Fix vmd(8) pledge violation when opening /dev/null.
The "vmm" process responsible for vm process creation uses /dev/null
for std{in,out,err} if running daemonized. Where it was opening
/dev/null is no longer supported by its current set of pledges.
Instead of expanding pledge scope, open /dev/null early prior to
unveil(2) and reuse the same file descriptor if needed.
This resolves the pledge violation reported by Nikita Kandinov and
removes the need to call open(2) for every created vm.
ok deraadt@, bluhm@
unstub ttm_tt_swapout()
kettenis now sees this called in the amdgpu hibernate path with GC 11.0.1.
I've seen it called when running piglit on vega 10.
feedback and ok kettenis@, who had almost the same diff
openssl.1: remove mention of OPENSSL_EC_BIN_PT_COMP
The need for this compile time option enabling point compression for
binary curves despite patent issues has been removed in openssl 1.0.0
(released in 2010).
[It's really difficult to count the number of bad ideas in the above.]
plug a memory leak when detaching codel ifq disciplines on an interface.
fqcodel_alloc() takes (moves) ownership of memory allocated as part
of the pf queue code that sets up the queue discipline, but nothing
releases it when the discipline is removed from the interface. every
time you load a pf rulese that uses codel, it temporarily resets
an interface to priq before creating and attaching new codel
instances. this means every ruleset load would leak memory, to the
point where M_DEVBUF allocations exhaust the kernel map.
this has fqcodel_free() call fqcodel_pf_free to free the now unused
codel discipline.
found and fixed by lexi wilson
Fix a longstanding off-by-one error in hibernate unpack.
Last year, I made a commit to early-allocate the hibernate data structure
needed during actual hibernate instead of triyng to allocate it at the
time of 'ZZZ'. This change exposed an old bug that caused machines to
be unstable after unhibernate (typically manifesting in pool corruption
or other difficult to track down bugs).
The error was due to skipping a page of memory immediately adjacent to
the hibernate piglet during unpack, effectively leaving that page with
whatever content it had before image unpack started. If you got lucky, this
page wasn't in use and you didn't notice anything. But with the fix to do
early allocation, the chance that the page was in use increased, and
thus the bug was exposed.
Big thank you to Walter Alejandro Iglesias for tracking this down and
providing the diff/root cause.
[5 lines not shown]
Fix Tx performance on iwx(4) BZ devices.
BZ devices need to be told how long the MAC header is in the offload_assist
field of the Tx command, even if no offloading features are being used.
Found by chance while browsing iwlwifi driver git logs.
See linux.git commit af8bfc7e38a7ad4f8e1663de7ab1463e644050b2
When pledged, if a process receives a bad descriptor the receiver should
not be killed. The EPERM approach used for other conditions is good enough.
from deraadt@; Report from Henry Ford
this is errata/7.7/028_recvfd.patch.sig
When pledged, if a process receives a bad descriptor the receiver should
not be killed. The EPERM approach used for other conditions is good enough.
from deraadt@; Report from Henry Ford
this is errata/7.8/022_recvfd.patch.sig
Make iwx(4) only attach to BZ devices which have RF type GF (wifi 6e).
PCI vendor/product IDs can be shared between Intel wifi 6e and wifi 7 devices.
Wifi 7 devices need different firmware and probably a new driver.
Avoid matching them.
Bad match on a wifi 7 device reported by Jesper Wallin.
pfctl(8) parser must not ignore error from pfctl_optimize_ruleset().
Ignoring the error may cause pfctl(8) to load inconsistent ruleset
preventing pf(4) to enforce desired policy.
Issue reported and fix suggested by berts _from_ fastmail _dot_ com
'Looks good.' @deraadt
sync iwx(4) RX descriptor status field with firmware layout
Same change was made in iwlwifi about 6 years ago.
See linux.git commit e365e7de63e5b612d94fb433e38d9414de811f7d
This matters to us now that we started looking at Rx status bits
beyond 16 bits in order to check for duplicate subframes in A-MPDUs.
Found by Coverity (CID 1670294)
pointed out by and ok jsg@
Fix support for some older iwx(4) devices broken by changes for BZ support.
Keep hardware revision info sent to firmware intact for older devices.
BZ devices store parts of hardware revision information in a new place.
I accidentally changed the information sent to older devices, which broke
firmware loading on a subset of AX201/AX210 devices.
Reported to me by several people, thanks!
This fix is based on a patch by David Leadbeater.
xargs(1): bump posix spec to 2024
The spec now documents -0 and -r.
In addition, the spec notes that specifying both -0 and -E are mutually
exclusive, leaving the actual behavior unspecified.
ok deraadt@, guenther@ on the spec version bump
ok millert@ on documenting the interaction between -0 and -E
rfc3779 regress: add an actual range
This improves the test coverage of make_addressRange() where there is an
annoyance with unused bits in the RFC 3779 ASN.1 encoding versus trailing
ones in the network encoding that the X509v3_addr_add_range() API expects.
When pledged, if a process receives a bad descriptor the receiver should
not be killed. The EPERM approach used for other conditions is good enough.
Report from Henry Ford
this will be errata 7.8/022_recvfd.patch and 7.7/028_recvfd.patch
drm/sched: Fix kernel-doc warning for drm_sched_job_done()
From Yujie Liu
da09dfc90cb7ed1ab40d675234382f151eeb0563 in linux-6.18.y/6.18.17
61ded1083b264ff67ca8c2de822c66b6febaf9a8 in mainline linux
