sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the IPC primitives. This is the same as
the current setup with allow.sysvipc is on. Jails and the base system
can see (and moduly) each other's objects, which is generally considered
a bad thing (though may be useful in some circumstances).
disable: all no access, same as the current setup with allow.sysvipc off.
new: A jail may see use the IPC objects that it has created. It also
gets its own IPC key namespace, so different jails may have their own
objects using the same key value. The parent jail (or base system) can
see the jail's IPC objects, but not its keys.
PR: 48471
Submitted by: based on work by kikuchan98@gmail.com
MFC after: 5 days
ChipCommon probing uses mapping table "chipc_devices". It calls bhnd_device_lookup,
which iterate over mapping table with end condition:
entry->desc != NULL
So if mapping table contains row with description equals to NULL, it will
stop processing of mapping. I.e. description is mandatory field and should
be not NULL.
This patch corrects mapping table for ChipCommon.
Submitted by: Michael Zhilin <mizhka@gmail.com>
Differential Revision: https://reviews.freebsd.org/D6088
The iwm firmware has separate commands for add, modify and delete for
various things (mac, phy context, etc.) The openbsd driver has a habit
of just completely resetting the NIC each time, which is technically
mostly okay (as long as the reset doesn't actually fail!) but it means
a lot of the code is doing ADD when it should do MODIFY.
The firmware responds in kind - it just asserts.
This fixes auth attempts that occur after the NIC has been already
configured.
(I'm sure there are more instances of this!)
Tested:
iwm0: <Intel Dual Band Wireless AC 7260> mem 0xf1400000-0xf1401fff irq 17 at device 0.0 on pci2
iwm0: revision: 0x140, firmware 25.228 (API ver. 9)
.. STA mode.
Submitted by: Masachika ISHIZUKA <ish@amail.plala.or.jp>
memory system.
RISC-V ISA has only single page table base register for both kernel
and user addresses translation. Before this commit we were using an
extra (4th) level of pagetables for switching between kernel and user
pagetables, but then realized FPGA hardware has 3-level page system
hardcoded. It is also become clear that the bitfile synthesized for
4-level system is untested/broken, so we can't use extra level for
switching.
We are now share level 1 of pagetables between kernel and user VA.
This requires to keep track of all the user pmaps created and once we
adding L1 page to kernel pmap we have to add it to all the user pmaps.
o Change the VM layout as we must have topmost bit to be 1 in the
selected page system for kernel addresses and 0 for user addresses.
o Implement pmap_kenter_device().
o Create the l3 tables for the early devmap.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
Sounds strange, but both RocketCore and lowRISC do not operate
if we set it.
All the known implementations (Spike, QEMU, RocketCore, lowRISC) uses
default machine trap vector address and operates fine with this.
Original Berkeley Boot Loader (bbl) does not set this as well.
Sponsored by: DARPA, AFRL
Sponsored by: HEIF5
There is no need to clear all the DDR memory (we only need to clear
BSS section).
I was playing with non-default version of hardware (the bitfile
synthesized for 4-level page memory system) and clearing was helpful,
but then realized support for 4-level page system is untested/broken
in both RocketCore and lowRISC.
until after the jail is found or created. This requires unlocking the
jail for the call and re-locking it afterward, but that works because
nothing in the jail has been changed yet, and other processes won't
change the important fields as long as allprison_lock remains held.
Keep better track of name vs namelc in kern_jail_set. Name should
always be the hierarchical name (relative to the caller), and namelc
the last component.
PR: 48471
MFC after: 5 days
removed from the user perspective, i.e. when the last pr_uref goes away,
even though the jail mail still exist in the dying state. It will also
be called if either PR_METHOD_CREATE or PR_METHOD_SET fail.
PR: 48471
MFC after: 5 days
a jail that might be seen mid-removal. It hasn't been doing the right
thing since at least the ability to resurrect dying jails, and such
resurrection also makes it unnecessary.
When ORing in a register_t to a wider integer (vm_paddr_t), it gets sign
extended, so high addresses overwrite the upper word with all 0xf. Cast to the
unsigned form (u_register_t), to avoid this problem, and get correct addresses
printed.
With this, a static environment can be compiled in via config(5). This allows,
among other things, the use of a compiled-in debug console (hw.uart.dbgport) for
kgdb.
ic_nchans, from struct:ieee80211req_chaninfo, is an unsigned int.
Use an unsigned index to prevent overflowing the index.
Adopt unsigned integers in other cases where it is useful
to be aware of the unsigned quantities and there is no
risk of the values being negative.
MFC after: 1 week
fs_ncg is of type uint32, and we were indexing it with an int.
Fixed this using an unsigned type and adopt some other unsigned
indexes to remind us when we are dealing with unsigned numbers.
Reviewed by: mckusick
MFC after: 5 days
Use own protosw structures for both address families.
Check proto in encapcheck function and use -1 as proto argument in
encap_attach_func(), both address families can have IPPROTO_IPV4
and IPPROTO_IPV6 protocols.
Reported by: bz
The mfi(4) manpage doesn't explain the modules yet, but at least we direct
users to the right place.
PR: 205925
Submitted by: dvl
MFC after: 1 week
Sponsored by: Essen Hackathon 2016
RFC3173 says that the IP datagram MUST be sent in the original
non-compressed form, when the total size of a compressed payload
and the IPComp header is not smaller than the size of the original
payload. In tunnel mode for small packets IPComp will send
encapsulated IP datagrams without IPComp header.
Add ip_encap handler for IPPROTO_IPV4 and IPPROTO_IPV6 to handle
these datagrams. The handler does lookup for SA related to IPComp
protocol and given from mbuf source and destination addresses as
tunnel endpoints. It decapsulates packets only when corresponding SA
is found.
Reported by: gnn
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D6062
It was reported via email that a Linux client couldn't do a Kerberized
NFS mount when only "sec=krb5" was specified for the exports. The Linux
client attempted a mount via krb5i and the server replied NFSERR_SERVERFAULT.
Although NFSERR_WRONGSEC isn't listed as an error for SetClientID, I
think it is the correct reply, so this patch enables that.
I do not know if this fixes the mount attempt, but adding "krb5i" to the
list of allowed security flavours does allow the mount to work.
Reported by: joef@spectralogic.com
MFC after: 2 weeks
ufs/ffs/fs.h and not 10%. The newfs(8) and tunefs(8)
man pages had this change already, but fs(5) did not.
This change makes it consistent again.
Bump Dd.
PR: 204929
Submitted by: amutu@amutu.com
MFC after: 3 days
Sponsored by: Essen Linuxhotel Hackathon 2016
In matcher() we used an integer to index nsub of type size_t.
In print() we used an integer to index nstates of type sopno,
typedef'd long.
In both cases the indexes never take negative values.
Match the types to avoid any error.
MFC after: 5 days
