Remove bug compatibility for implementations that don't support
rekeying. AFAIK this is only an ancient Sun SSH version.
If such an implementation tries to interoperate with OpenSSH, it
will eventually fail when the transport needs rekeying.
This is probably long enough to use it to download a modern SSH
implementation that lacks this problem :)
ok markus@ deraadt@
Enforce maximum packet/block limit during pre-authentication phase
OpenSSH doesn't support rekeying before authentication completes to
minimise pre-auth attack surface.
Given LoginGraceTime, MaxAuthTries and strict KEX, it would be
difficult to send enough data or packets before authentication
completes to reach a point where rekeying is required, but we'd
prefer it to be completely impossible.
So this applies the default volume/packet rekeying limits to the
pre-auth phase. If these limits are exceeded the connection will
simply be closed.
ok dtucker markus
Remove __deprecated definition from OpenZFS compiler.h
Since it is now provided by <sys/cdefs.h>.
Direct commit to stable/13, since OpenZFS compiler.h has been
substantially changed in newer branches.
cdefs: Add __deprecated
Add __deprecated decorator. This is for a deprecated interface. copystr
is tagged with this today in copy(9), but don't actually provide it or
use it. copystr is a #define so adding it will have to wait.
LinuxKPI was defining this away completely in compiler.h. Since this is
shared between Linux KPI consumers and OpenZFS, if it's already defined,
use the FreeBSD sys/cdefs.h version, otherwise define it away. For
OpenZFS this will retain it, while for Linux KPI it will tend to drop it
(I think always, but I didn't look at everything).
Sponsored by: Netflix
Reviewed by: jhb, emaste
Differential Revision: https://reviews.freebsd.org/D46137
(cherry picked from commit 16672453f12586703f1c51d909bd1900691bf884)
cdefs: Add __deprecated1 which accepts a message as an argument
This message will be included in any warning issued by the compiler
for use of the deprecated function.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D47701
(cherry picked from commit 6da04bcff9efedeae7d4046553002b9e3b2bc24f)
sys/cdefs.h: add __noexcept and __noexcept_if
These macros provide the C++11 noexcept and noexcept(...) keywords if
we're compiling in a C++11 environment. Otherwise, they expand to an
empty string.
This will be used to add the required noexcept specifier to several libc
functions as required in C++11.
MFC after: 2 weeks
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1085
(cherry picked from commit 02b0d4b688cc4deb14cb6e7534a2a4958e48b753)
Serialize concurrent access to command queues with a mutex. Fixes
corruption visible on the Orion O6 with multiple devices and after
the secondary cores spun up. Command queue handling/synchronization
can probably the improved further.
We reserve regions in the IOVA map to ensure that we don't accidentally
hand out addresses to the device that terminate in other places, e.g PCI
BARs. The IOVA address space, and thus its extent, can be smaller than
real physical address space, in which those PCI BARs are. As the extent
susbsystem greets us with a panic if we attempt to allocate outside its
coverage, ensure that we skip or clamp those. This was visible on mpi@'s
Ampere Altra with SMMUv3 turned on.
