Releng 2 4#1
Open
amarddx wants to merge 186 commits intoPiBa-NL:MyFirewall_2_4from
amarddx:RELENG_2_4
Open
Conversation
…ork. (cherry picked from commit 2331af834543e4d99749c33e4ed1873d0ef339b9)
…i-chip mode. While the switch is going to use the SMI Address and SMI Address + 1, this does not mean that the base address cannot use odd addresses. (cherry picked from commit f9569de3680bf62814fe84959e65e275e302531e)
This reduces the chances of breaking the connectivity on boot by overwritting the loader defaults. The driver already take care of the important bits, so just keep the other settings. (cherry picked from commit e162742501ad6bab132ac149b7e9af3866819b78)
(cherry picked from commit 7c38f30)
(cherry picked from commit 1c60fc3)
building it. lint(1) is required on the host build system to build lint(1) libraries, and it is no longer available on FreeBSD 12. This prevents using a 12 or later host to build an 11 or earlier system, which causes problems for building jails and using poudriere. The problem could be fixed by treating lint as a bootstrap tool when building on 12+, but that just adds complexity and build time to build a broken tool that virtually nobody uses anymore. This is a direct commit to 11-stable because lint no longer exists in later branches. PR: 223892 Relnotes: yes Differential Revision: https://reviews.freebsd.org/D13799 (cherry picked from commit 5fb1dbc)
Fixes a crash when dummynet is used with pfsync. Ticket #4310 (cherry picked from commit 92b0a4e58e8a89eb6be7714dcd59b30fd0615352)
Ticket #4909. (cherry picked from commit 070fe5761940aede4ba68e28afd494effb2ec38e)
Do better cleaning in key_destroy() for VIMAGE case. SPDB was cleaned using TAILQ_CONCAT() instead of calling key_unlink() for each SP, thus we need to properly clean lists in each bucket of V_sphashtbl to avoid panic in hashdestroy() when INVARIANTS is enabled. Do the same for V_acqaddrhashtbl and V_acqseqhashtbl. When we are called in DEFAULT_VNET, destroy also all global locks and drain key_timer callout. Reported by: kp Tested by: kp (cherry picked from commit 0925361)
fix pointer/offset mistakes in handling of IPv4 options Reported by: Maxime Villard <maxv at NetBSD.org> MFC after: 1 week (cherry picked from commit 733b094)
Fix a vulnerability in IPsec-IPv6-AH, that allows an attacker to remotely crash the kernel with a single packet. In this loop we need to increment 'ad' by two, because the length field of the option header does not count the size of the option header itself. If the length is zero, then 'count' is incremented by zero, and there's an infinite loop. Beyond that, this code was written with the assumption that since the IPv6 packet already went through the generic IPv6 option parser, several fields are guaranteed to be valid; but this assumption does not hold because of the missing '+2', and there's as a result a triggerable buffer overflow (write zeros after the end of the mbuf, potentially to the next mbuf in memory since it's a pool). Add the missing '+2', this place will be reinforced in separate commits. Reported by: Maxime Villard <maxv at NetBSD.org> MFC after: 1 week (cherry picked from commit 9ecab33)
…king fine when a lot of different flows to be ciphered/deciphered are involved. However, when a software crypto driver is used, there are situations where we could benefit from making crypto(9) multi threaded: - a single flow is to be ciphered: only one thread is used to cipher it, - a single ESP flow is to be deciphered: only one thread is used to decipher it. The idea here is to call crypto(9) using a new mode (CRYPTO_F_ASYNC) to dispatch the crypto jobs on multiple threads, if the underlying crypto driver is working in synchronous mode. Another flag is added (CRYPTO_F_ASYNC_KEEPORDER) to make crypto(9) dispatch the crypto jobs in the order they are received (an additional queue/thread is used), so that the packets are reinjected in the network using the same order they were posted. A new sysctl net.inet.ipsec.async_crypto can be used to activate this new behavior (disabled by default). Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu> Reviewed by: ae, jmg, jhb Differential Revision: https://reviews.freebsd.org/D10680 Sponsored by: Stormshield (cherry picked from commit fbc9da5)
This will also help to reduce the number of builds. (cherry picked from commit 20ce526291ecaeb5e30155ceaa6cec6e49e78dec)
Make WRFSBASE and WRGSBASE instructions functional. (cherry picked from commit b1a7a74)
amd64: drop q suffix from rd[fg]sbase for gas compatibility (cherry picked from commit c78f11f)
Update comment. (cherry picked from commit 5596db6)
Rename COMMON_TSS_RSP0 to TSS_RSP0. (cherry picked from commit 18a2f90)
Detect hypervisor early so that we set lower hz on it. (cherry picked from commit 1a04c4c)
Split identify_cpu() into two functions for amd64 as we do for i386. This
reduces diff between amd64 and i386. Also, it fixes a regression introduced
in r322076, i.e., identify_hypervisor() failed to identify some hypervisors.
This function assumes cpu_feature2 is already initialized.
Reported by: dexuan
Tested by: dexuan
(cherry picked from commit 173ac91)
Consistently ensure that we do not load MXCSR with reserved bits set. (cherry picked from commit efc00b5)
Move the hardware setup for fast syscalls into a common function. (cherry picked from commit ee52c56)
Move struct syscall_args syscall arguments parameters container into struct thread. (cherry picked from commit 985b26c)
Style. (cherry picked from commit f04468c)
Use ANSI C declaration for trap_pfault(). Style. (cherry picked from commit 835f94b)
Trim excessive 'extern' and remove unused declaration. (cherry picked from commit d7178de)
Do not call trapsignal() after handling usermode fault or interrupt, when a signal is not intended to be sent. (cherry picked from commit 7e1281f)
Simplify amd64 trap(). (cherry picked from commit f6bf98b)
amd64: annotate the syscall return address check with __predict_false
before:
0xffffffff80b03ebb <+2059>: mov 0x460(%r14),%rax
0xffffffff80b03ec2 <+2066>: mov 0x98(%rax),%rax
0xffffffff80b03ec9 <+2073>: shr $0x2f,%rax
0xffffffff80b03ecd <+2077>: je 0xffffffff80b03edd <amd64_syscall+2093>
0xffffffff80b03ecf <+2079>: mov 0x3f8(%r14),%rax
0xffffffff80b03ed6 <+2086>: orl $0x1,0xc8(%rax)
0xffffffff80b03edd <+2093>: add $0xf8,%rsp
after:
0xffffffff80b03ebb <+2059>: mov 0x460(%r14),%rax
0xffffffff80b03ec2 <+2066>: mov 0x98(%rax),%rax
0xffffffff80b03ec9 <+2073>: shr $0x2f,%rax
0xffffffff80b03ecd <+2077>: jne 0xffffffff80b03eef <amd64_syscall+2111>
0xffffffff80b03ecf <+2079>: add $0xf8,%rsp
(cherry picked from commit 4ebdf0a)
Allow to disable default microcode updates search path with the new '-n' option. (cherry picked from commit ea3420c)
(cherry picked from commit d86d52695f351e7c49f94582d1d10d80f587c7f6)
This particular interface allows access to the switch eeprom. The eeprom is write protected by default. (cherry picked from commit 33b80ce1752172918dffa8d33662a465cc2b0c29)
(cherry picked from commit 0714468531f9e33c8f85bafa260c92d55c11ff88)
…ation. (cherry picked from commit 465e5577e8a32d4f98def4ec75a00c09feb140a1)
(cherry picked from commit abb5881302576b23a102094ea2f11717a85ff148)
The port state can be set to: disabled, learning, blocking and forwarding. (cherry picked from commit 76dbc69beb1365281a904ba531acbcbc607b394e) (cherry picked from commit 1a4022d)
(cherry picked from commit f3f1d1d3a10e7394b0f22f634562e46b05e694be)
…s an int. (cherry picked from commit 3bd88d1)
r297857 was meant for real hardware only. PR: 213155 Submitted by: mainland@apeiron.net MFC after: 1 week (cherry picked from commit d03e4e7)
As if_bridge calls carp_forus() with the bridge lock held, there is a race where a carp callout can trigger just before the call to carp_forus() and, with the CARP lock held, will now wait for the bridge lock while the next call to carp_forus() is trying to acquire the CARP lock with the bridge lock held. Ticket: #8056 (cherry picked from commit ab6cc9dd898d6ecb61a8758547ebb0916fe2dfb7)
LAG is used mostly on Marvell docs, but not in common literature. (cherry picked from commit d6ccb78ce03410d219100f2927ccf6364b7b99c5)
This variable stores only the port in use. (cherry picked from commit 29dd9507e328dfbd921f703268a2e696f3daf54c)
This variable stores a mask with all valid ports for a given switch model. (cherry picked from commit 63fe08f41566adaee6c1f087aaae55f0a06282d1)
(cherry picked from commit db0244864e9cbca5dec13b19fe8ba5ce083df24f)
(cherry picked from commit 5cbe82445395df2ab9d48df1a5fb52f78057ea02)
(cherry picked from commit 4d28ab726268059f99263d97b2aaa2dafce4a33d)
The recovery images needs them. The installer image isnow built with NO_MODULES=yes. (cherry picked from commit c62f1b689b961c85042019b8d63f0ac6eac7ced4)
(cherry picked from commit 9705bbc6faa133f3a6eae420b5b710f0f4cc27a0)
(cherry picked from commit e483b3878e173e559910bfdf2cf94f6a3d8ca09d)
- Remove #define PCIS_SERIALBUS_SMBUS_PROGIF, unused since r200091 - Switch device_probe() from large case statement to a lookup table - Add several missing SMBus controllers (cherry picked from commit 6ddc088)
(cherry picked from commit 8c852c1e068abf4ab79672ae7d31396181a9f7cd)
Tested on production SG-3100. (cherry picked from commit 276b374d3d1baa24389227e6c6aa350654503ef2)
Owner
|
Um.. why? My FreeBSD branche is not maintained for any use except my own experimentation and a little 'proof of concept' for my wiki page.. Other than that, you should fork your own directly from the source, and keep that up to date if desired.. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.