When the pagedaemon is triggered to create free memory, there may be
sleeping pmemrange allocations with multi-page alignment requirements
which can't be satisfied by the simplistic freeing of (solo) pages
which the pagedaemon performs. As we near starvation, fragmentation
is the main problem. Our free list could be large enough that the
pagedaemon sees no reason to do more work, but also too fragmented to
satisfy a pending allocation request with complex requirements
(imagine asking for 512K of physically linear memory which is DMA
reachable). When the requirement isn't satisfied, the pagedaemon is
told to try again, but again doesn't mean harder because it has no
mechanism to try harder. It's tracking variables do not show the
fragmentation problem. It spins a lot. Often this becomes a
deadlock.
Time to change strategy: Overshoot creation of (both) inactive and
free pages each time through the loop. After inspecting existing
variables, we generate minumum 128 inactive pages (which may be
dynamically drawn down asyncronously by accesses), and then try to
convert minumum 128 inactives into free pages (different pages
get freed different ways, including via swapcluster which has been
[7 lines not shown]
To support swapencrypt, the swapcluster code has a memory allocation codepath.
Since this is runs inside the pagedaemon that is unworkable. We'd like to
encrypt the pages inplace for IO, but there are architectures not ready for
a high-mem page to be written to a dma-restricted device (work in progress).
So for now we need to bounce through dma-reachable memory buffer. A previous
attempt had 1 extra bounce buffer, but then slept on allocation inside the
pagedaemon context which is also unworkable. This version contains 32
pre-allocated swapclusters (64K each), and through a counter signals to the
pagedaemon when it should stop trying to create memory. 32 swap clusters
is comfortably more than the minimum we expect the pagedaemon frantically
generate. This crummy solution is good enough until we the dma reach problem
is solved (soon)
ok kettenis kirill (who looked into other solutions) beck
Apparently we shouldn't touch the RTC immediately after restarting the
i8254 clock either when coming out of S3 suspend. So move the code
that checks whether the RTC alarm went off and clears it all the way to
the end of acpi_cpu_resume. This fixes a lockup seen on the x220.
Figured out by mlarkin@ who write the initial diff; I just tweaked it.
ok mlarkin@, deraadt@
sys/vfs_biomem: add missed atop() in buf_alloc_pages()
bufbackoff() operates in pages, but size at this call site was a byte
count; the old loop therefore asked for far too much backoff and
compared reclaimed pages against bytes.
On a low memory machine that made the NOWAIT retry path much less likely
to succeed, so the code dropped into the WAITOK allocation below and
slept.
Using atop() puts the units back in line; backoff can now satisfy the
intended request, and the subsequent NOWAIT retry again has a realistic
chance of success. The WAITOK path remains possible, but it should be
reached less often.
OK deraadt@, beck@
At the end of parsing the http response header do some sanity checks
to ensure that the response includes all needed data.
Right now only the presence of a Location header is checked if a HTTP
redirect was returned (e.g. a 301 status).
Different fix for a report from Daniel Anderson
OK tb@
In powerpc stacktrace_save(), start at correct return address
I got an empty trace. It was reading garbage as the 1st return
address and might have accidentally taken the "if (lr & 3) break;".
By using __builtin_return_address(0) and pointing to the correct
frame, I get a trace where #0 is the function calling
stacktrace_save().
fix how source and state limiters are wired into rbtrees inside pfctl.
i messed up when we added support for names on these things. the
id and names are each supposed to be unique, which is checked by
putting the one limiter into an rb tree based on their id and another
based on their name. unfortunately i used the same RBT_ENTRY fields
for both trees, which meant using both trees on the same limiter
corrupted the topology, which goes badly when you want to use
multiple limiters.
found by, tested, and ok dgl@ (who is not me, this is not a typo)
ok jmatthew@
Remove references to tag:kde3 and tag:kde4 as something that one
might find in the current ports tree. kde3/kde4 and their tags are
long gone.
Leave them in place for the historical section describing what
tags are used for in dpb/DPB_PROPERTIES
ok phessler
Error with EISDIR when calling open(2) with O_CREAT when the
last component of the path is an existing directory and O_DIRECTORY
is not specified.
This is required by recent versions of POSIX. We previously did
not return an error.
Flagged by Sortix os-test.
committing on behalf of daniel@, partly based on FreeBSD changes
ok guenther@ jsg@ deraadt@
EHLO must reset the transaction
RFC5321 §4.1.4 states that an EHLO command MAY be issued by a client
later in the session and, if it's acceptable, it MUST clear all buffers
and reset the state exactly as if a RSET command was issued.
discussed with / okay martijn@
error with EINVAL if open(2) is called with both O_CREAT and O_DIRECTORY
Before this change:
If no file or directory matching the last component of a path existed.
A regular file was created, an error was returned and errno set to ENOTDIR.
If a regular file matching the last component of a path existed,
an error was returned and errno set to ENOTDIR.
If a directory matching the last component of a path existed,
it was opened without error.
One possible reading of POSIX is that O_CREAT | O_DIRECTORY is a valid way
to get a file descriptor for an existing directory. In practice it isn't
used and the combination of O_CREAT and O_DIRECTORY has returned an error
on NetBSD since 2010 and Linux since 2023.
ok deraadt@ daniel@
Add support for the RK3528 variant. To make things easier to follow,
pull the hardware differences out into a per-variant structure containing
the different parameters we have to program.
tested on 3528 (radxa e20c), 3568 (nanopi r5s), 3588 (nanopi r6c)
feedback from kettenis@
ok kettenis@ dlg@
Respect DEBUG so we can build perl with debug symbols
Adding -DEBUGGING in CONFIGURE_ARGS activates debug code,
-DEBUGGING=-g passes -g in CFLAGS (only -g is supported),
and -DEBUGGING=both does... both. This is a bit confusing.
IMO DEBUG=-g should only add -g and disable executable stripping, but
not change the code that is built. So use -Doptimize which lets us pass
arbitrary compiler flags (eg -g3), just like DEBUG does in our system
Makefiles.
Hints and ok afresh1@
Fix NULL deref for malformed OAEP parameters in CMS decryption
This converts rsa_cms_decrypt() to use X509_ALGOR_get0() and fixes a
NULL deref when a parameter is (invalidly) omitted similar to the fix
in ec/ec_ameth.c r1.66 from a couple years back. There is currently
an XXX annotating a hairy leak due to trying to be smart and stealing
the parameters from the oaep object. Instead, just make a copy of the
label string and free it in the exit path.
The diff adds an error for labellen == 0 since that is an invalid
encoding of pSpecifiedEmpty (see RFC 8017) -- per the DER the default
must be omitted. This way we avoid a malloc(0) implementation-defined
behavior.
This minor issue was assigned CVE-2026-28390 by OpenSSL and was reported
by too many to list. The fix is my own. It is similar to OpenSSL's fix
only because I rewiewed theirs and suggested an improvement or two.
This is the last of the "security fixes" in today's OpenSSL release that
[4 lines not shown]
