key_updateaddresses() is used to update SA addresses and NAT-T
configuration in SADB_UPDATE message. This is done using cloning SA
content from old SA into new one. But addresses and NAT-T configuration
are taking from SADB_UPDATE message. Use newsa pointer to set NAT-T
properties into cloned SA.
PR: 223382
MFC after: 1 week
fine when a lot of different flows to be ciphered/deciphered are involved.
However, when a software crypto driver is used, there are
situations where we could benefit from making crypto(9) multi threaded:
- a single flow is to be ciphered: only one thread is used to cipher it,
- a single ESP flow is to be deciphered: only one thread is used to
decipher it.
The idea here is to call crypto(9) using a new mode (CRYPTO_F_ASYNC) to
dispatch the crypto jobs on multiple threads, if the underlying crypto
driver is working in synchronous mode.
Another flag is added (CRYPTO_F_ASYNC_KEEPORDER) to make crypto(9)
dispatch the crypto jobs in the order they are received (an additional
queue/thread is used), so that the packets are reinjected in the network
using the same order they were posted.
A new sysctl net.inet.ipsec.async_crypto can be used to activate
this new behavior (disabled by default).
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae, jmg, jhb
Differential Revision: https://reviews.freebsd.org/D10680
Sponsored by: Stormshield
gcc complains "cast to pointer from integer of different size". phandle_t is
*always* a uint32_t, so treat it as such, not as a pointer. Fixes 64-bit build.
This is to prevent downstream checks from assuming they can trust .OBJDIR when
MK_AUTO_OBJ is yes, such as the bsd.obj.mk checks.
Pointyhat to: bdrewery
Sponsored by: Dell EMC Isilon
This still keeps the reduced MAKEOBJDIRPREFIX (SRCTOP) redundancy
removed in the OBJDIR, but now keeps all early phase objects
in the same directory rather than split per phase.
The problem of splitting per phase is that later phases want to link in
libraries from earlier phases and base their location on ${OBJTOP}.
Pointyhat to: bdrewery
Reported by: mjoras, Mark Millard
Sponsored by: Dell EMC Isilon
This will force any existing objects to rebuild if their .meta
files reference files from WORLDTMP. This is a problem after
the UNIFIED_OBJDIR effort caused buildworld and DIRDEPS_BUILD
to share an OBJDIR. Without cleaning these files the
Makefile.depend files end up with odd tmp/legacy/... entries
since some bootstrap-tools linger from there and otherwise
don't rebuild. Removing the files causes anything having
used WORLDTMP to rebuild.
Sponsored by: Dell EMC Isilon
This can be disabled by putting WITHOUT_AUTO_OBJ=yes in /etc/src-env.conf, not
/etc/src.conf, or passing it in the environment.
The purpose of this rather than simply flipping the default of AUTO_OBJ to yes
is to avoid hassling users with auto.obj.mk failures if the wanted OBJDIR is
not writable. It will fallback to writing to the source directory like it does
today if MAKEOBJDIRPREFIX is not writable.
The act of enabling MK_AUTO_OBJ disables all 'make obj' treewalks since
previous work has made those not run if MK_AUTO_OBJ==yes in Makefile.inc1.
Relnotes: yes
Reviewed by: sjg
Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12841
emulation in fast path of data/prefetch abort common routine. Process
these bits only if related page table entries are consistent with
provided abort info. In case of inconsistency, do nothing and let
processor to signal new abort if still needed.
The mapping related to an abort may be a subject of change concurrently.
The situation is more evident on multicore machines. Mapping may be
removed on one core while being used on another one before TLB flush
happened. Memory swapping process may be an example. Or, two or more
aborts may be signaled for the same page on more cores concurrently.
While an abort on one core may cause a promotion of related mapping,
an abort on another core may be inconsistent then as related mapping
was promoted. A question is how much real the issue may be on single
core machine. However, it's better to play safe even for these machines.
This change may solve some "PT2MAP abort" panics reported rarely.
The revision of pmap_fault() was initiated thanks to stack backtrace
provided by Bob Prohaska (fbsd at www.zefox.net).
While here, INVARIANTS block was changed. The previous check had iffy
value as only one entry from many was checked from L2 page table.
Reviewed by: mmel
MFC after: 3 weeks
The generic (naive) implementation of posix_fallocate cannot provide the
standard mandated guarantee that overwrites would never fail due to the lack
of free space. The fundamental reason is the copy-on-write architecture
of ZFS. Other features like compression and deduplication can also
increase the size difference between the (pre-)allocated dummy content
and the future content.
So, until ZFS can properly implement the feature it's better to report
that it is unsupported rather than providing an ersatz implementation.
Please note that EINVAL is used to report that the underlying file system
does not support the operation (POSIX.1-2008).
illumos and ZoL seem to do the same.
MFC after: 3 weeks
Sponsored by: Panzura
and quite lightwait.
The purpose of this commit, and the previous one, is to be able to measure
overhead of pointer arguments - in case you're running a strange architecture
where pointers and integers are quite different things at the hardware level.
Obtained from: CheriBSD
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Using the same implementation as done in efi/boot1. We must handle smaller
than sector size IO etc.
Differential Revision: https://reviews.freebsd.org/D12850
Include ridx <-> rate conversion functions from rtwn(4) +
reuse already calculated value for ieee80211_radiotap(9).
Tested with Asus USB-N10, STA mode.
From ChangeLog
2017-10-28 Simon J. Gerraty <sjg@bad.crufty.net>
* VERSION: 20171028
Merge with NetBSD make, pick up
o main.c: ignore empty MAKEOBJDIR
* Makefile.config.in:
make @prefix@ @machine*@ and @default_sys_path@ defaults.
2017-10-05 Simon J. Gerraty <sjg@bad.crufty.net>
* VERSION: 20171005
* unit-tests/dotwait.mk: redirect stderr through pipe for more
consistent result on some platforms.
2017-08-13 Simon J. Gerraty <sjg@bad.crufty.net>
* machine.sh: entry for AIX
2017-08-12 Simon J. Gerraty <sjg@bad.crufty.net>
* VERSION (_MAKE_VERSION): Move the setting of _MAKE_VERSION
to a file that can be included by configure as well as make.
This allows configure to set set _MAKE_VERSION in make-bootstrap.sh
2017-08-10 Simon J. Gerraty <sjg@bad.crufty.net>
* Makefile (_MAKE_VERSION): 20170810
Merge with NetBSD make, pick up
o meta.c: if target is in subdir we only need subdir name in
meta_name.
Some events can take sound pitch as a value so can not be represented
as binary on/off events. Tracking for on/off state is left in place
as it is a part of the evdev API.
Reviewed by: gonzo
Approved by: gonzo (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D12676
- Do not report T-axis wheel events as button presses
- Reverse T-axis to match Linux
- Remove wrong comment. T-axis buttons state should be checked by level not
by edge to allow continuous wheel tilt reporting
Reviewed by: gonzo
Approved by: gonzo (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D12676
w/o EVDEV_SUPPORT as it's value has no meaning in this case.
Now presence of this sysctl can be used for discovery if evdev support
for hybrid devices is compiled into kernel or not.
Hide "kern.evdev.sysmouse_t_axis" sysctl for the same reason.
Reviewed by: gonzo
Approved by: gonzo (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D12676
Given MACHINE/MACHINE_ARCH=amd64, TARGET=arm64 and TARGET_ARCH=aarch64,
this change will build them in a location such as:
/usr/obj/usr/src/amd64.amd64/nxb/arm64.aarch64/
and
/usr/obj/usr/src/amd64.amd64/xdev/aarch64-freebsd/
Sponsored by: Dell EMC Isilon
This changes the build OBJDIR from the older style of /usr/obj/<srcdir> for
native builds, and /usr/obj/<target>.<target_arch>/<srcdir> for cross builds to
a new simpler format of /usr/obj/<srcdir>/<target>.<target_arch>. This
new format is used regardless of cross or native build. It allows
easier management of multiple source tree object directories.
The UNIFIED_OBJDIR option will be removed and its feature made permanent
for the 12.0 release.
Relnotes: yes (don't note UNIFIED_OBJDIR option since it will be removed)
Prior work: D3711 D874
Reviewed by: gjb, sjg
Discussed at: https://lists.freebsd.org/pipermail/freebsd-arch/2016-May/017805.html
Discussed with: emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12840
Try to not expose bluetooth devices to external devices unless the user
explicitly configures it, like any other radio/network device. Bluetooth
has a long history of security problems and it is probably best to keep it
disabled if not needed.
Users who do use the bluetooth device should enable "discoverable" in
bluetooth.device.conf(5) after this change.
Keep in mind that bluetooth addresses can be discovered by passive
monitoring or whole address-space scans[0], so a safety conscious user
should also disable "connectable" in bluetooth.device.conf(5).
[0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth
Reviewed by: emax, hselasky
Security: maybe
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12831
The strategy() calls are assuming 512B sectors, so we need to adjust the
offset accordingly.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D12849
