First edition Unix had an /etc/tabs file. It contained the escape
sequences to set tabs to every 8 stops on an old Teletype Model 37 and
compatible terminals. One would 'cat /etc/tabs' to reset them. Unix at
the time effectively mandated this because the delays in the tty driver
assumed this and tabs didn't work when they were too different from '8'.
Document this historical niggle in HISTORY after it was brought to my
attention on a Hacker News thread.
Sponsored by: Netflix
Add some new OpenSSH v8.7p1 source files to the ones being used to
build libssl to avoid missing symbols.
PR: 258384
Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
Approved by: kevans (src)
Currently hkbd counts all key states to be "Up" at the start of
interrupt callback. That results in generation of "Key Up" event for
each key that has been downed before but is not listed in current
report while is still downed.
Fix that with clearing of temporary key data storage bits only for
keys contained in processed report.
Reported by: Greg V
Obtained from: sysutils/iichid
MFC after: 2 weeks
r123442 introduced solution for clamping of PS/2 mice jitter when using
a KVM. Solution is to buffer mouse packets for 0.050ms if mouse activity
has not been seen for more than 0.5 seconds. Then flush that data to driver
if no validation errors found or drop the entire queue otherwise.
While it works well with relative devices it has issues with absolute ones
Depending on history buffering may results in delaying of the touch front
edge for 0.050ms that affects gesture processing (tap detection).
As absolute touchpads usually are built-in devices we can safely disable
bufferization and KVM jitter clamping to avoid such a delays.
MFC after: 2 weeks
- Some configurations, e.g. HP EliteBook 840 G3, come with a dummy card
in the card slot which is detected as a valid SD card. This added long
timeout at boot time. To alleviate the problem, the default timeout is
reduced to one second during the setup phase. [1]
- Some configurations crash at boot if rtsx(4) is defined in the kernel
config. At boot time, without a card inserted, the driver found that
a card is present and just after that a "spontaneous" interrupt is
generated showing that no card is present. To solve this problem,
DELAY(9) is set to one quarter of a second before checking card presence
during driver attach.
- As advised by adrian, taskqueue and DMA are set up sooner during
the driver attach. A heuristic to try to detect configuration needing
inversion was added.
PR: 255130 [1]
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30499
The patch converting fetch to getline
(ee3ca711a898cf41330c320826ea1e0e6e451f1d),
did confuse the capacity of the line buffer with the actual len of the read
line confusing fetch -v.
osd_register(9) may reallocate and expand the destructor array for a
given object type if no space is available for a new key. This happens
with the object lock held. Thus, when verifying that a given slot in
the array is occupied, we need to hold the object lock to avoid racing
with a reallocation.
Reported by: syzbot+69ce54c7d7d813315dd3@syzkaller.appspotmail.com
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Two local changes were committed upstream and are present in OpenSSH
8.7p1. Remove references from FREEBSD-upgrade now that we have updated
to that version.
Unlike the other syscalls these two symbols were missing from the
version script. I noticed this while looking into the compiler-rt
runtime libraries for CHERI.
Reviewed by: brooks
Obtained from: https://github.com/CTSRD-CHERI/cheribsd/pull/1063
MFC after: 3 days
The behavior remains the same, but lualoader now uses the more concise
verbiage that forthloader used. This is particularly important because
the previous line would exceed the right boundary of the menu and run
straight into space that would typically be allowed for the logo.
This makes it slightly easier to port logos from forthloader to
lualoader.
5fcdc19a8111 didn't fully resolve the issue. There remains a report
that an ifconfig wlan0 up by itself is insufficient. Ifconfig down
must precede it.
Reported by: Filipe da Silva Santos <contact _ shiori_com_br>
Fixes: 5fcdc19a8111
MFC after: 3 days
Although it is not specified in the RFCs, the concept that
the NFSv4 server should reply to an RPC request within a
reasonable time is accepted practice within the NFSv4 community.
Without this patch, the NFSv4.2 server attempts to reply to
a Copy operation within 1 second by limiting the copy to
vfs.nfs.maxcopyrange bytes (default 10Mbytes). This is crude at
best, given the large variation in I/O subsystem performance.
This patch uses the COPY_FILE_RANGE_TIMEO1SEC flag added by
commit c5128c48df3c to limit the reply time for a Copy
operation to approximately 1 second.
MFC after: 2 weeks
When port reuse is enabled in a one-to-one-style socket, sctp_listen()
may call sctp_swap_inpcb_for_listen() to move the PCB out of the "TCP
pool". In so doing it will drop the PCB lock, yielding an LOR since we
now hold several socket locks. Reorder sctp_listen() so that it
performs this operation before beginning the conversion to a listening
socket. Also modify sctp_swap_inpcb_for_listen() to return with PCB
write-locked, since that's what sctp_listen() expects now.
Reviewed by: tuexen
Fixes: bd4a39cc93d9 ("socket: Properly interlock when transitioning to a listening socket")
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31879
After commit bd4a39cc93d9 we now hold the global inp info lock across
the call to sctp_swap_inpcb_for_listen(), which attempts to acquire it
again. Since sctp_swap_inpcb_for_listen()'s sole caller is
sctp_listen(), we can simply change it to not try to acquire the lock.
Reported by: syzbot+a76b19ea2f8e1190c451@syzkaller.appspotmail.com
Reported by: syzbot+a1b6cef257ad145b7187@syzkaller.appspotmail.com
Reviewed by: tuexen
Fixes: bd4a39cc93d9 ("socket: Properly interlock when transitioning to a listening socket")
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31878
Same as the v4 test, but with IPv6.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31789
Test prioritisation and dummynet queues.
We need to give the pipe sufficient bandwidth for dummynet to work.
Given that we can't rely on the TCP connection failing alltogether, but
we can measure the effect of dummynet by imposing a time limit on a
larger data transfer.
If TCP is prioritised it'll get most of the pipe bandwidth and easily
manage to transfer the data in 3 seconds or less. When not prioritised
this will not succeed.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31788
Introduce a link to the ipfw command, dnctl, for dummynet configuration.
dnctl only handles dummynet configuration, and is part of the effort to
support dummynet in pf.
/sbin/ipfw continues to accept pipe, queue and sched commands, but these can
now also be issued via the new dnctl command.
Reviewed by: donner
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30465
We want to keep our root file system open to preserve bcache segment
between file accesses, thus reducing physical disk IO.
Reviewed by: imp, allanjude, kevans (previous version)
Differential Revision: https://reviews.freebsd.org/D30848
MFC after: 1 month
Because lld 13 and higher default to garbage collecting start/stop
symbols when using --gc-sections, the linker sets used in the i386 boot
loaders will disappear. This leads to the loaders not recognizing any
commands, and failure to boot.
Until we have a good set of linker scripts for the loaders, work around
it by disabling the start-stop-gc feature.
MFC after: 1 week
When running in a virtualized environment, TLB invalidations can only
be performed on process scope, as only the hypervisor is allowed to
invalidate a global scope, or else a Program Interrupt is triggered.
Since we are here, also make sure that the register process table
hypercall returns success.
Reviewed by: jhibbits
MFC after: 2 weeks
Sponsored by: Instituto de Pesquisas Eldorado (eldorado.org.br)
Differential Revision: https://reviews.freebsd.org/D31775
This disables testing the ACPI timer by default, forcing the use of
ACPI-fast rather than ACPI-safe. The broken-ACPI-timers workaround
can be re-enabled by setting the hw.acpi.timer_test_enabled=1 tunable.
This speeds up the FreeBSD boot process by 140 ms on an EC2 c5.xlarge
instance.
This change will not be MFCed.
Assuming no problems are reported, acpi_timer_test, the associated
tunable, and the ACPI-safe timecounter should be removed in FreeBSD 15.
Relnotes: The ACPI-safe timer is disabled in favour of ACPI-fast;
if timekeeping issues are observed, please test with
hw.acpi.timer_test_enabled=1 in loader.conf and report
if that fixes the problem.
When hw.acpi.timer_test_enabled is set to 0, this makes acpi_timer_test
return 1 without actually testing the ACPI timer; this results in the
ACPI-fast timecounter always being used rather than potentially using
ACPI-safe.
The ACPI timer testing was introduced in 2002 as a workaround for
errata in Pentium II and Pentium III chipsets, and is unlikely to be
needed in 2021.
While I'm here, add TSENTER/TSEXIT to make it easier to see the time
spent on the test (if it is enabled).
Reviewed by: allanjude, imp
MFC After: 1 week
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
Although it is not specified in the RFCs, the concept that
the NFSv4 server should reply to an RPC request within a
reasonable time is accepted practice within the NFSv4 community.
Without this patch, the NFSv4.2 server attempts to reply to
a Copy operation within 1second by limiting the copy to
vfs.nfs.maxcopyrange bytes (default 10Mbytes). This is crude at
best, given the large variation in I/O subsystem performance.
This patch adds a kernel only flag COPY_FILE_RANGE_TIMEO1SEC
that the NFSv4.2 can specify, which tells VOP_COPY_FILE_RANGE()
to return after approximately 1 second with a partial result and
implements this in vn_generic_copy_file_range(), used by
vop_stdcopyfilerange().
Modifying the NFSv4.2 server to set this flag will be done in
a separate patch. Also under consideration is exposing the
COPY_FILE_RANGE_TIMEO1SEC to userland for use on the FreeBSD
copy_file_range(2) syscall.
MFC after: 2 weeks
Reviewed by: khng
Differential Revision: https://reviews.freebsd.org/D31829
Current logic always selects an IFA of the same family from the
outgoing interfaces. In IPv4 over IPv6 setup there can be just
single non-127.0.0.1 ifa, attached to the loopback interface.
Create a separate rt_getifa_family() to handle entire ifa selection
for the IPv4 over IPv6.
Differential Revision: https://reviews.freebsd.org/D31868
MFC after: 1 week
This behaviour appears to date from the 4.4 BSD import. It has two
problems:
1. The update to so_state is not protected by the socket lock, so
concurrent updates to so_state may be lost.
2. Suppose two threads race to call connect(2) on a socket, and one
succeeds while the other fails. Then the failing thread may
incorrectly clear SS_ISCONNECTING, confusing the state machine.
Simply remove the update. It does not appear to be necessary:
pru_connect implementations which call soisconnecting() only do so after
all failure modes have been handled. For instance, tcp_connect() and
tcp6_connect() will never return an error after calling soisconnected().
However, we cannot correctly assert that SS_ISCONNECTED is not set after
an error from soconnect() since the socket lock is not held across the
pru_connect call, so a concurrent connect(2) may have set the flag.
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31699
... when applied to one-to-one-style sockets. sctp_listen() cannot be
used to toggle the listening state of such a socket. See RFC 6458's
description of expected listen(2) semantics for one-to-one- and
one-to-many-style sockets.
Reviewed by: tuexen
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31774
