| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
to guarantee that we read the cache parameters of the cache we just selected.
The required ISB instruction is present in the examples in the ARM ARM.
Fixes the the report on the cores in Apple's M1 SoC.
ok patrick@
|
| |
|
|
|
|
|
|
| |
could get stuck in an endless recursion during TCP path MTU discovery.
Create a dynamic host route in ip_output() that can be used by
tcp_mtudisc() to store the MTU.
Reported by Peter Mueller and Sebastian Sturm
OK claudio@
|
| | |
|
| |
|
|
|
|
| |
delete group does not need name sanitation. The kernel will just
report that it does not exist.
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the kernel made the unique check before trunkating with strlcpy().
So there could be two interface groups with the same name. The kif
is created by a name lookup. The trunkated names are equal, so
there was only one kif owned by both groups. When the groups got
destroyed, the single kif was removed twice from the RB tree.
Check length of group name before doing the unique check.
The empty group name was allowed and is now invalid.
Reported-by: syzbot+f47e8296ebd559f9bbff@syzkaller.appspotmail.com
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
|
| |
|
|
|
|
|
|
|
|
| |
pppac_ioctl() be called on dying pppac(4) interface. But now if_detach()
makes dying `ifp' inaccessible and waits for references which are in-use
in ioctl(2) path. This logic is not required anymore. Also if_detach()
was moved before klist_invalidate() to prevent the case while
pppac_qstart() bump `sc_rsel'.
ok yasuoka@
|
| |
|
|
| |
GC www/drupal7 description
|
| |
|
|
|
|
|
|
| |
used as solock()'s backend to protect the whole layer.
With feedback from mpi@.
ok bluhm@ claudio@
|
| |
|
|
| |
deraadt@.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
for framebuffer nodes under / and /chosen.
ok patrick@
|
| |
|
|
|
|
|
|
|
| |
since the actual modification of the state table is done by a call to
pf_state_insert(), which takes the pf state lock itself. Other calls
to pfsync_state_import() also only have the pf lock.
Reported-by: syzbot+d6ea8620b43dc69ecbc6@syzkaller.appspotmail.com
ok bluhm@
|
| | |
|
| |
|
|
| |
Discussed with deraadt@
|
| |
|
|
|
|
|
|
| |
If NFS isn't compiled into the kernel, sysctl -n vfs.mounts.nfs
will produce no numerical output. Make sure that we always have
a valid arithmetic expression.
Reported by and ok patrick@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
'group none'. We currently send no transform of type DH by default,
which should be equivalent to explicitly sending a single DH transform
of type 'none'. However, the proposal matching logic had a bug where
these two would not match, effectively breaking the ability to negotiate
optional PFS. This commit fixes the bug but continues to send
no DH proposal by default to remain backwards compatible with older
versions.
ok patrick@
|
| |
|
|
|
|
|
|
| |
Map deliberately invalid signal to zero when passing to PT_STEP and P_CONTINUE.
Also clean up getting Environment so setting LLDB_DEBUGSERVER env vars works again.
ok patrick@
|
| |
|
|
|
| |
ulimit -c unlimited. Also simplify the logic a bit as requested by bluhm@.
OK bluhm@ deraadt@
|
| |
|
|
|
| |
the tests with ulimit -c unlimited to make sure coredumps are written.
OK bluhm@ deraadt@
|
| |
|
|
|
|
|
| |
first entry. This way ocspcheck will try all returned IPs to contact
the OCSP server. Found by the regress test and a resolv.conf file with
'family inet6 inet4'.
OK kn@ deraadt@
|
| | |
|
| |
|
|
| |
ok visa
|
| | |
|
| |
|
|
|
| |
Silence from the network group
ok sashan@
|
| | |
|
| |
|
|
|
|
|
|
| |
should ensure that we don't read a stale command ID and complete the
wrong scsi io. powerpc64 base builds were crashing like this fairly
regularly.
ok deraadt@ dlg@
|
| | |
|
| | |
|
| |
|
|
| |
from pedro martelletto
|
| | |
|
| | |
|
| |
|
|
| |
OK bluhm@, claudio@, deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
Trailing characters in the option argument were ignored, such that
-cC1 (typo of -c1C) was interpreted as -cC instead of being rejected.
ok jsing@
|
| | |
|
| |
|
|
|
|
|
| |
ECC and OCSP can be used with DTLS, so remove bogus checks that currently
prevent it. These are long lasting remnants from the original OpenSSL code.
ok tb@
|
| |
|
|
|
|
|
| |
DTLS is largely broken/useless without read ahead being enabled, so enforce
it for DTLS. This behaviour matches both our documentation and OpenSSL.
ok tb@
|
| |
|
|
|
|
|
| |
Replace the current copy of dtls1_retrieve_buffered_record() with a call
to it instead.
ok tb@
|
| | |
|
| |
|
|
|
| |
Discussed with sthen@
ok patrick@
|
| |
|
|
| |
Christian Zangl.
|
| |
|
|
|
|
|
| |
a new object that is already refcounted, so carp attach does not
reach into internal structures. Add kasserts to detect counter
overflow or underflow.
OK mvs@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RAID1C discipline encrypts data like the CRYPTO discipline, and accepts
multiple chunks during creation and assembly like the RAID1 discipline.
To deal with failing disks a RAID1C volume may be assembled with a smaller
number of chunks than the volume was created with. The volume will then come
up in degraded state. If the volume is now detached and assembled again with
the correct number of chunks, any re-added chunks will require a rebuild.
Consequently, assembling RAID1C volumes requires careful attention to the
chunks passed via 'bioctl -l'. If a chunk is accidentally omitted from the
command line during volume assembly, then this chunk will need to be rebuilt.
At least one known-good chunk is required in order to assemble the volume.
Like CRYPTO, RAID1C supports passphrase and key-disk authentication.
Key-disk based volumes are assembled automatically if the key disk is present
while the system is booting up.
Unlike CRYPTO and RAID1, there is no boot support for RAID1C yet.
RAID1C largely reuses existing code of RAID1 and CRYPTO disciplines.
At present RAID1C's discipline-specific data structure is shared with that
of the CRYPTO discipline to allow re-use of existing CRYPTO code. A custom
RAID1C data structure would require CRYPTO code to access struct sr_crypto
via a pointer instead of via a member field of struct sr_discipline.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RAID1C discipline encrypts data like the CRYPTO discipline, and accepts
multiple chunks during creation and assembly like the RAID1 discipline.
To deal with failing disks a RAID1C volume may be assembled with a smaller
number of chunks than the volume was created with. The volume will then come
up in degraded state. If the volume is now detached and assembled again with
the correct number of chunks, any re-added chunks will require a rebuild.
Consequently, assembling RAID1C volumes requires careful attention to the
chunks passed via 'bioctl -l'. If a chunk is accidentally omitted from the
command line during volume assembly, then this chunk will need to be rebuilt.
At least one known-good chunk is required in order to assemble the volume.
Like CRYPTO, RAID1C supports passphrase and key-disk authentication.
Key-disk based volumes are assembled automatically if the key disk is present
while the system is booting up.
Unlike CRYPTO and RAID1, there is no boot support for RAID1C yet.
RAID1C largely reuses existing code of RAID1 and CRYPTO disciplines.
At present RAID1C's discipline-specific data structure is shared with that
of the CRYPTO discipline to allow re-use of existing CRYPTO code. A custom
RAID1C data structure would require CRYPTO code to access struct sr_crypto
via a pointer instead of via a member field of struct sr_discipline.
ok jsing@
|
| |
|
|
|
| |
We did not reach a consensus about using SMR to unlock single_thread_set()
so there's no point in keeping this change.
|
| |
|
|
| |
Improve debugging of filters and print operator names in debug output.
|
| |
|
|
| |
and rpkiNotify SIA.
|
espie
kettenis
bluhm
claudio
mvs
nicm
jmc
deraadt
patrick
naddy
tobhe
mortimer
jcs
jmatthew
sthen
stsp
jan
jsing
mpi