197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Keep a copy of the 'rip' and the 'exit_reason' and use that when calling
vmx_exit_trace(). This is because both the 'rip' and 'exit_reason' can
be changed by 'vmx_exit_process()' and can lead to very misleading traces.
Remove old bits of data concat for 'ascii' field.
Remove special SIOCGIFSTATUS handling from if.c (which Coverity yells at).
Reported by: Coverity
Coverity CID: 1147174
MFC after: 2 weeks
when PMC-soft feature is not used the check will be false.
Sponsored by: EMC / Isilon storage division
Submitted by: Anton Rang <anton.rang@isilon.com>
The uboot mapping is only 128KiB (0x20000) and not 2MiB (0x200000).
Dynamically adjust kernel and rootfs mappings based on the
geom_uncompress(4) magic.
This makes the built images more reliable by accepting changes on kernel
size transparently and matches the images built with zrouter and
freebsd-wifi-build.
Tested by: gjb
Approved by: adrian (mentor)
Obtained from: Zrouter
WARNING: icl_pdu_check_data_digest: data digest check failed; got 0xf23b,
should be 0xdb7f23b
Tested by: Darcy Birkbeck
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
value. The "Intel Lynx Point" XHCI controller found in the MBP2013 has
been observed to not always set the event interrupt bit while there
are events to consume in the event ring.
MFC after: 1 week
Tested by: Huang Wen Hui <huanghwh@gmail.com>
Silencing the broken warning as done in r258139 renders the
code unreacheable. An option could've been to turn off the
warnings in gperf but given that the code is not being used
it is better to just revert the original change altogether.
This code was never MFC'd.
the vcpu should be kicked to process a pending interrupt. This will be useful
in the implementation of the Posted Interrupt APICv feature.
Change the return value of 'vlapic_pending_intr()' to indicate whether or not
an interrupt is available to be delivered to the vcpu depending on the value
of the PPR.
Add KTR tracepoints to debug guest IPI delivery.
the spoofed identify data into the user buffer rather than issuing the
command to the controller, since Chatham IDENTIFY data is always spoofed.
While here, fix a bug in the spoofed data for Chatham submission and
completion queue entry sizes.
Sponsored by: Intel
MFC after: 3 days
GB to improve granularity of the reporting - especially for namespaces
that are on the order of 1 or 2 GB.
Submitted by: Tony Beltran <anthony.beltran@emc.com>
MFC after: 3 days
'vmx_vminit()' that does customization.
This makes it easier to turn on optional features (e.g. APICv) without
having to keep adding new parameters to 'vmcs_set_defaults()'.
Reviewed by: grehan@
every arm system must have some static mappings to work correctly (although
currently they all do), so remove some panic() calls (which would never
been seen anyway, because they would happen before a console is available).
Most relevant features:
- netmap emulation on any NIC, even those without native netmap support.
On the ixgbe we have measured about 4Mpps/core/queue in this mode,
which is still a lot more than with sockets/bpf.
- seamless interconnection of VALE switch, NICs and host stack.
If you disable accelerations on your NIC (say em0)
ifconfig em0 -txcsum -txcsum
you can use the VALE switch to connect the NIC and the host stack:
vale-ctl -h valeXX:em0
allowing sharing the NIC with other netmap clients.
- THE USER API HAS SLIGHTLY CHANGED (head/cur/tail pointers
instead of pointers/count as before). This was unavoidable to support,
in the future, multiple threads operating on the same rings.
Netmap clients require very small source code changes to compile again.
On the plus side, the new API should be easier to understand
and the internals are a lot simpler.
The manual page has been updated extensively to reflect the current
features and give some examples.
This is the result of work of several people including Giuseppe Lettieri,
Vincenzo Maffione, Michio Honda and myself, and has been financially
supported by EU projects CHANGE and OPENLAB, from NetApp University
Research Fund, NEC, and of course the Universita` di Pisa.
freeing them.
The current code would walk the list and call the buffer free, which
didn't remove it from any lists before pushing it back on the free list.
Tested: AR9485, STA mode
Noticed by: dillon@apollo.dragonflybsd.org
GCC-PR rtl-optimization/34628
* combine.c (try_combine): Stop and undo after the first combination
if an autoincrement side-effect on the first insn has effectively
been lost.
The issue was detected in OpenBSD but their fix was not very good. Huge
thanks to the upstream author, Eric Botcazou, for permitting the use of
this patch under GPLv2.
MFC after: 5 days
* Do not match symlinks that are followed because of -H or -L. This is
explicitly documented in GNU find's info file and is like -type l.
* Fix matching symlinks in subdirectories when fts changes directories.
Also, avoid some readlink() calls on files that are obviously not symlinks
(because of fts(3) restrictions, not all of them).
MFC after: 1 week
related to setting up static device mappings. Since it was only used by
arm/mv/mv_pci.c, it's now just static functions within that file, plus
one public function that gets called only from arm/mv/mv_machdep.c.
The code did not take into account that readlink() does not add a
terminating '\0', and therefore did not work reliably.
As before, symlinks of length PATH_MAX or more are not handled correctly.
(These can only be created on other operating systems.)
PR: bin/185393
Submitted by: Ben Reser (original version)
MFC after: 1 week
in the dts source, and adding the right devices to the kernel config. Also
generally bring the kernel config into line with what we have for other
Marvell/Kirkwood systems (add lots of useful devices and options).
One particularly notable addition amongst the kernel config changes is
USB_HOST_ALIGN=32, which may help eliminate data corruption on USB drives.
PR: kern/181975 arm/162159
obsolete. This involves the following pieces:
- Remove it entirely on PowerPC, where it is not used by MD code either
- Remove all references to machine/fdt.h in non-architecture-specific code
(aside from uart_cpu_fdt.c, shared by ARM and MIPS, and so is somewhat
non-arch-specific).
- Fix code relying on header pollution from machine/fdt.h includes
- Legacy fdtbus.c (still used on x86 FDT systems) now passes resource
requests to its parent (nexus). This allows x86 FDT devices to allocate
both memory and IO requests and removes the last notionally MI use of
fdtbus_bs_tag.
- On those architectures that retain a machine/fdt.h, unused bits like
FDT_MAP_IRQ and FDT_INTR_MAX have been removed.
static device mappings.
This SoC relied heavily on the fact that all devices were static-mapped
at a fixed address, and it (rather bogusly) used bus_space read and write
calls passing hard-coded virtual addresses instead of proper bus handles,
relying on the fact that the virtual addresses of the mappings were known
at compile time, and relying on the implementation details of arm
bus_space never changing. All such usage was replaced with calls to
bus_space_map() to obtain a proper bus handle for the read/write calls.
This required adjusting some of the #define values that map out hardware
registers, and some of them were renamed in the process to make it clear
which were defining absolute physical addresses and which were defining
offsets. (The ones that just define offsets don't appear to be referenced
and probably serve no value other than perhaps documentation.)
Block objects [1] are a C-level syntactic and runtime feature. They
are similar to standard C functions, but in addition to executable
code they may also contain variable bindings to automatic (stack)
or managed (heap) memory. A block can therefore maintain a set of
state (data) that it can use to impact behavior when executed.
This port is based on Apple's GCC 5646 with some bugfixes from
Apple GCC 5666.3. It has some small differences with the support
in clang, which remains the recommended compiler.
Perhaps the most notable difference is that in GCC that __block
is not actually a keyword, but a macro. There will be workaround
for this issue in a near future. Other issues can be consulted in
the clang documentation [2]
For better compatiblity with Apple's GCC and llvm-gcc some related
fixes and features from Apple have been included. Support for the
non-standard nested functions in GCC is now off by default.
No effort was made to update the ObjC support since FreeBSD doesn't
carry ObjC in the base system, but some of the code crept in and
was more difficult to remove than to adjust.
Reference:
[1]
https://developer.apple.com/library/mac/documentation/Cocoa/Conceptual/Blocks/Articles/00_Introduction.html
[2]
http://clang.llvm.org/compatibility.html#block-variable-initialization
Obtained from: Apple GCC 4.2
MFC after: 3 weeks
