The HMAC construction natively permits any key size between 0 and the input
block length. Before r324017, the auth_hash 'keysize' member was the hash
output length, which was used by ipsec for key sizes. (Non-ipsec consumers
need the ability to use other keysizes, hence, r324017.)
The ipsec SADB code blindly uses the auth_hash 'keysize' member for both
minimum and maximum key size, which is wrong (from an HMAC perspective).
For now, just switch it to 'hashsize', which matches the existing
expectations.
Instead it should probably use the range [0, keysize]. But there may be
other broken code in ipsec that rejects hashes with too small a minimum
key size.
Reported by: olivier@
Reviewed by: olivier, no objection from ae
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12770
not already exist within ${CHROOTDIR}. This allows re-using a build
chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR
set to '/' in release.conf.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
The u-boot port for RPI-2 was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.
Update the release files to copy the right files from the right location.
Reviewed by: gjb
MFC after: 3 days
THe u-boot port for RPI-B was updated to use u-boot-master, this cause
an update in u-boot version to v2017.09 and changing the filename.
The various firmware files for the RPI* are now in a common ports
sysutils/rpi-firmware as they are shared on all the RPI version.
Update the release files to copy the right files from the right location.
Reviewed by: gjb
MFC after: 3 days
Creating a UFS filesystem with a newfs newer than the running kernel,
and then mounting that filesystem, can lead to interesting failures.
Add a safety belt to explicitly warn when newfs is newer than the
running kernel.
Reviewed by: gjb, jhb, mckusick
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D12765
Packaged base packages are created by running the stageworld and
stagekernel targets with -DNO_ROOT, and converting the resulting mtree
file into a set of pkg plists. If stage* is run with multiple processes
the order of entries in the mtree file may be nondeterministic, and the
resulting package tbz also had nondeterministic file ordering.
The mtree file generated by -DNO_ROOT builds consists of one line per
file, with the filename starting in the first column, so is easily
sorted. There's one exception: the first line of the mtree file is a
comment, but the # character sorts before the filenames anyhow and needs
no special treatment.
PR: 223673
Reviewed by: bapt, gjb
Sponsored by: The Linux Foundation, Core Infrastructure Initiative
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D13103
In xpt_bus_register(), remove superfluous call to free(). This was mostly
benign since free(9) checks for NULL before doing anything, and
xpt_create_path() is nice enough to NULL out the pointer on failure.
However, it could've segfaulted if malloc(9) failed during
xpt_create_path().
Submitted by: gibbs
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
hardware sizes.
32bit counters already overflow on approachable virtual memory page
counts, and soon would overflow on the physical pages counts as well.
Bump sizes to 64bit types. Bump __FreeBSD_version.
It is impossible to provide perfect backward ABI compat for this
change. If a program requests an old structure, it can be detected by
size. But if it queries the size first by passing NULL old req
pointer, there is almost nothing we can do to detect the desired ABI.
As a partial solution, check p_osrel of the quering process when
selecting the size to report.
Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com>
Differential revision: https://reviews.freebsd.org/D13018
the ARC reclaim thread running longer than needed.
Update the arc::needfree dtrace probe triggered in arc_lowmem() to also report
the value we may want to free.
Submitted by: Nikita Kozlov <nikita.kozlov at blade-group.com>
Reviewed by: avg
Approved by: avg
MFC after: 3 weeks
Sponsored by: blade
Differential Revision: https://reviews.freebsd.org/D12163
The route_host parsing code set the interface name, but only for the first
node_host in the list. If that one happened to be the inet6 address and the
rule wanted an inet address it'd get removed by remove_invalid_hosts() later
on, and we'd have no interface name.
We must set the interface name for all node_host entries in the list, not just
the first one.
PR: 223208
MFC after: 2 weeks
Background:
The coming ibcore update forces an update of mlx4ib(4) which in turn requires
an updated mlx4 core module. This also affects the mlx4en(4) module because
commonly used APIs are updated. This commit is a middle step updating the
mlx4 modules towards the new ibcore.
This change contains no major new features.
Changes in mlx4:
a) Improved error handling when mlx4 PCI devices are
detached inside VMs.
b) Major update of codebase towards Linux 4.9.
Changes in mlx4ib(4):
a) Minimal changes needed in order to compile using the
updated mlx4 core APIs.
Changes in mlx4en(4):
a) Update flow steering code in mlx4en to use new APIs for
registering MAC addresses and IP addresses.
b) Update all statistics counters to be 64-bit.
c) Minimal changes needed in order to compile using the
updated mlx4 core APIs.
Sponsored by: Mellanox Technologies
MFC after: 1 week
The setbit/clearbit pair casts the bitfield pointer
to uint8_t* which effectively treats its contents as
little-endian variable. The ffs() function accepts int as
the parameter, which is big-endian. Use uint8_t here to
avoid mismatch, as we have only 4 doorbells.
Submitted by: Wojciech Macek <wma@freebsd.org>
Reviewed by: np
Obtained from: Semihalf
Sponsored by: QCM Technologies
Differential revision: https://reviews.freebsd.org/D13084
__BSD_VISIBLE is always defined and it's value instead needs to be
tested via #if to determine if FreeBSD-specific APIs should be
exposed.
PR: 196226, 223481 (exp-run)
Submitted by: pluknet
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D12977
Humour is a funny thing. What is funny to one person is not funny to all
people. What is insightful to one person is similarly not universal. The
fortune datfiles have been around a long time and have undoubtedly amused
people but it's time to acknowledge their subjective, and in some cases
at least potentially offensive, nature and stop distributing them with the
imprimatur of the FreeBSD project.
If anyone wishes to distribute these via other mechanisms they are welcome to
check them out of history and do so.
MFC after: 2 days
clock_ts_to_ct has a KASSERT that the converted year fits into four
digits. By default (sysctl debug.allow_insane_settime is 0) the kernel
disallows a time too far in the future, using a value of 9999 366-day
years. However, clock_settime is epoch-relative and the assertion will
fail with a tv_sec corresponding to some 8030 years.
Avoid trying to be too clever, and just use a limit of 8000 365-day
years past the epoch.
Submitted by: Heqing Yan <scottieyan@gmail.com>
Reported by: Syzkaller (https://github.com/google/syzkaller)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
tests/sys/aio/aio_kqueue_test.c
Instead of using a hard-coded queue depth, use
vfs.aio.max_aio_queue_per_proc
tests/sys/aio/lio_kqueue_test.c
The old, small limit on lio_listio's operation count was lifted by
change 324941. Raise the operation count as high as possible without
exceeding the process's operation limit.
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
No longer return ENXIO when trying to send an IPv6 packet in
nicvf_sq_add_hdr_subdesc().
Restructure the code so that the upper layer protocol parts are
agnostic of the L3 protocol (and no longer specific to IPv4).
With this basic IPv6 packets go through. We are still seeing
weird behaviour which needs further diagnosis.
PR: 223669
In collaboration with: emaste
MFC after: 3 days
The driver is currently hardcoded to force promiscuous mode, so all of
the MAC filtering code is presently unused and multicast should "just
work." Report to the higher layers that multicast is supported.
PR: 223573
Reported by: bz
Sponsored by: The FreeBSD Foundation, Packet.net (hardware)
Different compilers may optimise the enum type in different ways. This ensures
coherency when range checking the value of enums in ibcore.
Sponsored by: Mellanox Technologies
MFC after: 1 week
variable. Access the variable directly instead of going through the sysctl()
interface in the kernel.
Sponsored by: Mellanox Technologies
MFC after: 1 week
link-local addresses when VIMAGE is enabled will cause a so-called NULL
pointer dereferencing issue.
Sponsored by: Mellanox Technologies
MFC after: 1 week
information for that and XPT_PATH_INQ. Provide macros to encode/decode
major/minor versions. Read the link speed and lane count to compute
the base_transfer_speed for XPT_PATH_INQ.
Sponsored by: Netflix
The interrupt map wasn't being allocated properly, preventing IRQs from being
allocated to children of the PCIe bus. Fix this by cloning the ofw_pcib_pci
code, which handles all cases -- device tree and probed.
In the future this may become a subclass of the ofw_pcib_pci driver, but as
that's not an exported class, it's cloned for now.
MFC after: 3 weeks
Summary:
ofw_parse_bootargs() was added in r306065 as an attempt to unify the
various copies of the same code. This simply migrates BERI to use it.
Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D12962
kern.poweroff_on_panic which, when enabled, instructs a system to
power off on a panic instead of a reboot.
kern.powercyle_on_panic which, when enabled, instructs a system to
power cycle, if possible, on a panic instead of a reboot.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13042