware has put the devices into D3 state before,
can fail.
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained
from encrypted version stored in 'enc_part' instead of the unencrypted
version stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Submitted by: hrs
Obtained from: Heimdal
Security: FreeBSD-SA-17:05.heimdal
Security: CVE-2017-11103
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| | |
Restore layout of struct vm_map_entry.
Approved by: re (delphij)
|
| | |
| |
| |
| |
| |
| | |
Fix loop termination in vm_map_find_min().
Approved by: re (delphij)
|
| | |
| |
| |
| |
| |
| | |
Simplify language.
Approved by: re (delphij)
|
| | |
| |
| |
| |
| | |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Even though gdb and kgdb may not be removed for 12.0 on some architectures,
the notice is unconditional as these tools will likely be removed at some
point in the future when adequate replacements are available (gdb in ports
or lldb in base).
Approved by: re (gjb)
Relnotes: yes
|
| | |
| |
| |
| |
| |
| |
| |
| | |
MFC r320785:
Connect ena(4) to the build.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| | |
Resolve confusion between different error code spaces.
Approved by: re (delphij)
|
| | |
| |
| |
| |
| |
| | |
Correct signatures of several pthreads stubs.
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| | |
In open_binary_fd: when using buffer size for strl* and snprintf,
always use >= instead of > to avoid truncation.
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add the ena(4) manual page.
Add Amazon.com to the sponsors.ent file.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| | |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC r320748:
Allow passing NOPKG= to make(1) to enable the pkg-stage target
from getting executed when NOPKG is defined but empty.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bump __FreeBSD_version. This is an MFS of stable/11 r320666.
MFC r320317:
Implement address space guards.
MFC r320338:
Remove stale part of the comment.
MFC r320339:
Correctly handle small MAP_STACK requests.
MFC r320344:
For now, allow mprotect(2) over the guards to succeed regardless of
the requested protection.
MFC r320430:
Treat the addr argument for mmap(2) request without MAP_FIXED flag as
a hint.
MFC r320560 (by alc):
Modify vm_map_growstack() to protect itself from the possibility of the
gap entry in the vm map being smaller than the sysctl-derived stack guard
size.
Approved by: re (delphij)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
and turn it on in EC2 AMI builds
Approved by: re (gjb)
Relnotes: FreeBSD now supports "next generation" Enhanced Networking
in the Amazon EC2 cloud
Sponsored by: Amazon.com Inc. (original work)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This update is primarily bug fixes in C++ symbol demangling, including:
- rvalue reference
- builtin type auto and decltype(auto)
- revamped support for function return types
- formatting fixes
- omit void when its the only param
- ref-qualifiers and others in function types
- type qualifiers in pointer-to-member function types
- incorrect handling regarding CV-qualifiers in function types
- ref-qualifier found in nested-name
- properly handle <name> ::= <substitute><template-args>
- make sure that nested function name is not a substitute candidate
- correctly handle expression in template args
- skip unknown substitution abbreviations
Also r320663 libelftc: bump version, tracking import in r320343
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| | |
Defer ACPI taskqueue creation to SI_SUB_KICK_SCHEDULER.
PR: 220277
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the dvd1.iso to use the quarterly set, now that the new quarterly
branch exists and packages have built.
This commit was deferred when branching releng/11.1, since the
2017Q3 branch did not exist yet.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC r320599:
Fix Vagrant image upload after recent API changes.
- Update ATLAS_UPLOAD_URL to avoid various regular expressions
from failing to match due to redirections.
- Use ATLAS_UPLOAD_URL throughout the script.
- Adjust several regular expression patterns.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| | |
Omit v_cache_count when computing the number of free pages, since its
value is always 0.
Approved by: re (gjb, kib)
|
| | |
| |
| |
| |
| |
| | |
Complete support for the IO_APPEND flag in fuse.
Approved by: re (gjb)
|
| | |
| |
| |
| |
| | |
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| | |
Add deprecation notices for all rcmd tools
Approved by: re (gjb)
Relnotes: yes
|
| | |
| |
| |
| |
| |
| | |
Do not ignore an error from vm_mmap_object().
Approved by: re (delphij)
|
| | |
| |
| |
| |
| |
| | |
(cherry picked from commit 4047fc02a0b5ab01eba376d1ffdb74e4958efcae)
(cherry picked from commit 2390e891a5d3f2d2647d0008cf57c45a5c30f32b)
(cherry picked from commit d3d66c182d1ee0a2417d4c816caee778427c279b)
|
| | |
| |
| |
| | |
The actual script will be in the pfSense repo under tools/installer
|
| | |
| |
| |
| | |
(cherry picked from commit 8ba72301d3a6a7edd139cd136289543ee02c5ca4)
|
| | |
| |
| |
| |
| |
| | |
function rename.
(cherry picked from commit 2d8da6a834cc0fd44f1f98a7a5c5b9aabc48829c)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
entries with a new ipfw table command to zero the counters.
Each table type implementation needs to be modified to add the support
to this feature and the FIB backend is the only one that was not
modified (because the backend does not have any local storage).
(cherry picked from commit 3b06c382c8a2e04b7a64291bfb6b0ca0e5dd8dca)
|
| | |
| |
| |
| |
| |
| | |
with it
(cherry picked from commit 0d3cbb5e2bf083c4bb6ffdcfb53cedd5e15e2171)
|
| | |
| |
| |
| |
| |
| | |
No functional change.
(cherry picked from commit 1e13e38a63405244521a942302c003054506cc4d)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The l2 filter implementation on ipfw works with MAC address pairs as it happens on wire (first destination and then source).
The table entries works in the same way, but the MAC address pair has to be passed in a single argument:
$ ipfw table create l2 type mac
$ ipfw table add "00:01:02:03:04:05 0a:0b:0c:0d:0e:0f"
added: 00:01:02:03:04:05 0a:0b:0c:0d:0e:0f 0
$ ipfw table add "00:01:02:03:04:05 any"
added: 00:01:02:03:04:05 any 0
$ ipfw table l2 add "any 0a:0b:0c:0d:0e:0f"
added: any 0a:0b:0c:0d:0e:0f 0
The MAC tables can also hold an optinal value used to implement additional features (skipto, fib, pipe, tag, nat, ...).
$ ipfw table l2 add "00:01:02:03:04:05 0a:0b:0c:0d:0e:ff" 1234
added: 00:01:02:03:04:05 0a:0b:0c:0d:0e:ff 1234
$ ipfw table l2 list
--- table(l2), set(0) ---
00:01:02:03:04:05 0a:0b:0c:0d:0e:0f 0
any 0a:0b:0c:0d:0e:0f 0
00:01:02:03:04:05 any 0
00:01:02:03:04:05 0a:0b:0c:0d:0e:ff 1234
Rule example:
$ ipfw add pass MAC 1:2:3:4:5:6 2:3:4:5:6:7 via igb0
00100 allow ip from any to any MAC 01:02:03:04:05:06 02:03:04:05:06:07 via igb0
$ ipfw add pass MAC table\(l2\) via igb0
00000 allow ip from any to any MAC table(l2) via igb0
$ ipfw list
00100 allow ip from any to any MAC 01:02:03:04:05:06 02:03:04:05:06:07 via igb0
00200 allow ip from any to any MAC table(l2) via igb0
00300 allow ip from any to any
65535 deny ip from any to any
(cherry picked from commit 1fc9408b335ef6e8863019212c12a4bc99ed8e75)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
installation is complete, similar to the old PFI behavior. Implements #7689
(cherry picked from commit ec316ce32d9b91fd07abc6392323f43d5365c6bd)
(cherry picked from commit e471bc56255d0ba97d8ec1a9add892d069ebff42)
(cherry picked from commit 528d34f4b75036e833a4be1ce2c23226a3a46011)
|
| | |
| |
| |
| | |
(cherry picked from commit 7570a149aed0128041c21907dd50d80f4a3d6794)
|
| | |
| |
| |
| |
| |
| | |
Importing pfSense patch tcpdump.pfsync.diff
(cherry picked from commit 3df95bffa4cbfeaae97e1497edef7a4775a868a4)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
------------------------------------------------------------------------
r320602 | ken | 2017-07-03 09:34:21 -0600 (Mon, 03 Jul 2017) | 45 lines
MFC r320421:
------------------------------------------------------------------------
r320421 | ken | 2017-06-27 13:26:02 -0600 (Tue, 27 Jun 2017) | 37 lines
Fix a panic in camperiphfree().
If a peripheral driver (e.g. da, sa, cd) is added or removed from the
peripheral driver list while an unrelated peripheral driver instance (e.g.
da0, sa5, cd2) is going away and is inside camperiphfree(), we could
dereference an invalid pointer.
When peripheral drivers are added or removed (see periphdriver_register()
and periphdriver_unregister()), the peripheral driver array is resized
and existing entries are moved.
Although we hold the topology lock while we traverse the peripheral driver
list, we retain a pointer to the location of the peripheral driver pointer
and then drop the topology lock. So we are still vulnerable to the list
getting moved around while the lock is dropped.
To solve the problem, cache a copy of the peripheral driver pointer. If
its storage location in the list changes while we have the lock dropped, it
won't have any effect.
This doesn't solve the issue that peripheral drivers ("da", "cd", as opposed
to individual instances like "da0", "cd0") are not generally part of a
reference counting scheme to guard against deregistering them while there
are instances active. The caller (generally the person unloading a module)
has to be aware of active drivers and not unload something that is in use.
sys/cam/cam_periph.c:
In camperiphfree(), cache a pointer to the peripheral driver
instance to avoid holding a pointer to an invalid memory location
in the event that the peripheral driver list changes while we have
the topology lock dropped.
PR: kern/219701
Submitted by: avg
Sponsored by: Spectra Logic
------------------------------------------------------------------------
------------------------------------------------------------------------
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
------------------------------------------------------------------------
r320600 | ken | 2017-07-03 09:10:16 -0600 (Mon, 03 Jul 2017) | 30 lines
MFC r320420:
------------------------------------------------------------------------
r320420 | ken | 2017-06-27 11:55:25 -0600 (Tue, 27 Jun 2017) | 25 lines
In scsi_zbc_in(), fill in the length in the ZBC IN CDB.
Without the allocation length set, the target will either reject
the command or complete it without transferring any data.
This fixes the REPORT ZONES command for SCSI ZBC protocol devices,
as well as ATA ZAC protocol devices that are behind a SCSI to ATA
translation layer. (LSI/Broadcom's 12Gb SAS adapters translate ZBC
commands to ZAC commands.) Those are Host Aware and Host Managed SMR
drives.
This will fix REPORT ZONE commands sent to the da(4) driver via the
GEOM bio interface and zonectl, and REPORT ZONE commands sent from
camcontrol(8).
Note that in the case of camcontrol(8), we currently only send
SCSI ZBC commands to native SCSI protocol devices, not ATA devices
behind a SAT layer.
sys/cam/scsi/scsi_da.c:
Fill in the length field in scsi_zbc_in().
Sponsored by: Spectra Logic
------------------------------------------------------------------------
------------------------------------------------------------------------
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MFC r320488:
Correct the branch naming convention in param.h.
While here, consistently use upper-case 'X' to represent the
version number.
Approved by: re (kib, marius)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Fix IPv6 extension header parsing. The length field doesn't include
the first 8 octets.
Obtained from: Yandex LLC
Approved by: re (marius)
|
| | |
| |
| |
| |
| |
| | |
if we fail.
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With r318394 seems it breaks gpart(8) in some embedded systems such like PCEngines,
RPI1-B, Alix and APU2 boards as well as NanoBSD with the following message:
vnode_pager_generic_getpages_done: I/O read error 5
Seems the breakage was because it was missed to include acr in glabel update.
Approved by: re (delphij)
|
