committer filter by committer.
@path/to/ filter by path in repository.
committer@path/to/ filter by committer AND path in repository.
abdef0123 filter by commit's SHA hash.
rNNN filter by SVN revision.
rNNN-rMMM filter by SVN revisions range (inclusive).
Multiple filters can be specified separated by spaces or comas in which case they'll be combined using OR operator.
| 1739de97 | brooks | Nov. 17, 2021, 8:12 p.m. | makesyscalls: make strip_abi_prefix more robust
Allow strip_abi_prefix() to be called with nil and return nil in that case. This simplifies handling of RESERVED entries. Reviewed by: kevanscgit |
|
| 8a693ccf | markj | Nov. 17, 2021, 6:51 p.m. | Export symbols from opensolaris.ko and dtrace.ko
Both modules provide many symbols used by various DTrace provider modules, so just export everything. MFC after: 1 week Sponsored by: The FreeBSD Foundationcgit |
|
| 8406182d | ygy | Nov. 17, 2021, 5:52 p.m. | bridge(4): Fix spelling
PR: 237725 MFC after: 3 dayscgit |
|
| 2e946f87 | allanjude | Nov. 17, 2021, 3:07 p.m. | Fix ZFS module build
resolves: link_elf_obj: symbol abd_checksum_edonr_native undefined The required module-build bits were originally identified in the upstream pull request: https://github.com/openzfs/zfs/pull/12735 But were missed when the code was imported (since they are not committed upstream). X-MFC-With: dae1713419a6, 09cd63416051 Submitted by: freqlabs Sponsored by: Klara Inc.cgit |
|
| 97e28f0f | rrs | Nov. 17, 2021, 2:45 p.m. | tcp: Rack ack war with a mis-behaving firewall or nat with resets.
Previously we added ack-war prevention for misbehaving firewalls. This is where the f/w or nat messes up its sequence numbers and causes an ack-war. There is yet another type of ack war that we have found in the wild that is like unto this. Basically the f/w or nat gets a ack (keep-alive probe or such) and instead of turning the ack/seq around and adding a TH_RST it does something real stupid and sends a new packet with seq=0. This of course triggers the challenge ack in the reset processing which then sends in a challenge ack (if the seq=0 is within the range of possible sequence numbers allowed by the challenge) and then we rinse-repeat. This will add the needed tweaks (similar to the last ack-war prevention using the same sysctls and counters) to prevent it and allow say 5 per second by default. Reviewed by: Michael Tuexen Sponsored by: Netflix Inc. Differential Revision: https://reviews.freebsd.org/D32938cgit |
|
| 09cd6341 | se | Nov. 17, 2021, 12:16 p.m. | zfs: fix commit dae1713419a6 merge openzfs/zfs@269b5dadc into main
Commit dae1713419a6 did not add two required lines for edonr specific functionality to this file, causing kernel build failures if ZFS is compiled in. This commit should be included in an eventual MFC of dae1713419a6.cgit |
|
| dae17134 | mm | Nov. 17, 2021, 8:39 a.m. | zfs: merge openzfs/zfs@269b5dadc (master) into main
Notable upstream pull request merges: #12285 Introduce a tunable to exclude special class buffers from L2ARC #12689 Check l2cache vdevs pending list inside the vdev_inuse() #12735 Enable edonr in FreeBSD #12743 FreeBSD: fix world build after de198f2 #12745 Restore dirty dnode detection logic Obtained from: OpenZFS OpenZFS commit: 269b5dadcfd1d5732cf763dddcd46009a332eae4cgit |
|
| b6cbbcae | kp | Nov. 17, 2021, 2:09 a.m. | m_get3(): actually use the selected zone
Reported by: markjcgit |
|
| 8e492101 | kp | Nov. 17, 2021, 2:09 a.m. | pf: add COMPAT_FREEBSD13 for DIOCKEEPCOUNTERS
DIOCKEEPCOUNTERS used to overlap with DIOCGIFSPEEDV0, which has been
fixed in 14, but remains in stable/12 and stable/13.
Support the old, overlapping, call under COMPAT_FREEBSD13.
Reviewed by: jhb
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33001
cgit
|
|
| 4e85b648 | kp | Nov. 17, 2021, 2:08 a.m. | Add a COMPAT_FREEBSD13 kernel option
Use it wherever COMPAT_FREEBSD11 is currently specified.
Reviewed by: jhb (previous version)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33005
cgit
|
|
| 23e1961e | kp | Nov. 17, 2021, 2:08 a.m. | riscv: add COMPAT_FREEBSD12 option
Turn on compat option for older FreeBSD versions (i.e. 12). We do not
enable the compat options for 11 or older because riscv was never
supported in those versions.
Reviewed by: jrtc27 (previous version)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33015
cgit
|
|
| 5509bad7 | rmacklem | Nov. 17, 2021, 12:02 a.m. | nfsd: Add a new rc variable nfs_server_maxio
Since vfs.nfsd.srvmaxio can only be set when nfsd.ko is loaded, but nfsd is not running, setting it in /etc/sysctl.conf is not feasible when "options NFSD" was not specified for the kernel. This patch adds a new rc variable nfs_server_maxio, which sets vfs.nfsd.srvmaxio at the correct time. rc.conf.5 will be patched separately. Reviewed by: 0mp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D32997cgit |
|
| d677d4be | imp | Nov. 16, 2021, 11:23 p.m. | Skip -flto for all MIPS ports
There likely should be a macro for the ports that support lto, but I'm making sure that all the mips things build before decommissioning it and this is the only thing that's broken... Sponsored by: Netflixcgit |
|
| bf410c6e | mw | Nov. 16, 2021, 10:16 p.m. | Revert "bsdinstall: add knob to set ASLR sysctls"
This reverts commit 020f4112559ebf7e94665c9a69f89d21929ce82a. Because now ASLR is enabled by default for 64-bit architectures and the purpose of the installation menu is to allow choosing additional 'mitigation'/'hardening' options that are originally disabled, remove the ASLR knob from bsdinstall. Discussed with: emaste Obtained from: Semihalf Sponsored by: Stormshieldcgit |
|
| b014e0f1 | mw | Nov. 16, 2021, 10:16 p.m. | Enable ASLR by default for 64-bit executables
Address Space Layout Randomization (ASLR) is an exploit mitigation
technique implemented in the majority of modern operating systems.
It involves randomly positioning the base address of an executable
and the position of libraries, heap, and stack, in a process's address
space. Although over the years ASLR proved to not guarantee full OS
security on its own, this mechanism can make exploitation more difficult.
Tests on the tier 1 64-bit architectures demonstrated that the ASLR is
stable and does not result in noticeable performance degradation,
therefore it should be safe to enable this mechanism by default.
Moreover its effectiveness is increased for PIE (Position Independent
Executable) binaries. Thanks to commit 9a227a2fd642 ("Enable PIE by
default on 64-bit architectures"), building from src is not necessary
to have PIE binaries. It is enough to control usage of ASLR in the
OS solely by setting the appropriate sysctls.
This patch toggles the kernel settings to use address map randomization
for PIE & non-PIE 64-bit binaries. It also disables SBRK, in order
to allow utilization of the bss grow region for mappings. The latter
has no effect if ASLR is disabled, so apply it to all architectures.
As for the drawbacks, a consequence of using the ASLR is more
significant VM fragmentation, hence the issues may be encountered
in the systems with a limited address space in high memory consumption
cases, such as buildworld. As a result, although the tests on 32-bit
architectures with ASLR enabled were mostly on par with what was
observed on 64-bit ones, the defaults for the former are not changed
at this time. Also, for the sake of safety keep the feature disabled
for 32-bit executables on 64-bit machines, too.
The committed change affects the overall OS operation, so the
following should be taken into consideration:
* Address space fragmentation.
* A changed ABI due to modified layout of address space.
* More complicated debugging due to:
* Non-reproducible address space layout between runs.
* Some debuggers automatically disable ASLR for spawned processes,
making target's environment different between debug and
non-debug runs.
In order to confirm/rule-out the dependency of any encountered issue
on ASLR it is strongly advised to re-run the test with the feature
disabled - it can be done by setting the following sysctls
in the /etc/sysctl.conf file:
kern.elf64.aslr.enable=0
kern.elf64.aslr.pie_enable=0
Co-developed by: Dawid Gorecki <dgr@semihalf.com>
Reviewed by: emaste, kib
Obtained from: Semihalf
Sponsored by: Stormshield
MFC after: 1 month
Differential revision: https://reviews.freebsd.org/D27666
cgit
|