| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
ok mlarkin@
|
|
checking if the socket head's queue is empty and possibly sleeping.
This way we avoid lock ordering problems as the NET_LOCK() and
fdplock() won't be held at the same time.
Note that socketpair(2) and close(2) are the two remaining syscalls
holding these locks at the same time. They both respect the same
order: fdplock() then NET_LOCK().
Initial deadlock reported by kettenis@ and ajacoutot@.
ok bluhm@, guenther@, deraadt@
|
|
While here fix the formating of /w /o and /a.
ok guenther@
|
|
boards. mx6qsabrelite (which sets fdt_addr) and nitrogen6q
(which sets fdtaddr). The difference seems to be the mx6qsabrelite
target uses a small loader in SPI connected flash which will load
the rest of u-boot from an SD card. The nitrogen6q target normally
loads all of u-boot from an image in flash and then searches for a
6x_bootscript file with u-boot commands on MMC and SATA.
While neither of them supports "Generic Distro Configuration" which
would automatically search for an EFI image, if they did fdt_addr
is intended to be used for a DTB in ROM, while fdt_addr_r is intended
to be used for a DTB in RAM.
Change the 6x_bootscript u-boot commands to load the DTB to
fdtaddr instead of fdt_addr as matthieu@ reported fdt_addr was not
present in the u-boot environment on his system.
|
|
in ddb(4)'s default 'ps' view.
This allow to use 'tr /p' easily now that it requires a TID.
With inputs from guenther@
|
|
OK mpi@
|
|
there is still a little difference regarding handling of the verbosity
value that will be handled later.
ok claudio@
|
|
there is still a little difference regarding handling of the verbosity
value that will be handled later.
ok claudio@ florian@
|
|
pledged process. dup(2) and recvmsg(2) retain UF_PLEDGED from the original fd.
In pledge "exec" circumstances, exceve clears UF_PLEDGED on all the process's
fds.
In a pledge'd process, ioctl(2) can use this additional information to grant
access to ioctl's which are more sensitive or dive deeply into the kernel.
Developers will be encouraged to open such sensitive resources before calling
pledge(2), rather than afterwards. That matches the heading of privsep
development practices.
Future changes will introduce those ioctl(2) changes.
Lots of discussions with semarie guenther and benno.
|
|
an ifq to transmit a packet is picked by the current traffic
conditioner (ie, priq or hfsc) by providing an index into an array
of ifqs. by default interfaces get a single ifq but can ask for
more using if_attach_queues().
the vast majority of our drivers still think there's a 1:1 mapping
between interfaces and transmit queues, so their if_start routines
take an ifnet pointer instead of a pointer to the ifqueue struct.
instead of changing all the drivers in the tree, drivers can opt
into using an if_qstart routine and setting the IFXF_MPSAFE flag.
the stack provides a compatability wrapper from the new if_qstart
handler to the previous if_start handlers if IFXF_MPSAFE isnt set.
enabling hfsc on an interface configures it to transmit everything
through the first ifq. any other ifqs are left configured as priq,
but unused, when hfsc is enabled.
getting this in now so everyone can kick the tyres.
ok mpi@ visa@ (who provided some tweaks for cnmac).
|
|
|
|
|
|
|
|
consistency. Done jointly with rpe.
ok deraadt, phessler, rpe;
also looks good to guenther despite a slight change in semantics
|
|
ok deraadt@ rpe@
|
|
|
|
discussed with ajacoutot
|
|
ok beck@
|
|
|
|
|
|
OK mpi@ deraadt@
|
|
lifetime with tls_config_set_session_lifetime(). This enables tickets
and uses an internal automatic rekeying mode for the ticket keys.
If multiple processes are involved the following functions can be used to make
tickets work accross all instances:
- tls_config_set_session_id() sets the session identifier
- tls_config_add_ticket_key() adds an encryption and authentication key
For now only the last 4 keys added will be used (unless they are too old).
If tls_config_add_ticket_key() is used the caller must ensure to add new keys
regularly. It is best to do this 4 times per session lifetime (which is also
the ticket key lifetime).
Since tickets break PFS it is best to minimize the session lifetime according
to needs.
With a lot of help, input and OK beck@, jsing@
|
|
|
|
things if they are allocated.
ok captainobvious@
|
|
the callers.
|
|
|
|
call sites.
|
|
about to be explicit_bzero'd and freed.
|
|
Done together with jsing@
|
|
|
|
for 'show all procs'.
ok guenther@
|
|
While here document prfind(9.
with and ok guenther@
|
|
|
|
|
|
|
|
rt_entry. Use this function in the success case of all route commands.
Reduce the goto madness in route_output and make the code hopefully a
bit easier to read and work with.
OK mpi@ bluhm@
|
|
ocsp_staple functions set the OCSP response they don't add them (which implies
you can call them multiple times).
Discussed with jsing@ beck@
|
|
right before building kernels. This should unbreak 'make release' for
people having this setting.
ok deraadt
|
|
struct file *, and then externalizes back to fd upon delivery.
Convert storage to array of struct fdpass, containing struct file *
(and soon something else). memcpy originally intended for alignment
purposes can be removed because CMSG_ALIGN is _ALIGN.
There is some anxiety over changing this code, but it reads easier.
ok mpi guenther kettenis
|
|
|
|
|
|
ok claudio@
|
|
If you pass in crap then you will not get gold back.
|
|
the old array of open files.
Fix a race for multi-threaded processes reported by cheeky.m@gmx.com
on bugs@ and analyzed with bluhm@.
ok deraadt@, bluhm@
|
|
|
|
While there also remove a comment that is since a few years at least.
OK gcc
|
|
This way the tree becomes a bit better decoupled.
|
|
|
|
the ssl_ctx from internal - these are used directly by python
and openvpn and a few other things - we have the set accessors
but the get accessors were added in 1.1 and these roll their
own caveat OPENSSL_VERSION chickenpluckery
|
jsing
procter
mpi
jsg
phessler
benno
deraadt
dlg
tb
ajacoutot
guenther
visa
claudio
kettenis
bluhm
beck