SADB_ACQUIRE requests are send by kernel, when security policy doesn't
have corresponding security association for outbound packet. IKE daemon
usually registers its handler for such messages and when the kernel asks
for SA it can handle this request. Now such requests will contain
additional fields that can help IKE daemon to create SA. And IKE now
can create SAs using only information from SADB_ACQUIRE request, this
is useful when many if_ipsec(4) interfaces are in use and IKE doesn track
security policies that was installed by kernel.
Obtained from: Yandex LLC
MFC after: 3 weeks
Sponsored by: Yandex LLC
__DEFAULT_YES/NO. These options simply cannot work where we were using
__DEFAULT_NO. The proper thing to do in that case is to use the
BROKEN_OPTIONS knob instead.
WITHOUT_LOADER_LUA is only needed since we turned it off by default on
powerpc and sparc64 in r338203. Same with
WITHOUT_LOADER_GEIL. WITH_NVME, WITHOUT_NVME, WITH_LOADER_FORCE_LE
have been needed since they were added.
This driver was already 99% identical to the ofw_pcib_pci driver, except for
the attachment. Since ofw_pcib_pci is already a subclass of pcib, this
creates a private declaration of that class, to use for the base class for
this driver.
At some point in the future, ofw_pcib_pci_driver should probably be exported
to a header, so we're not tracking the softc struct contents, but for now,
since there's only this one other driver, it's not a pressing issue.
r279252 inverted the logic in moea64_scan_init, such that instead of
terminating when reaching a dead page, it terminates when reaching a live
page, ostensibly preserving exactly one page of KVA.
In the FDT based probe, check for "arm,armv8-timer" before "arm,armv7-timer".
This gets the description right when the timer node has both entries in
compatible list.
There seems to be a race in CI, such that dtrace_asm.S might be assembled
before the genassym is completed. This causes a build failure when PSL_EE
doesn't exist, and is read as 0. Get around this by explicitly specifying
the bits in the mask instead.
Legacy v3 db support was retired in r333133, and it was v3 support that
required the -B and -L options. The options were retained temporarily,
but now that stable/12 has branched they can be removed.
Sponsored by: The FreeBSD Foundation
The Signal Processing Engine (SPE) found in Freescale e500 cores (and
others) offloads IEEE-754 compliance (NaN, Inf handling, overflow,
underflow) to software, most likely as a means of simplifying the APU
silicon. Some software, like AbiWord, needs full IEEE-754 compliance,
including NaN handling. Implement the necessary bits to enable it.
Differential Revision: https://reviews.freebsd.org/D17446
Primarily missing glyphs used by mandoc.
Added:
U+2010 hyphen
U+2011 non-breaking hyphen
U+2012 figure dash
U+2013 en dash
U+2014 em dash
U+2018 left single quotation mark
U+2019 right single quotation mark
U+2020 dagger
U+2021 double dagger
U+203E overline
U+2122 trade mark sign
U+2502 box drawings light vertical
U+25A1 white square
U+25CA lozenge
U+25CB circle
U+2660 black spade suit
U+2663 black club suit
U+2665 black heart suit
U+2666 black diamond suit
U+FFFD replacement char
Sponsored by: The FreeBSD Foundation
Some of these routines exist in both lib/libc/quad/ and sys/libkern/.
r325988 ANSIfied sys/libkern. Update libc/quad to match.
PR: 223641
Reported by: bde
Sponsored by: The FreeBSD Foundation
without first entering the password stored in loader.conf(5).
PR: kern/207069
Reported by: david@dcrosstech.com
MFC after: 3 days
Sponsored by: Smule, Inc.
The knob allows to select the flushing mode or turn it off/on. The
idea, as well as the list of the ignored syscall errors, were taken
from https://www.openwall.com/lists/kernel-hardening/2018/10/11/10 .
I was not able to measure statistically significant difference between
flush enabled vs disabled using syscall_timing getuid.
Reviewed by: bwidawsk
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D17536
libc/gmon's mcount was ANSIfied in r124180, with libkern following over
a decade later, in r325988, but some minor discrepancies remained.
Update libc/gmon's mexitcount to an ANSI C function definition, and use
(void) for libkern-only functions that take no arguments.
Reported by: bde
Clang's Integrated Assembler was previously disabled for i386 with the
note that it "doesn't grok .codeNN directives yet." This is no longer
the case (and hasn't been for some time), and the assembled output .text
is identical between gas and IAS.
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Prior to this revision, we allocated sufficient context space for 'level'
but never actually set the compress level parameter, so we would always get
the default '3'.
Reviewed by: markj, vangyzen
MFC after: 12 hours
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17144
Additionally, reconcile our abort behavior with arc4random(3). Unlike
SIGABRT, SIGKILL cannot be caught by the user program. These failures
are fatal conditions and should not return to the caller, as they did in
the instance that resulted in D17049.
While here, fix some minor typos in a comment.
Reviewed by: delphij
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17050
Exiting with a signal should not be treated the same as successful exit with
zero status.
Return signal exit information to the callers via negative integers, to
enable distinction from normal exit statuses. (All consumers that check for
errors don't care what the exact non-zero exit value is -- in such a case
they print a diagnostic message and either continue or bail.)
Additionally, check for unexpected sources of waitpid() wakeup and bail if
we encounter them.
Reported by: lev@
Reviewed by: kib, lev, markj (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17035
If multiple threads enter fortuna_pre_read contemporaneously, such as via
read(2) or getrandom(2), they could race to check how long it has been since
the last update due to a TOCTOU problem with 'now'.
Here is an example problematic execution:
Thread A: Thread B:
now_A = getsbinuptime();
now_B = getsbinuptime(); // now_B > now_A
RANDOM_RESEED_LOCK();
if (now - fs_lasttime > SBT_1S/10) {
fs_lasttime = now;
... // reseed
}
RANDOM_RESEED_UNLOCK();
RANDOM_RESEED_LOCK();
if (now_A - fs_lasttime > SBT_1S/10) // now_A - fs_lasttime underflows
fs_lasttime = now_A;
... // reseed again, despite less than 100ms elapsing
}
RANDOM_RESEED_UNLOCK();
To resolve the race, simply check the current time after we win the lock
race.
If getsbinuptime is perceived to be expensive, another option might be to
just accept the race and validate that fs_lasttime isn't "in the future."
(It should be within the last ~2^31 seconds out of ~2^32 seconds
representable duration.)
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16984
The convention for updating hc_destination[] is to index with a
random_entropy_source. Zero happens to match RANDOM_CACHED, which is
correct for this source (early random data). Spell the zero value as the
enum name instead of the magic constant.
No functional change.
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16983
When modifying an existing managed mapping, we should find a PV entry
for the old mapping. Verify this.
Before r335784 this would have been implicitly tested by the fact that
we always freed the PV entry for the old mapping.
Reviewed by: alc, kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D17626
it appropriately when building share/ctypedef and share/colldef.
This makes the resulting locale data in EL->EB (amd64->powerpc64) cross
build and in the native EB build match. Revert the changes done to libc
in r308170 as they are no longer needed.
PR: 231965
Reviewed by: bapt, emaste, sbruno, 0mp
Approved by: kib (mentor)
Differential Revision: https://reviews.freebsd.org/D17603
In various places, random represents the set of sources as a 32-bit word
bitmask. It assumes all sources fit within this, i.e., the maximum valid
source number is 31.
There was a comment specifying this limitation, but we can actually refuse
to compile if our assumption is violated instead. We still have a few spare
random source slots, but sooner or later someone may need to convert the
masks used from raw 32-bit words to bitset(9) APIs.
This prevents some kinds of developer foot-shooting when adding new random
sources. No functional change.
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16982
Currently, the 'thread' command (to switch the debugger to another thread)
only accepts decimal-encoded tids. Use the same parsing logic as 'show
thread <arg>' to accept hex-encoded thread pointers in addition to
decimal-encoded tids.
Document the 'thread' command in ddb.4 and expand the 'show thread'
documentation to cover the tid usage.
Reported by: bwidawsk
Reviewed by: bwidawsk (earlier version), kib (earlier version), markj
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16962
