| Commit message (Collapse) | Author | Files | Lines |
|---|
|
the rest of tree.
Spotted by deraadt@
|
|
|
|
1. two spelling mistakes.
2. change references to keystrokes, same as man page (UP-low).
3. update a filename reference to reality.
|
|
the user pressed C-g. Now it does.
|
|
|
|
saving it) earlier. This means data doesn't 'disappear' from the file
on disk while the user answers 'yes' or 'no'.
|
|
|
|
OK claudio semarie
|
|
we get a port change event.
ok dlg@
|
|
Hint: they don't right now
|
|
unlocks read(2) and write(2) syscalls families, and push the KERNEL_LOCK
deeper in the code path. KERNEL_LOCK is managed per file type in fileops
handlers (fo_read, fo_write, and fo_close). read(2) and write(2) on
socket are KERNEL_LOCK-free.
initial work from mpi@ and ians@
ok mpi@ kettenis@ visa@ ians@
|
|
unlocks read(2) and write(2) syscalls families, and push the KERNEL_LOCK
deeper in the code path. KERNEL_LOCK is managed per file type in fileops
handlers (fo_read, fo_write, and fo_close). read(2) and write(2) on
socket are KERNEL_LOCK-free.
initial work from mpi@ and ians@
ok mpi@ kettenis@ visa@ ians@
|
|
unlocks read(2) and write(2) syscalls families, and push the KERNEL_LOCK
deeper in the code path. KERNEL_LOCK is managed per file type in fileops
handlers (fo_read, fo_write, and fo_close). read(2) and write(2) on
socket are KERNEL_LOCK-free.
initial work from mpi@ and ians@
ok mpi@ kettenis@ visa@ ians@
|
|
This changes makes it possible to not use the struct rib_entry pointer
which will be used to optimize the Adj-RIB-Out.
Also adjust pt_ref() and pt_unref() so that the code can be written
a bit more compact. Also prefix_cmp() no longer needs to go via
rib_compare() and calls pt_prefix_cmp() directly.
OK phessler@
|
|
values and intervals. Mostly the same with the exception that peerself
is now id 1 and the first peer has id 2 -- was 0 and 1 before.
OK kn@, benno@
|
|
rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by Dániel Lévai on bugs@ confirmed by and ok bluhm@.
|
|
also document DOAS_USER.
ok deraadt jmc
|
|
Bug exposed by erratic sqlite3 behavior used in ports/devel/proj,
as pointed out by landry@. Richard Hipps (SQLite) pointed at the
culprit (_Qp_div), many thanks.
Adapted from FreeBSD revision 146673 by Stephen Paskaluk and
stefanf@FreeBSD. FreeBSD commit message:
"""
Fix long (and long long) to long double, unsigned to long double and
unsigned long (and unsigned long long) to long double conversions.
- Add a parameter that specifies the position of the sign bit to the _QP_TTOQ
macro, previously it always looked at bit 31. Pass a negative number to
disable sign inspection for unsigned types. This fixes _Qp_xtoq(),
_Qp_uitoq() and _Qp_uxtoq().
- In the functions __fpu_itof() and __fpu_xtof(), look at the sign
bit to decide whether we're doing a conversion from an unsigned type. If so, don't
negate the mantissa if the integer exceeds the biggest signed number.
"""
ok deraadt@
|
|
Adapted from recent changes to the KARL infrastructure.
OK deraadt, sthen
|
|
Use install -F to instead of cp, for fsync(2). Coupled with the new
sync(8) in the reorder_kernel script, the window for a incomplete /bsd
file on-disk due to a crash has now shrunk substantially.
Discussion with kettenis, millert and tedu
|
|
Suggested by jmc@
|
|
|
|
|
|
of resource limit structs has been done between processes. By applying
copy-on-write also between threads, threads can read rlimits in
a nearly lock-free manner.
Inspired by code in DragonFly BSD and FreeBSD.
OK mpi@, agreement from jmatthew@ and anton@
|
|
The current code wants to wait 1/100 [s] = 10 [ms] but at least one tick,
that's exactly what the millisecond version provides.
OK cheloha mpi claudio
|
|
|
|
|
|
and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and
Rambleed. This change encrypts private keys when they are not in use
with a symmetic key that is derived from a relatively large "prekey"
consisting of random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
|
|
uninitialised variable; spotted by dtucker@
|
|
ok jmc@ schwarze@
|
|
make it to disk (discussion with tedu)
|
|
|
|
knows if the prefix exists or not (by calling prefix_get()). So doing
the same check again in prefix_add() is silly and actually rather
expensive with lots of peers.
OK phessler@
|
|
|
|
|
|
Follow the contract.
|
|
missing, free the other object but also set the pointer back to NULL so
that the caller does not do a double free().
Found with afl by jsg@
|
|
TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1
rather than vaguely "< 0".
ok jsing
|
|
|
|
|
|
check and error out like it is done one other parsing issues.
Agreed by deraadt@
Fixes another afl "crash" found by jsg@
|
|
kernel. kubsan reports findings using printf() and assuming that calling
printf() is safe in all contexts can be problematic. Instead, defer
reporting of findings to the systq task queue.
Storage for findings is allocated early in the boot process in order to
catch potential UB during boot. The same findings are reported once the
task queue subsystem has been initialized.
Feedback from kettenis@ and ok mpi@
|
|
-1 to mark failure, not arbitrary values < 0. I believe manual pages
should follow the described contract precisely and accurately.
|
|
descriptors even after bootstrap.
|
|
if () blocks. Improves readability in my opinion since I skip some
branches to fast when reading.
OK deraadt@
|
|
Check this and also adjust the upper limit check to >= 8 since only the
values 0 - 7 are valid.
Found by jsg@ with afl. OK deraadt@
|
|
|
|
|
|
|
|
asynchronously and therefor other tasks can make progress at the same
time. Additionally prefixes belonging to a RIB which does not run the
the decision process are no longer linked into the nexthop list.
This replaces the early return in prefix_updateall() and reduces the
time spent in nexthop_update().
OK benno@
|
krw
inoguchi
lum
kn
jmatthew
claudio
semarie
mpi
tedu
jca
florian
deraadt
visa
jmc
nicm
djm
bentley
anton