The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
The first fix committed last week changed the default to 1024 bits.
This commit fixes the case where the DHParameters option is set to a
file which doesn't exist, which is the case on newer versions of
FreeBSD which enable STARTTLS by default by auto-creating TLS
certificates.
MFC after: 2 days
Previously this was done by the caller of 'svm_launch()' after it returned.
This works fine as long as no code is executed in the interim that depends
on pcpu data.
The dtrace probe 'fbt:vmm:svm_launch:return' broke this assumption because
it calls 'dtrace_probe()' which in turn relies on pcpu data.
Reported by: avg
MFC after: 1 week
When enough time has passed for users to update their userland the kernel
fix will be applied. This will change the ABI to have x0 point to the args
and sp be correctly aligned.
It is expected this compatibility code can be removed when the kernel and
qemu usermode emulation have both been updated for the new ABI.
This fixes clang failures, and most likely other crashes.
Obtained from: ABT Systems Ltd
Sponsored by: The FreeBSD Foundation
I've been doing this ever since there were tables
coudl make more efficient by using "in recv" and "out xmit" instead of via
but I'll leave that.
MFC after: 1 week
due to a change in behavior of the 'vm_map_gpa()'.
Prior to r284539 if 'vm_map_gpa()' was called to map an address range in the
guest MMIO region then it would return NULL. This was used by the "movs"
emulation to detect if the 'src' or 'dst' operand was in MMIO space.
Post r284539 'vm_map_gpa()' started returning a non-NULL pointer even when
mapping the guest MMIO region.
Fix this by returning non-NULL only if [gaddr, gaddr+len) is entirely
within the 'lowmem' or 'highmem' regions and NULL otherwise.
Pointy hat to: neel
Reviewed by: grehan
Reported by: tychon, Ben Perrault (ben.perrault@gmail.com)
MFC after: 1 week
This should make all consoles available, whether it
is VGA, HDMI, serial, or JTAG, but more importantly
enables all consoles when ttyu0 is not predictable.
For example, the Pandaboard ES apparently has three
consoles available, but the DB9/RS232 serial port is
ttyu2, so not available by default after the system
boots.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Previous implementation was too fragile to initiator parameters changes.
In case of port role change it could not survive different handle assigned
to the same initiator by firmware, even though initiator was logged out.
The new implementation should be more resillient to this kind of problems,
trying to work in any situation and only warn user about suspisious events.
MFC after: 1 week
Sponsored by: iXsystems, Inc.
AMIs and Azure VM images. This is particularly helpful for
testing to avoid name collisions, but also useful for cases
where a necessary rebuild is done before the date changes.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
xbd_initialize to xbd_connect. Both of these initialization steps need
to know what the maximum possible I/O size will be, and when we gain
support for indirect segment I/Os we won't know that value until we
reach xbd_connect. Since none of this data is used before xbd_connect
completes, moving the initialization is harmless.
This commit should not result in any functional changes.
Remove the Azure-local vm_extra_create_disk(), since we no longer
need qemu-img to convert the final VHD image to an Azure-compatible
format.
Although the waagent utility is installed from ports, create the
symlink to /usr/sbin, pending investigation on where this is
hard-coded, so it can be reported upstream. In the meantime, this
is good enough.
MFC after: 3 days
X-MFC-Needs: r284269, r284270, r284271, r284655,
r284656, r284657, r284658, r284659
X-MFC-Note: Required for 10.2-RELEASE, marcel@ has
implicit approval for the required changes
Sponsored by: The FreeBSD Foundation
The image is not accepted for provisioning otherwise. Bump the
VHD creator tool version and the version of mkimg to signify our
success in provisioning.
Note that this also imapcts the dynamic VHD images.
Tested by: gjb@
of megabytes. This is on top of having the image rounded to the
matching geometry of the image size.
By rounding up to the next MB after rounding to the geometry, we
lost idempotency. Subsequent calls to resize the image will keep
increasing the image size.
Tested by: gjb@
removed bxe_free_mcast_macs_list() and bxe_init_mcast_macs_list()
fixed bug where copy of multicast list mta was deleted prior to passing the list to firmware
MFC after:5 days
release barriers, not read and write barriers. They fence all memory
accesses from the respective side, not limited by the kind of
operation.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
- remove last remnants of never implemented multiple targets support;
- implement missing support for LUN mapping in this area.
Due to existing locking constraints LUN mapping code is practically
unlocked at this point. Hopefully it is not racy enough to live until
somebody get idea how to call sleeping fronend methods under lock also
taken by the same frontend in non-sleepable context. :(