| Commit message (Collapse) | Author | Files | Lines |
|---|
|
From sthen@
|
|
|
|
Brings us one step closer to having disabled by default vms is vm.conf(5),
which can be started with vmctl(8).
Input, testing and OK reyk@. Thanks.
|
|
Skip a network port if its PHY cannot be found.
Tested on Lanner MR-326B (has fdt) by pirofti@, and
on EdgeRouter Pro (has fdt) and on EdgeRouter Lite (no fdt) by me.
|
|
when the system board is unhandled.
|
|
Further improve vmm's security model by restricting pledged vmm
processes to only do VMM_IOC_ ioctls on their associated VM (these
ioctls are _RUN, _RESETCPU, _INTR, _READREGS, or _WRITEREGS at
present). The vmm monitor (parent) process or any non-pledged
processes can still do ioctls on any VM. For example, a VM can only
terminate itself but vmctl or the monitor can terminate any VM.
This prevents reachover into other VMs: while escaping from a VM to
the host side (eg. through a bug in virtio etc.) pledge already kept
the attacker in a pledged and privsep'ed process, but now it also
prevents vmm ioctls on "other VMs".
OK mlarkin@
|
|
processes to only do VMM_IOC_ ioctls on their associated VM (these
ioctls are _RUN, _RESETCPU, _INTR, _READREGS, or _WRITEREGS at
present). The vmm monitor (parent) process or any non-pledged
processes can still do ioctls on any VM. For example, a VM can only
terminate itself but vmctl or the monitor can terminate any VM.
This prevents reachover into other VMs: while escaping from a VM to
the host side (eg. through a bug in virtio etc.) pledge already kept
the attacker in a pledged and privsep'ed process, but now it also
prevents vmm ioctls on "other VMs".
OK mlarkin@
|
|
smi.c r1.20.
ok cc(1)
|
|
- cleanup SHA256 and SHA256.sig before download
- move assignment of _cfile and _srclocal to the top
In a later step, this allows verification of local sets without the
need of a prefetch area which is not used in this case anyway.
Idea from and OK naddy@
OK krw@
|
|
|
|
quickly. In both cases it does not make sense to set hints on them.
So remove that option, which is just a remainder of old times when
malloc used to hold on to pages. ok stefan@
|
|
a pointer to a mbuf pointer, because it only uses the mbuf for reading.
ok reyk@
|
|
all others that we can find in switch(4).
ok reyk@
|
|
already does exactly what it wants to do.
ok reyk@
|
|
add missing action_set_queue struct.
ok reyk@
|
|
size of a header to avoid an integer underflow.
Found with afl.
|
|
As in pfsync_print_clr() use vis(3) in print_state(). This was also
found with afl though with a different input.
|
|
modelled on the upstream version.
|
|
now it asks the mbuf layer for the 9k from its pools.
a question from chris@ made me go look at the chip doco again and i
realised that the chip only requires 4 byte alignment for rx buffers,
no 4k alignment for jumbo buffers.
i also found that the chip is supposed to be able to rx up to 9400
bytes instead of 9000. ill fix that later though.
|
|
The RTS threshold should be good enough and applies to all modes.
A similar change was made in iwm(4) not long ago.
tested by myself and benno@
|
|
ok jca@, reyk@
|
|
function.
ok reyk@
|
|
might want to use it. For buffered packets we probably need to save that
somehow else, but we don't support it now.
ok reyk@
|
|
and avoid problems.
ok jca@
|
|
(problem pointed out by Petr, fix proposed by Dilli) _at_ oracle
|
|
Triggered by an incorrect patch from Jan Stary.
Feedback and OK jmc@, OK millert@.
|
|
Triggered by an incorrect patch from Jan Stary.
While here, add an .Xr to cut(1).
OK millert@ jmc@
|
|
Patches from Jan Stary <hans at stare dot cz>, tweaked by me and tb@.
While here, apply some simple style improvements:
Sort headers, static void __dead usage(), return from main(),
zap case '?', drop /* NOTREACHED */, drop break after usage(), ...
OK tb@ millert@
|
|
|
|
verbose error()s to debug()s, include PKCS#11 provider name and slot
in log messages where possible.
bz#2610, based on patch from Jakub Jelen
|
|
pf functions. That means less parameters, more consistency and
later we can call functions that need a pd from pf_route().
OK sashan@
|
|
reference to eddep in the kernel Makefile I could find is in 4.3BSD,
released some 30 years ago.
ok tb millert
|
|
OK mikeb@ mlarkin@
|
|
20 years ago. While there, eliminate two dead assignments.
ok natano
|
|
ok natano
|
|
Make sure to hold the ring buffer lock for the complete duration
of a channel ring I/O operation. For read operations this means
peeking and reading is done uninterrupted and for both reads and
writes this places the buffer space availability check under the
same lock as well.
|
|
Use vis(3) to safely print ifname and stop at IFNAMSIZ bytes.
Found with afl by jsg@. OK jsg@
|
|
without it.
|
|
|
|
no need to wait until the first program using it breaks...
"could make sense" semarie@ (and thanks for the cluestick)
OK deraadt@
|
|
swofp_flow_entry_delete() call frees the memory pointed to by the swfe
variable which was used later in the loop.
ok rzalamena@
|
|
|
|
ncpus is used on half the architectures to indicate the number of
cpus that have been hatched, and is used on them in things like ddb
to figure out how many cpus to shut down again.
ncpusfound is incremented during autoconf on MP machines to show
how big ncpus will probably become. percpu is initted after autoconf
but before cpus are hatched, so this works well.
|
|
IANA moved the Large Communities attribute to 32, which is a nice pun on
the problem it is solving.
|
|
|
|
|
|
fixes percpu allocations, like visa@ just did on mips64.
|
|
From Michael W. Bombardieri <mb at ii.net>
|
|
|
|
the most important change is that if the requested data is already
in the first mbuf in the chain, return quickly.
if that isnt true, the code will try to use the first mbuf to fit
the requested data.
if that isnt true, it will prepend an mbuf, and maybe a cluster,
to fit the requested data.
m_pullup will now try to maintain the alignment of the original
payload, even when prepending a new mbuf for it.
ok mikeb@
|
danj
reyk
edd
visa
natano
rpe
otto
rzalamena
jsg
mikeb
dlg
stsp
sashan
schwarze
djm
bluhm
tb
millert
phessler
joris
deraadt
ratchov