- Update xz to 5.2.1, where the most visible change is that it
fixed a compression-ratio regression in fast mode LZMA1 and
LZMA2 and used cpuset_getaffinity() for CPU cores detection.
- Make liblzma use the base system SHA256 implementation instead of
the bundled one.
- Additional annotation in config.h for FreeBSD specific tweaks.
- Refresh symbols in XZprivate_1.0 to reflect reality.
Relnotes: yes
MFC after: 1 month (TBD)
Set ARCHIVE_EXTRACT_SECURE_SYMLINKS and ARCHIVE_EXTRACT_SECURE_NODOTDOT
as in bsdtar to prevent extraction of archive entries whose pathnames
contain .. or whose target directory would be altered by a symlink.
Also disallow absolute pathnames.
We don't currently provide an option to disable this behaviour (as
bsdtar's -P does). It is unlikely to be a problem in practice for ar(1),
but the -P option is not currently used and available if we want to
consider it for this purpose.
Differential Revision: https://reviews.freebsd.org/D1524
Reported by: Alexander Cherepanov <cherepan@mccme.ru>
Approved by: delphij
Obtained from: ELF tool chain ar, Ticket #474
MFC after: 1 week
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
It is acceptable that the size can be equal to MCLBYTES. In the later
KAME's code this check has been moved under DIAGNOSTIC ifdef, because
the size of NA and NS is much smaller than MCLBYTES. So, it is safe to
replace the check with KASSERT.
PR: 199304
Discussed with: glebius
MFC after: 1 week
free a fragment, provide two inline functions that do that for us:
ipq_drop() and ipq_timeout().
o Rename ip_free_f() to ipq_free() to match the name scheme of IP reassembly.
o Remove assertion from ipq_free(), since it requires extra argument to be
passed, but locking scheme is simple enough and function is static.
Sponsored by: Nginx, Inc.
core file, much like 'netstat -anr' does it for living kernel.
Right now only AF_INET routing table is printed. AF_INET6 needs to
be done. But the most difficult part of the script (recursion!) is
complete.
Sponsored by: Nginx, Inc.
Submission and completion queue memory need to use a
separate DMA tag for mappings than payload buffers,
to ensure mappings remain contiguous even with DMAR
enabled.
Submitted by: kib
MFC after: 1 week
Sponsored by: Intel
Previously, if per-CPU MSI-X vectors could not be allocated,
nvme(4) would fall back to INTx with a single I/O queue pair.
This change will still fall back to a single I/O queue pair, but
allocate MSI-X vectors instead of reverting to INTx.
MFC after: 1 week
Sponsored by: Intel
device polling rather than having it only be controlled by the compile
time option.
Summary: Rubicon Communications (Netgate)
Reviewers: #network, hiren
Reviewed By: #network, hiren
Subscribers: hiren
Differential Revision: https://reviews.freebsd.org/D2258
earlier migration away from sloppy mode-endings (r280925,280974-280976)
due to a red-herring in diagnosing HardenedBSD boot lockup.
Thanks to: lattera (shawn.webb@hardenedbsd<dot>org)
MFC after: 3 days
X-MFC-to: stable/10
X-MFC-with: r280925,280974-280976,281176-281179
memory itself. Provide the formula to calculate the number of
required page tables. Correct the size of the struct vm_page for
non-PAE case.
Reviewed by: alc, jhb (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
NB: This deeply effected HardenedBSD which had a default value set.
Embarassingly, I allowed the `type' primitive to be passed -1/-1 for
c-addr/u stack input (the effect of which is to pull INT_MAX bytes
from character address negative one in which hilarity ensues over a
black screen in full-on bootlock). Much thanks to Shawn Webb [lattera]
for helping me diagnose.
NB: The mode-ending revisions were initially suspected (and reverted)
but proved to be a red-herring. Proper mode endings will be returning.
Thanks to: lattera (@HardenedBSD [<dot><com>])
Reported by: lattera
MFC after: 3 days
X-MFC-to: stable/10
Other architectures do not use quad precision long double and don't need
these runtime support routines.
Differential Revision: https://reviews.freebsd.org/D2252
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
and export them to userland.
- Define __HAVE_REG32 on platforms that define a reg32 structure and check
for this in <sys/procfs.h> to control when to export prstatus32, etc.
- Add prstatus32_t and prpsinfo32_t typedefs for the 32-bit structures.
libbfd looks for these types, and having them fixes 'gcore' in gdb of a
32-bit process on a 64-bit platform.
- Use the structure definitions from <sys/procfs.h> in gcore's elf32 core
dump code instead of duplicating the definitions.
Differential Revision: https://reviews.freebsd.org/D2142
Reviewed by: kib, nathanw (powerpc bits)
MFC after: 1 week
It actually doesn't - "device ctl" automatically pulls in ICL, which
would normally be a part of iscsi.ko. However, doing it that way makes
iscsi.ko unloadable, and building ctl.ko without iscsi.ko (using
MODULES_OVERRIDE) results in ctl.ko that is unloadable, due to missing
symbols that would be resolved to iscsi.ko. And since the symbols
are named "icl_whatever", it's not obvious that it's iscsi.ko that's
required.
If there is a better way - let me know.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
to dtrace(1) invocations during a build. This change includes -C in the
default flags, which has dtrace(1) run input scripts through the
preprocessor. While here, sort the definitions of CP and CPP in sys.mk.
Differential Revision: https://reviews.freebsd.org/D2204
Reviewed by: imp, rpaulo (previous revision)
Passing "-x lazyload" to dtrace -G during compilation causes dtrace(1) to
not link drti.o into the output object file, so the USDT probes are not created
during process startup. Instead, dtrace(1) will automatically discover and
create probes on the process' behalf when attaching.
Differential Revision: https://reviews.freebsd.org/D2203
Reviewed by: rpaulo
MFC after: 1 month
dmar_map_entry. Non-zero offset both increases the required mapping
size, which is handled in dmar_bus_dmamap_load_something1(), and makes
it possible that allocated range crosses boundary, which needs a check
in dmar_gas_match_one().
Reported and tested by: jimharris
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This significantly improves performance on multi-core servers where there
is any kind of IPv4 reassembly going on.
glebius@ would like to see the locking moved to be attached to the reassembly
bucket, which would make it per-bucket + per-VNET, instead of being global.
I decided to keep it global for now as it's the minimal useful change;
if people agree / wish to migrate it to be per-bucket / per-VNET then please
do feel free to do so. I won't complain.
Thanks to Norse Corp for giving me access to much larger servers
to test this at across the 4 core boxes I have at home.
Differential Revision: https://reviews.freebsd.org/D2095
Reviewed by: glebius (initial comments incorporated into this patch)
MFC after: 2 weeks
Sponsored by: Norse Corp, Inc (hardware)
loader.efi still needs work, but boot1.efi now builds.
Differential Revision: https://reviews.freebsd.org/D2244
Reviewed by: rpaulo
Sponsored by: The FreeBSD Foundation
Much of this file is common to the architectures we support, so share
an implementation by adding a little #ifdef-ery.
Differential Revision: https://reviews.freebsd.org/D2241
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
- Extend the number of available subtypes for Ethernet media by using some
of the ifmedia word's option bits to help denote subtypes. As a result, the
number of possible Ethernet subtype values increases from 31 to 511.
- Use some of those new values to define new media types.
- lacp_compose_key() recgonizes the new Ethernet media types added.
(Change made as required by a comment in if_media.h)
- New ioctl, SIOGIFXMEDIA, to handle getting the new extended media types.
SIOCGIFMEDIA is retained for backwards compatibility.
- Changes to ifconfig to allow it to handle the new extended media types.
Submitted by: mike@karels.net (original), hselasky
Reviewed by: jfvogel, gnn, hselasky
Approved by: jfvogel (mentor), gnn (mentor)
Differential Revision: http://reviews.freebsd.org/D1965
Defer the packet size check until after the firewall has had a look at it. This
means that the firewall now has the opportunity to (re-)fragment an oversized
packet.
Differential Revision: https://reviews.freebsd.org/D1815
Reviewed by: ae
Approved by: gnn (mentor)
