pfctl(8): change default limiter action from no-match to block
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan at openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
sctp: improve compilation as module
When compiling SCTP as a module, don't compile sctp_crc32.c into
the module. This avoids code and variable duplication since
sctp_crc32.c is compiled into the kernel. In particular, the variable
system_base_info is not duplicated. This fixes the handling of the
statistic counters sctps_sendhwcrc and sctps_sendswcrc when using
sctp_delayed_cksum.
MFC after: 3 days
HBSD: Disable WITNESS' checking of vnode locks
FreeBSD relatively recently changed how vnode locking works in the
kernel. There are a few places that still need to be updated.
HardenedBSD's use of filesystem extended attributes seems to trip
WITNESS vnode lock checking when ZFS is used. This causes a kernel
panic, which is more likely to be triggered during a package build.
So, for now, let's disable the vnode lock checks. I plan to revisit this
when I have more available time.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
grep/tests: Fix up the zgrep executable path in a newly added test
Fixes: da5d94d29a5e ("Remove obsolete BUGS section from zgrep(1) man page, add test")
(cherry picked from commit 045112f148fa092c92ec53204708f638b226ff8f)
Remove obsolete BUGS section from zgrep(1) man page, add test
I forgot to check/update the man page with D54217. While here add
a test for multiple -e flags.
Reviewed by: markj
Approved by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54632
(cherry picked from commit da5d94d29a5ec29817476c39ae2b2ad1666c3f06)
libthr: add pthread_tryjoin_np()
Similar to the same glibc function.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54766
acpi: Fix not calling AcpiLeaveSleepState() in S3 path
When resuming from ACPI suspend, the ACPI_SS_SLP_PREP bit in slp_state
was being checked and subsequently unset when calling resumeclock().
This bit was also being checked for the AcpiLeaveSleepState() call in
the non-s2idle path, but having just been unset, it was never actually
being called.
Change this so that resumeclock() is always being called (since we never
goto breakout between suspendclock() and resumeclock() anyway) and
ACPI_SS_SLP_PREP is purely used for AcpiEnterSleepStatePrep() and
AcpiLeaveSleepState() in the non-s2idle paths.
PR: 292568
Reported by: Marek Zarychta
Reviewed by: olce
Tested by: Marek Zarychta
Approved by: olce
Fixes: 7669cbd0f064 (“acpi: Suspend-to-idle support (s2idle)”)
[2 lines not shown]
x86/local_apic.c: Properly calculate the number of LVT entries
First, the CMCI entry index is APIC_LVT_MAX, so it was excluded
unconditionall [1].
Second, the number of entries is reported by the version register, and
we must not access past the last reported entry.
Reported by: olivier [1]
Fixes: 11f954b021a1aadde1d03d40ed5d6b529e14da98
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54773
x86/local_apic.c: add lapic_maxlvt() helper
that calculates the max index of the present LVT entry from the value of
the LAPIC version register.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54773
sys: do not allow entering vm_fault() on boot until VM is initialized
On amd64, a hack sets td_critnest to 1 in hammer_time(), and then clear
it before returning from hammer_time(), which is too early. Instead,
set TDP_NOFAULTING for thread0, and clear the flag after vm_init() finished.
Noted by: adrian
Reviewed by: adrian (previous version), markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54768
iflib: null out freed mbuf in iflib_txsd_free
When adding the IFLIB_GET_MBUF/FLAGS, I neglected to NULL out the
mbuf in the descriptor ring. I didn't think this should matter as
the I thought this code was only used when the ring was about
to be freed. But I was wrong, and leaving a stale mbuf in there can
cause panics.
Reported by: Marek Zarychta (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292547)
Fixes: 14d93f612f26
Sponsored by: Netflix
symlink.7: add a new section "mount options"
Add a new section "mount options" to explain
the mount option nosymfollow in more details.
Differential Revision: https://reviews.freebsd.org/D54530