Ficticious hash since there's no actual code change; but the release
notes for FreeBSD 15 should say that RSA host keys for SSH will no
longer be generated by default in FreeBSD 16.
Discussed on: freebsd-arch
Sponsored by: Amazon
which returns a snapshot of the count of the opened files in the
process.
Reviewed by: markj, olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46747
Avoid a race condition when accessing guest memory, by reading memory
contents only once.
This has also been applied to _vq_record() in
sys/dev/beri/virtio/virtio.c, as per markj@'s suggestion.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-10
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45735
In case of an error in a code pattern like
```
uint64_t val;
error = memread(vcpu, gpa, &val, 1, arg);
error = vie_update_register(vcpu, reg, val, size);
```
uninitialized stack data would be used.
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-21
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46107
Provide macros to derive the various needed values and make it a bit
more clear the differences between em and igb.
The igb default EITR was not landing at the right offset.
Respect the 'max_interrupt_rate' tunable.
MFC after: 1 week
Sponsored by: BBOX.io
The absolute and packet timers only apply to lem and em with some only
applying to the later.
This cleans up the sysctl tree to only show these where applicable and
stops writing to unexpected registers for igb.
MFC after: 1 week
Sponsored by: BBOX.io
and allow to revert it back to 48 with WITHOUT_JEMALLOC_LG_VADDR_WIDE build
option.
Reviewed by: andrew, emaste
Sponsored by: Advanced Micro Devices (AMD)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46686
In the function ahci_handle_dsm_trim, if the call to read_prdt fails,
the variable buf[512] is used while it contains uninitialized data.
It is easy to make the call to read_prdt fail, for instance if
hdr->prdtl == NULL, the function will return without writing anything in
buf.
In addition, this code could be hardened by checking the value of done
before accessing &buf[done].
Reported by: Synacktiv
Reviewed by: markj
Security: HYP-15
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46090
Summary:
It can be useful to see what quirks are applied on an SDHCI slot.
Obtained from: Juniper Networks, Inc.
Reviewed By: manu
Differential Revision: https://reviews.freebsd.org/D46790
- Add the firstboot-freebsd-update package, as long as we do not have
pkgbase, this is needed
- Support SLAAC by default to complement DHCPv4 (use SYNCDHP instead)
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
- Export NUAGE_FAKE_ROOTDIR only once
- Use the header section of the test to require the root user
- Use the PWD environment variable
- Set the root/sys shell as /bin/sh
- Use RFC 5737 reserved IP addresses
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
The hashed password usually contains a "$" sign, which, when used on a
shell, must be escaped. Also, the plain text password may contain
special characters that require escaping.
Add a quick fix by enclosing it in single quotes. Note that if the
plain text password contains a "'", it will still fail. This will be
properly fixed in later commits.
Some here documents require the document to be a string literal,
especially when passing invalid characters. Enclose it in single
quotes.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Standardize the utilities from nuage.lua, to return nil on failure, plus
an error message as a second result, and some value different from nil
on success.
Make warnmsg() and errmsg() append "nuageinit: " by default. Pass an
optional second parameter as false to avoid printing this tag.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Prefer posix.sys.stat's chmod() to os.execute(). While here, change the
name of the locals to be more descriptive.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Silence a warning emitted by fread(3) in fstyp(8)'s read_buf(), when
detecting the file system type of the cloud-init device:
% fstyp /dev/iso9660/cidata
fstyp: fread: Invalid argument
cd9660
Also rephrase slightly a comment while here.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
Fix the ordering of priv data creation with setting priv data. This
handles failure better and resolves a panic when repeatedly running
tools/tools/gpioevents.
Explicitly initialise more fields in priv data while we are here.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46568
Don't leak a maclabel when SYN segments are processed which results
in an error due to MD5 signature handling.
Tweak the #idef MAC to allow additional upcoming changes.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46766
so_peerlabel can only be used when the socket is not listening.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46755
Whenever mac_syncache_init() returns an error, ensure that
*label = NULL. This simplifies the error handling by the caller.
Reviewed by: rscheff
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46701
nvmf_submit_request() handles races with concurrent queue pair
destruction (or the queue pair being destroyed between
nvmf_allocate_request and nvmf_submit_request), so the lock is not
needed here. This avoids holding the lock across transport-specific
logic such as queueing mbufs for PDUs to a socket buffer, etc.
Holding the lock across nvmf_allocate_request() ensures that the queue
pair pointers in the softc are still valid as shutdown attempts will
block on the lock before destroying the queue pairs.
Sponsored by: Chelsio Communications
The last reference on a pending I/O request might be held by an mbuf
in the socket buffer. When this mbuf is freed, the I/O request is
completed which triggers completion of the CCB. However, this can
occur with locks held (e.g. with so_snd locked when the mbuf is freed
by sbdrop()) raising a LOR between so_snd and the CAM device lock.
Instead, defer CCB completion processing to a thread where locks are
not held.
Sponsored by: Chelsio Communications
Follow the pattern from iflib_irq_alloc_generic function and use
iflib_fast_intr as a handler for RX only interrupts.
Also remove some intermediate variables and use consistent
way for referencing queue's structures.
Signed-off-by: Krzysztof Galazka <krzysztof.galazka@intel.com>
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46061
As xprintf has not kept up with our standard printf(3) implementation,
it is becoming increasingly dangerous to continue to allow it to take
over if USE_XPRINTF is defined. Remove that code, while still allowing
applications which know about xprintf to select it.
Reviewed by: phk
Differential Revision: https://reviews.freebsd.org/D46765
This is mostly thj@'s work, with some tweaks and cleanup by me. There
are still some cases where our output differs from GNU diff3, but it's
much better than before and I'd rather commit what I have now than let
it continue to languish in a metaphorical drawer.
MFC after 3 weeks
Sponsored by: Klara, Inc.
Reviewed by: thj
Differential Revision: https://reviews.freebsd.org/D46762
This error handling is specific to an invalid value in the REPORTING
OPTIONS field of a REPORT SUPPORTED OPERATION CODES command.
While here, reuse the label for another case.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D46775
We're already in the correct vnet when the pfil hook is called. Remove the
pointless set/restore.
Reviewed by: glebius, zlei
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46648
In pf_setup_pdesc() the code for analysing TCP and UDP headers was
the same for v4 and v6. Deduplicate by moving the protocol switch
after the address family switch.
ok henning@ claudio@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 72cf18cc6e
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46647
