| created | 2019-05-08T05:59:47Z |
|---|---|
| begin | 2018-02-06T00:00:00Z |
| end | 2018-02-07T00:00:00Z |
| path | src/sys |
| commits | 17 |
| date | 2018-02-06T00:18:38Z | |||
|---|---|---|---|---|
| author | tedu | |||
| files | src/sys/dev/ic/aic79xx.c | log | diff | annotate |
| message | remove a bit of dead code. ok bluhm deraadt | |||
| date | 2018-02-06T01:09:17Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/arch/amd64/amd64/cpu.c | log | diff | annotate |
| src/sys/arch/amd64/amd64/machdep.c | log | diff | annotate | |
| src/sys/arch/amd64/amd64/ucode.c | log | diff | annotate | |
| src/sys/arch/amd64/include/biosvar.h | log | diff | annotate | |
| src/sys/arch/amd64/include/cpufunc.h | log | diff | annotate | |
| src/sys/arch/amd64/stand/boot/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/stand/cdboot/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/stand/efiboot/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/stand/libsa/exec_i386.c | log | diff | annotate | |
| src/sys/arch/amd64/stand/pxeboot/conf.c | log | diff | annotate | |
| message |
Load the Intel microcode much earlier. So far we had loaded it after the CPUs identified and then we had to update the CPU flags afterwards. As microcode updates can add/remove instructions and features, we need to load it earlier. Thus, make the bootloader look for the microcode and supply it to the kernel as another bootarg. This way we can update the cores' microcode before we identify them. ok deraadt@ |
|||
| date | 2018-02-06T01:24:31Z | |||
|---|---|---|---|---|
| author | tedu | |||
| files | src/sys/kern/tty.c | log | diff | annotate |
| message | reduce scope of variable a bit to avoid shadowing | |||
| date | 2018-02-06T02:12:55Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/ic/bwfm.c | log | diff | annotate |
| message | Support setting the Cortex-M3 cores to active mode. | |||
| date | 2018-02-06T02:23:04Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/ic/bwfm.c | log | diff | annotate |
| message |
Add support for chips which use SYSMEM memory. Code is a simplified version of the SOCRAM one. |
|||
| date | 2018-02-06T08:42:33Z | |||
|---|---|---|---|---|
| author | tb | |||
| files | src/sys/conf/newvers.sh | log | diff | annotate |
| message |
Run newvers.sh with umask 007 to work around permission issues that cause 'make release' fail the first time around after building GENERIC if /usr/obj/ wasn't cleaned out properly. The proper fix would be to implement privdrop for kernel builds but this is trickier than it looks at first sight. discussed with deraadt |
|||
| date | 2018-02-06T09:04:45Z | |||
|---|---|---|---|---|
| author | phessler | |||
| files | src/sys/net80211/ieee80211_node.h | log | diff | annotate |
| message |
remove extern from function prototypes, remove some variable names, and a left-over kernel malloc feature we don't use. OK deraadt@ |
|||
| date | 2018-02-06T09:16:11Z | |||
|---|---|---|---|---|
| author | henning | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| src/sys/net/pf_if.c | log | diff | annotate | |
| src/sys/net/pf_ioctl.c | log | diff | annotate | |
| src/sys/net/pf_lb.c | log | diff | annotate | |
| src/sys/net/pf_norm.c | log | diff | annotate | |
| message |
some finger muscle workout: bzero -> memset and (very few) bcopy -> memcpy/memmove |
|||
| date | 2018-02-06T09:25:54Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/arch/arm/arm/sigcode.S | log | diff | annotate |
| message |
Make sure sigfillsiz is word aligned. ok kettenis@ |
|||
| date | 2018-02-06T14:54:22Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_ah.c | log | diff | annotate |
| message |
Do some cleanup in ah_massage_headers(). - Declare global array ipseczeroes containing zeroes constant. - The proto parameter contains the address family, so call it af. - Remove an unused if block, just keep the else. - If m_copyback(M_NOWAIT) fails, return with error instead of working with an inconsistent mbuf. - ip6_nxt is u_int8_t, no need to clear the high bits. - The offset and next protocol are advanced for all extension headers, move it after the switch. - ah_massage_headers() returns an errno, call the variable error. OK procter@ |
|||
| date | 2018-02-06T15:13:08Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/tcp_timer.c | log | diff | annotate |
| src/sys/netinet/tcp_timer.h | log | diff | annotate | |
| src/sys/netinet/tcp_var.h | log | diff | annotate | |
| message |
There was a race in the TCP timers. As they may sleep to grab the netlock, timers may still run after they have been disarmed. Deleting the timeout is not sufficient to cancel them, but the code from 4.4 BSD is assuming this. The solution is to add a flag for every timer to see whether it has been armed or canceled. Remove the TF_DEAD check as tcp_canceltimers() is called before the reaper timer is fired. Cancelation works reliably now. OK mpi@ |
|||
| date | 2018-02-06T20:35:21Z | |||
|---|---|---|---|---|
| author | naddy | |||
| files | src/sys/arch/arm64/arm64/autoconf.c | log | diff | annotate |
| src/sys/arch/arm64/arm64/machdep.c | log | diff | annotate | |
| src/sys/arch/arm64/stand/efiboot/conf.c | log | diff | annotate | |
| src/sys/arch/arm64/stand/efiboot/efiboot.c | log | diff | annotate | |
| src/sys/arch/arm64/stand/efiboot/efipxe.c | log | diff | annotate | |
| message |
Allow the kernel to recognize that it has been netbooted and to add the boot interface to the "netboot" group. efiboot grabs the MAC address from the PXE environment, passes it to the kernel, where it is matched against the list of ethernet interfaces and the boot device is set. Concept and most of the code cribbed from amd64. ok kettenis@ |
|||
| date | 2018-02-06T22:14:52Z | |||
|---|---|---|---|---|
| author | phessler | |||
| files | src/sys/net80211/ieee80211_node.c | log | diff | annotate |
| src/sys/net80211/ieee80211_node.h | log | diff | annotate | |
| src/sys/net80211/ieee80211_proto.c | log | diff | annotate | |
| message |
convert the test if a node support HT (aka, 11n) into an inline function, instead of testing some un-obvious bitfield OK stsp@ |
|||
| date | 2018-02-06T22:17:03Z | |||
|---|---|---|---|---|
| author | phessler | |||
| files | src/sys/net80211/ieee80211_node.h | log | diff | annotate |
| message |
convert __inline to inline no binary change on amd64 |
|||
| date | 2018-02-06T22:35:32Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/kern/subr_pool.c | log | diff | annotate |
| message |
slightly randomize the order that new pages populate their item lists in. ok tedu@ deraadt@ |
|||
| date | 2018-02-06T23:37:24Z | |||
|---|---|---|---|---|
| author | henning | |||
| files | src/sys/net/pf_syncookies.c | log | diff | annotate |
| message |
syncookies implementation to be used in pf, based on the FreeBSD one by Andre Oppermann, heavily adjusted for pf instead of stack use and with entirely rewritten timeout machinery and new hashing with bits from sashan, widely discussed with the other network hackers |
|||
| date | 2018-02-06T23:44:48Z | |||
|---|---|---|---|---|
| author | henning | |||
| files | src/sys/conf/files | log | diff | annotate |
| src/sys/net/pf.c | log | diff | annotate | |
| src/sys/net/pf_ioctl.c | log | diff | annotate | |
| src/sys/net/pfvar.h | log | diff | annotate | |
| src/sys/sys/mbuf.h | log | diff | annotate | |
| message |
syncookies for pf. when syncookies are on, pf will blindly answer each and every SYN with a syncookie-SYNACK. Upon reception of the ACK completing the 3WHS, pf will reconstruct the original SYN, shove it through pf_test, where state will be created if the ruleset permits it. Then massage the freshly created state (we won't see the SYNACK), set up the sequence number modulator, and call into the existing synproxy code to start the 3WHS with the backend host. Add an - somewhat basic for now - adaptive mode where syncookies get enabled if a certain percentage of the state table is filled up with half-open tcp connections. This makes pf firewalls resilient against large synflood attacks. syncookies are off by default until we gained more experience, considered experimental for now. see http://bulabula.org/papers/2017/bsdcan/ for more details. joint work with sashan@, widely discussed and with lots of input by many |
|||