CFLAGS.clang in sys/conf/Makefile.arm, since the main kernel build does
not use <bsd.sys.mk>. So revert that particular change for now.
Pointy hat to: me
Noticed by: zbb
MFC after: 3 days
X-MFC-With: r259730
Using a .c extension for a C++ file raises the following warning, which
breaks our header file tests if the compiler is using -Werror as well:
c++: warning: treating 'c' input as 'c++' when in C++ mode, this
behavior is deprecated
Obtained from: atf (git 3104010c2849330440cc0ce108ff341913433339)
MFC after: 3 days
and invoke it for bootverbose logging, and also from a new DDB command,
"show devmap". Also tweak the format string for the bootverbose output
of physical memory chunks to get the leading zeros in the hex values.
Adding/deleting interface addresses involves access to 3 different subsystems,
int different parts of code. Each call can fail, so reporting successful
operation by rtsock in the middle of the process error-prone.
Further split routing notification API and actual rtsock calls via creating
public-available rt_addrmsg() / rt_routemsg() functions with "private"
rtsock_* backend.
MFC after: 2 weeks
These device IDs have an AR3012 bluetooth device that shows up with
bcdDevice=1 when it doesn't have the firmware loaded, and bcdDevice=2
when it's ready to speak full HCI.
Tested:
* AR5B225 PCIe - AR9485 + AR3012
if it was above 4GB. This was seen with CentOS 6.5 guests with
large RAM, since the block drivers are loaded late in the
boot sequence and end up allocating descriptor memory from
high addresses.
Reported by: Michael Dexter
MFC after: 3 days
exception more readable. In practice they prevented all logging during
a machine check exception on at least some systems. Specifically, when
an uncorrected ECC error is detected in a DIMM on a Nehalem/Westmere
class machine, all CPUs receive a machine check exception, but only
CPUs on the same package as the memory controller for the erroring DIMM
log an error. The CPUs on the other package would complete the scan of
their machine check banks and panic before the first set of CPUs could
log an error. The end result was a clearer display during the panic
(no interleaved messages), but a crashdump without any useful info about
the error that occurred.
To handle this case, make all CPUs spin in the machine check handler
once they have completed their scan of their machine check banks until
at least one machine check error is logged. I tried using a DELAY()
instead so that the CPUs would not potentially hang forever, but that
was not reliable in testing.
While here, don't clear MCIP from MSR_MCG_STATUS before invoking panic.
Only clear it if the machine check handler does not panic and returns
to the interrupted thread.
The origin of WEP comes from IEEE Std 802.11-1997 where it defines
whether the frame body of MAC frame has been encrypted using WEP
algorithm or not.
IEEE Std. 802.11-2007 changes WEP to Protected Frame, indicates
whether the frame is protected by a cryptographic encapsulation
algorithm.
Reviewed by: adrian, rpaulo
this to the cache line size is required to avoid data corruption on armv4
and armv5, and improves performance on armv6, in both cases by avoiding
partial cacheline flushes for USB IO.
this to the cache line size is required to avoid data corruption on armv4
and armv5, and improves performance on armv6, in both cases by avoiding
partial cacheline flushes for USB IO.
All these configs already exist in 10-stable. A few that don't (and
thus can't be MFC'd yet) will be committed separately.
hardware. It is possible to turn this feature off and fall back to software
emulation of the APIC by setting the tunable hw.vmm.vmx.use_apic_vid to 0.
We now start handling two new types of VM-exits:
APIC-access: This is a fault-like VM-exit and is triggered when the APIC
register access is not accelerated (e.g. apic timer CCR). In response to
this we do emulate the instruction that triggered the APIC-access exit.
APIC-write: This is a trap-like VM-exit which does not require any instruction
emulation but it does require the hypervisor to emulate the access to the
specified register (e.g. icrlo register).
Introduce 'vlapic_ops' which are function pointers to vector the various
vlapic operations into processor-dependent code. The 'Virtual Interrupt
Delivery' feature installs 'ops' for setting the IRR bits in the virtual
APIC page and to return whether any interrupts are pending for this vcpu.
Tested on an "Intel Xeon E5-2620 v2" courtesy of Allan Jude at ScaleEngine.
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
drivers and their firmware were under active development, but those days
have passed. The firmware now exists in pre-compiled form, no longer
dependent on it's sources or on aicasm. If you wish to rebuild the
firmware from source, the glue still exists under the 'make firmware'
target in sys/modules/aic7xxx.
This also fixes the problem introduced with r257777 et al with building
kernels the old fashioned way in sys/$arch/compile/$CONFIG when the
ahc/ahd drivers were included.
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Keep a copy of the 'rip' and the 'exit_reason' and use that when calling
vmx_exit_trace(). This is because both the 'rip' and 'exit_reason' can
be changed by 'vmx_exit_process()' and can lead to very misleading traces.
Remove old bits of data concat for 'ascii' field.
Remove special SIOCGIFSTATUS handling from if.c (which Coverity yells at).
Reported by: Coverity
Coverity CID: 1147174
MFC after: 2 weeks
when PMC-soft feature is not used the check will be false.
Sponsored by: EMC / Isilon storage division
Submitted by: Anton Rang <anton.rang@isilon.com>
The uboot mapping is only 128KiB (0x20000) and not 2MiB (0x200000).
Dynamically adjust kernel and rootfs mappings based on the
geom_uncompress(4) magic.
This makes the built images more reliable by accepting changes on kernel
size transparently and matches the images built with zrouter and
freebsd-wifi-build.
Tested by: gjb
Approved by: adrian (mentor)
Obtained from: Zrouter
WARNING: icl_pdu_check_data_digest: data digest check failed; got 0xf23b,
should be 0xdb7f23b
Tested by: Darcy Birkbeck
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation