Remove bug compatibility for implementations that don't support
rekeying. AFAIK this is only an ancient Sun SSH version.
If such an implementation tries to interoperate with OpenSSH, it
will eventually fail when the transport needs rekeying.
This is probably long enough to use it to download a modern SSH
implementation that lacks this problem :)
ok markus@ deraadt@
Enforce maximum packet/block limit during pre-authentication phase
OpenSSH doesn't support rekeying before authentication completes to
minimise pre-auth attack surface.
Given LoginGraceTime, MaxAuthTries and strict KEX, it would be
difficult to send enough data or packets before authentication
completes to reach a point where rekeying is required, but we'd
prefer it to be completely impossible.
So this applies the default volume/packet rekeying limits to the
pre-auth phase. If these limits are exceeded the connection will
simply be closed.
ok dtucker markus
Serialize concurrent access to command queues with a mutex. Fixes
corruption visible on the Orion O6 with multiple devices and after
the secondary cores spun up. Command queue handling/synchronization
can probably the improved further.
We reserve regions in the IOVA map to ensure that we don't accidentally
hand out addresses to the device that terminate in other places, e.g PCI
BARs. The IOVA address space, and thus its extent, can be smaller than
real physical address space, in which those PCI BARs are. As the extent
susbsystem greets us with a panic if we attempt to allocate outside its
coverage, ensure that we skip or clamp those. This was visible on mpi@'s
Ampere Altra with SMMUv3 turned on.
Purge the ifq if the link is down. This aligns the behaviour with other
drivers, like em(4). This fixes an issue where dwqe(4), e.g. on a veb(4),
doesn't recover when the link is done but packets are bridged, filling up
the ifq.
ok dlg@
Ampere Altra ACPI IORT table does not define SPIs for the different IRQ
types. Instead I assume we'll have to make use of MSIs, which I'll yet
have to implement.
It's not much of a problem though because these interrupts are mostly used
in case something goes wrong, e.g. due to an invalid access; if everything
is working fine, we don't need interrupts right now.
Unfortunately though we bailed out at an unfortunate moment: After we had
already initialized the SMMU to intercept, but before the driver is hooked
up as IOMMU, thus not mapping anything but the SMMU enforcing boundaries.
For now we can simply log that the interrupts are not there and proceed.
Note that SMMU on ACPI isn't enabled by default yet anyway.
If SMMUv3's COHACC override flag is set in the IORT, we can force the SMMU's
DMA tag to be coherent. This tag is used for its command and event queues.
Reclaim ownership of the page when retrying flushing it synchronously.
Note that IOs in uvn_put() are always synchronous and the !PGO_SYNCIO case
doesn't really make sense.
Prevent a panic found by sthen@ and landry@
Fix super-speed enablement by initializing the controller properly and
then enabling USB3 support on the controller (instead of disabling it
like we do right now). This makes my umass(4) come up as super-speed
instead of high-speed.
ok kettenis@
Introduce a rib entry queue used to split the processing of UPDATES into
two steps.
One of the biggest latency inducing bottlenecks in bgpd is that UPDATE
messages are processed to completion. Updating the Adj-Rib-Out is a
loop over all peers and is therefor super heavy. By taking this part
of the pipeline into its own step we can drop the latency inside the
main poll loop by a lot.
Introduce a per-peer update queue that enqueues the rib entries after
the decision process and then handles those one by one. This also has
a benefit that a single peer can not monopolize the processing in bgpd.
So a single flapping peer should result in far less noticeable delays
on all other UPDATES from other peers.
For now disable the "addpath send all" optimisation since for that
an extra queue of updates needs to be kept. Instead just use the regular
addpath codepath that is less optimised but produces the same results.
With and OK tb@
Some USB devices have a iManufacturer property that is just a single space.
Handle this (and substitute the vendor name from usbdevs) by checking the
length of the string after trimming spaces.
ok jsg@
Add D-Max as a USB vendor. Seems the company doesn't exist anymore, but
it is still listed in the official USB vendors list and it is unclear what
company is currently using the vendor ID in question.
ok jsg@
Ignore whitespace-only or whitespace-then-comment lines from -f sysctl.conf
" " or " # comment" would be parsed as variable name rather than skipped.
Found and fixed by "Alf" on bugs@, thanks.
New regress/sbin/sysctl spc and spc-com targets now pass with this.
"looks good" deraadt
