the BLKIF_OP_INDIRECT handling for 32-bit DomU running against 64-bit Dom0,
problem reported and fix tested by Manuel
make sure to use the provided indirect_op when reporting back errors
Summary of changes in tzdata2020a (2020-04-23 16:03:47 -0700):
Morocco resumes summer time on 2020-05-31, not 2020-05-24.
Canada's Yukon advanced to -07 year-round on 2020-03-08 (summer time
will not end this year)..
America/Nuuk renamed from America/Godthab (both names now exist).
threadpool-job-per-channel for the in-thread-context work that needs
to be done (which is rare).
On one of my test systems, this results in the total number of LWPs
after multi-user boot dropping from 116 to 78.
and first mbuf doesn't use external storage
most fragmented packets end up with first short mbuf containing
frame + protocol header only, and second mbuf containing the data;
m_defrag() previously always returned chain of at least two mbufs,
now it should actually return all data in single mbuf for typical
mbuf chain with length < MCLBYTES
*) Fixed segmentation fault in SSL_check_chain()
Server or client applications that call the SSL_check_chain() function
during or after a TLS 1.3 handshake may crash due to a NULL pointer
dereference as a result of incorrect handling of the
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid
or unrecognised signature algorithm is received from the peer. This could
be exploited by a malicious peer in a Denial of Service attack.
(CVE-2020-1967)
[Benjamin Kaduk]
*) Added AES consttime code for no-asm configurations
an optional constant time support for AES was added
when building openssl for no-asm.
Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
At this time this feature is by default disabled.
It will be enabled by default in 3.0.
[Bernd Edlinger]
sized mechanism that was too complex.
This fixes a race between USER_LDT and SVS: during context switches, the
way SVS installs the new ldt relies on the ldt pointer AND the ldt size,
but both cannot be accessed atomically at the same time.
Compensate for that by adding an explicit test to a command so
-e will not kill the shell when the command (expectedly) fails.
Previously this was saved by /bin/sh disabling -e in command subs.
1.44:
Fix typo which could lead into a double free
1.43:
Commands that create objects return a 24 bit object ID, so mask off the
high 8 bits of the value we extract, in case the firmware leaves junk there.
Hrvoje Popovski has seen this with newer firmware on a ConnectX 5 card,
which now works properly.
1.42:
Increase the completion queue size to prevent overflow. Under reasonably
unlikely circumstances - lots of single-fragment packets being sent, a
significant number of packets being received, while the interrupt handler
was unable to process the completion queue - the completion queue could
overflow, which would result in the interface locking up.
1.41:
Check if we've reached the end of the current mailbox before writing past
the end of it, rather than after. Now we can actually allocate queues
big enough to need multiple mailboxes.
1.40:
Don't call mcx_intr() from mcx_cmdq_poll(); this was a leftover from early
development that I forgot about, but turns out to be a potential race with
the actual interrupt handler.
1.39:
fix previous: use the correct offset for sq/rq creation, and don't
reset the mbox counter to 0 after calculating it.
1.38:
Add a helper function for writing physical addresses for queues into
command queue mailboxes, and use this for all queue setup commands.
Previously we just assumed the addresses would fit in the first mailbox,
which is currently true but may not be for much longer.
1.37:
(skipped)
1.36:
The event queue consumer counter also needs to be unsigned like the others.
1.35:
try to make if_baudrate look plausible.
this updates the eth proto capability map so it records the baudrate
against the different link types and their media, and then reads
it when the link state changes.
1.34:
(skipped)
this avoids a rwlock while spinlock held problem likely introduced
with MII locking rework, as fetching a property takes an rwlock,
and prior to the rework, only kernel lock would have been held.
ok skrll@.
