| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- When we do not have a separate IV, make sure that the IV length
specified by the session is not larger than the payload size.
- Disallow AEAD requests without a separate IV. crp_sanity() asserts
that CRYPTO_F_IV_SEPARATE is set for AEAD requests, and some (but not
all) drivers require it.
- Return EINVAL for AEAD requests if an IV is specified but the
transform does not expect one.
Reported by: syzbot+c9e8f6ff5cb7fa6a1250@syzkaller.appspotmail.com
Reported by: syzbot+007341439ae295cee74f@syzkaller.appspotmail.com
Reported by: syzbot+46e0cc42a428b3b0a40d@syzkaller.appspotmail.com
Reported by: syzbot+2c4d670173b8bdb947df@syzkaller.appspotmail.com
Reported by: syzbot+220faa5eeb4d47b23877@syzkaller.appspotmail.com
Reported by: syzbot+e83434b40f05843722f7@syzkaller.appspotmail.com
Reviewed by: jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30154
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
|
|
|
|
|
|
|
| |
The destructor takes care of the rest.
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
|
|
|
|
|
|
|
| |
For use by mmap(2) callbacks.
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
|
|
|
|
|
|
|
|
|
|
| |
Fix some erronous lines in the example section.
PR: 248943
Submitted by: Jose Luis Duran
MFC after: 2 weeks
Reviewers: ae, manpages (gbe)
Differential Revision: https://reviews.freebsd.org/D30191
|
|
|
|
|
|
|
|
|
|
| |
Python 3.8 warns about line 112:
'SyntaxWarning: "is" with a literal. Did you mean "=="?'
Use '==' as Python suggests.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hotplug script will be executed only once for each backend,
regardless of the frontend triggering reconnections. Fix blkback to
deal with the hotplug script being executed only once, so that
reconnections don't stall waiting for a hotplug script execution
that will never happen.
As a result of the fix move the initialization of dev_mode, dev_type
and dev_name to the watch callback, as they should be set only once
the first time the backend connects.
This fix is specially relevant for guests wanting to use UEFI OVMF
firmware, because OVMF will use Xen PV block devices and disconnect
afterwards, thus allowing them to be used by the guest OS. Without
this change the guest OS will stall waiting for the block backed to
attach.
Fixes: de0bad00010c ('blkback: add support for hotplug scripts')
MFC after: 1 week
Sponsored by: Citrix Systems R&D
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
restore them.
Rack now after the previous commit is very careful to translate any
value in the hostcache for srtt/rttvar into its proper format. However
there is a snafu here in that if tp->srtt is 0 is the only time that
the HC will actually restore the srtt. We need to then only convert
the srtt restored when it is actually restored. We do this by making
sure it was zero before the call to cc_conn_init and it is non-zero
afterwards.
Reviewed by: Michael Tuexen
Sponsored by: Netflix Inc
Differential Revision: https://reviews.freebsd.org/D30213
|
|
|
|
|
|
|
|
|
|
| |
Looping back router multicast traffic signifficantly
stresses network stack. Add possibility to disable or enable
loopbacked based on sysctl value.
Reported by: Daniel Deville
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D29947
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a race condition between V_ip_mrouter de-init
and ip_mforward handling. It might happen that mrouted
is cleaned up after V_ip_mrouter check and before
processing packet in ip_mforward.
Use epoch call aproach, similar to IPSec which also handles
such case.
Reported by: Damien Deville
Obtained from: Stormshield
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D29946
|
|
|
|
|
|
|
|
| |
I accidentally dropped this in the final version of D27625, so it didn't
actually work as intended. I found this while testing the MFC to stable/13.
MFC after: immediately
Fixes: 7daca4e2043f ("truss: improved support for decoding compat32 arguments")
|
|
|
|
|
|
|
|
|
|
| |
Hostnames starting with "tablearg" are considered as a functional
argument instead of a literal.
Reported by: ae
Reviewers: ae
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30208
|
|
|
|
|
|
| |
Reported by: Yoshihiro Ota
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29354
|
|
|
|
|
|
| |
Said lookups would incorrectly fail with EOPNOTSUP.
Reported by: kib
|
|
|
|
|
| |
This should help performance a hair, for concurrent stat updates, by
reducing contention on cache lines.
|
|
|
|
|
| |
This was missed in the conversion to ifuncs. It might help improve
promotion rates.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two module declarations in the nfscl.ko module for "nfscl"
and "nfs". Both of these declarations had MODULE_DEPEND() calls.
This patch deletes the MODULE_DEPEND() calls for "nfs" to avoid
confusion with respect to what modules this module is dependent upon.
The patch also adds comments explaining why there are two module
declarations within the module.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D30102
|
|
|
|
|
|
|
|
|
|
|
|
| |
vn_fullpath_any_smr() will return a positive error number if the
caller-supplied buffer isn't big enough. In this case the error must be
propagated up, otherwise we may copy out uninitialized bytes.
Reported by: syzkaller+KMSAN
Reviewed by: mjg, kib
MFC aftr: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30198
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rtld preserves its current error message around calls to user init/fini
lists, to not override original error with potential secondary errors
caused by user code recursing into rtld. After 4d9128da54f8f8e2a29190,
the preservation of the string itself is not enough, the 'seen'
indicator must be preserved as well. Otherwise, since new code does not
clear string (it cannot), call to _rtld_error() from errmsg_restore()
revived whatever message was consumed last.
Change errmsg_save() to return structure recording both 'seen' indicator
and the message, if any.
PR: 255698
Reported by: Eugene M. Kim <astralblue@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It reopens the passed file descriptor, checking the file backing vnode'
current access rights against open mode. In particular, this flag allows
to convert file descriptor opened with O_PATH, into operable file
descriptor, assuming permissions allow that.
Reviewed by: markj
Tested by: Andrew Walker <awalker@ixsystems.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D30148
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Recover from excessive losses without reverting to a
retransmission timeout (RTO). Disabled by default, enable
with sysctl net.inet.tcp.do_lrd=1
Reviewed By: #transport, rrs, tuexen, #manpages
Sponsored by: Netapp, Inc.
Differential Revision: https://reviews.freebsd.org/D28931
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement persistent history storage:
the strategy is simple at start: loads the existing .sh_history file
at exit dump it.
The implementation respects the HISTFILE variable and its POSIX
definition: ~/.sh_history is used if HISTFILE is not set.
to avoid sh to create the history file, set HISTSIZE to 0 or HISTFILE to
en empty value
Co-authored-by: pstef
Reviewed by: jilles
Differential Revision: https://reviews.freebsd.org/D29493
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hostcache up to now as been updated in the discard callback
but without checking if we are all done (the race where there are
more than one calls and the counter has not yet reached zero). This
means that when the race occurs, we end up calling the hc_upate
more than once. Also alternate stacks can keep there srtt/rttvar
in different formats (example rack keeps its values in microseconds).
Since we call the hc_update *before* the stack fini() then the
values will be in the wrong format.
Rack on the other hand, needs to convert items pulled from the
hostcache into its internal format else it may end up with
very much incorrect values from the hostcache. In the process
lets commonize the update mechanism for srtt/rttvar since we
now have more than one place that needs to call it.
Reviewed by: Michael Tuexen
Sponsored by: Netflix Inc
Differential Revision: https://reviews.freebsd.org/D30172
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Distinguish between truly invalid requests and those that fail because
we've already joined the group. Both cases fail, but differentiating
them allows userspace to make more informed decisions about what the
error means.
For example. radvd tries to join the all-routers group on every SIGHUP.
This fails, because it's already joined it, but this failure should be
ignored (rather than treated as a sign that the interface's multicast is
broken).
This puts us in line with OpenBSD, NetBSD and Linux.
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30111
|
|
|
|
|
|
| |
This reverts commit c7b8bc367f18210d233b0e2185b5ce0d55c9ccaa.
Pointed out by: trasz
|
|
|
|
|
|
| |
PR: 255715
Reported by: Christos Margiolis <christos at christosmarg dot xyz>
MFC after: 3 days
|
|
|
|
|
|
|
|
|
| |
- Recognize raspberrypi,firmware-ts touchscreen
- Move the driver from ofwbus to simplebus
Reviewed by: manu
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30169
|
|
|
|
|
|
| |
No functional change.
MFC after: 2 weeks
|
|
|
|
|
|
| |
No functional change.
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The argument parser does not recognise the optional port for an
"tablearg" argument. Fix simplifies the code by make the internal
representation expicit for the parser.
PR: 252744
MFC: 1 week
Reported by: <bugs.freebsd.org@mx.zzux.com>
Approved by: nc
Tested by: <bugs.freebsd.org@mx.zzux.com>
Differential Revision: https://reviews.freebsd.org/D30164
|
|
|
|
|
|
|
|
|
| |
On rk3399 the VOP-little node has a single 'port' property (not a
collection of 'ports' or indexed ports).
Reviewed by: manu
Sponsored by: UKRI
Differential Revision: https://reviews.freebsd.org/D30165
|
| |
|
|
|
|
|
| |
Mentioned by: pfg
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a NFSv4 file attribute called TimeCreate
that can be used for va_birthtime.
r362175 added some support for use of TimeCreate.
This patch completes support of va_birthtime by adding
support for setting this attribute to the server.
It also eanbles the client to
acquire and set the attribute for a NFSv4
server that supports the attribute.
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30156
|
|
|
|
|
|
|
|
|
|
|
| |
platforms that for whatever reason cannot include the RATELIMIT option
can still work with rack. It adds two dummy functions that rack will
call and find out that the highest hw supported b/w is 0 (which
kinda makes sense and rack is already prepared to handle).
Reviewed by: Michael Tuexen, Warner Losh
Sponsored by: Netflix Inc
Differential Revision: https://reviews.freebsd.org/D30163
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IF non-existend gateway was specified, the code responsible for calculating
an updated nexthop group, returned the same already-used nexthop group.
After the route table update, the operation result contained the same
old & new nexthop groups. Thus, the code responsible for decomposing
the notification to the list of simple nexthop-level notifications,
was not able to find any differences. As a result, it hasn't updated any
of the "simple" notification fields, resulting in empty rtentry pointer.
This empty pointer was the direct reason of a panic.
Fix the problem by returning ESRCH when the new nexthop group is the same
as the old one after applying gateway filter.
Reported by: Michael <michael.adm at gmail.com>
PR: 255665
MFC after: 3 days
|
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30093
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.
See also https://redmine.pfsense.org/issues/8555
Submitted by: Steven Brown
Reviewed by: bcr (man page)
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30092
|
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30059
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to kill states created from a rule with route-to/reply-to
set. This is particularly useful in multi-wan setups, where one of the
WAN links goes down.
Submitted by: Steven Brown
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30058
|
|
|
|
|
|
|
|
| |
Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30057
|
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30055
|
|
|
|
|
|
|
|
| |
Introduce an nvlist based alternative to DIOCKILLSTATES.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30054
|
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30053
|
|
|
|
|
|
|
|
| |
Introduce an nvlist variant of DIOCCLRSTATES.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30052
|
|
|
|
|
|
|
|
|
|
|
| |
When showing the states, in very verbose mode, also display the gateway
(i.e. the target for route-to/reply-to).
Submitted by: Steven Brown
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30051
|
|
|
|
|
| |
Add DragonFly 5.8.1, OpenBSD 6.7, FreeBSD 11.4, DragonFly 5.8.2,
DragonFly 5.8.3, OpenBSD 6.8, NetBSD 9.1, FreeBSD 13.0, OpenBSD 6.9.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
div_output_outbound() and div_output_inbound() relied on the caller to
free the mbuf if an error occurred. However, this is contrary to the
semantics of their callees, ip_output(), ip6_output() and
netisr_queue_src(), which always consume the mbuf. So, if one of these
functions returned an error, that would get propagated up to
div_output(), resulting in a double free.
Fix the problem by making div_output_outbound() and div_output_inbound()
responsible for freeing the mbuf in all cases.
Reported by: Michael Schmiedgen <schmiedgen@gmx.net>
Tested by: Michael Schmiedgen
Reviewed by: donner
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30129
|
|
|
|
|
|
|
|
|
| |
When unwinding the stack, we may encounter a stack frame in a poisoned
region of the stack, triggering a false positive.
Reviewed by: andrew, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30126
|