AS0 TALs represent unmitigated operational risks: what if the RIR by
accident marks some IP space as 'unassigned'?
APNIC notes in their limitation of liability statement:
"""
Depending on router configuration, errors in the AS0 ROA could
cause unintended interruption to routing with other networks.
For this reason, it is strongly recommended that the AS0 ROA is
used for advisory and/ or alerting purposes only, and not for
automatic filtering of BGP routes.
"""
https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/
Guard usage of AS0 TALs behind new '-0' option
OK deraadt@ tb@
Reports the % of the available UPS power drawed by output outlets.
tested by sthen@, matthieu@ and Walter Alejandro Iglesias
ok sthen@ as part of a larger diff
Like most of the "group" methods these are shared between Montgomery
curves and simple curves. There's no point in five methods hanging off
the EC_METHODS struct whne they can just as well be inlined in the
public API. It makes all files involved shorter...
ok jsing
Jabra PanaCast 20 needs uvideo_vs_negotiation between usbd_set_interface
and usbd_open_pipe, otherwise it doesn't work with error:
ioctl VIDIOC_DQBUF: Invalid argument
OK mglocker@
While there likely won't be enough BNs already available in the ctx, and
thus it won't greatly reduce the amount of allocated BNs, it simplifies
the exit path quite a bit.
review feedback from jsing
It is unclear how the original code was supposed to work. It clearly
missed a few corner cases (like handling points at infinity correctly)
and the badly mangled comment that was supposed to display a binary
search tree didn't help at all.
Instead do something much more straightforward: multiply all the non-zero
Z coordinates of the points not at infinity together, keeping track of the
intermediate products. Then do a single expensive modular inversion before
working backwards to compute all the inverses. Then the transformation from
Jacobian coordinates to affine coordiantes (x, y, z) -> (x/z^2, y/z^3, 1)
becomes cheap. A little bit of care has to be taken for Montgomery curves
but that's very simple compared to the mess that was there before.
ok jsing
This is a cleaned up version of:
commit 0fe73d6c3641cb175871463bdddbbea3ee0b62ae
Author: Bodo Moeller <bodo@openssl.org>
Date: Fri Aug 1 17:18:14 2014 +0200
Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
In the unlikely event that we should ever decide to implement this after
a quarter century of not needing it, we can readily put this back. Until
then this is dead weight.
prompted by a question by djm
ok jsing
is for pool when selecting a random address from the pools, and tweak
the code for easier understanding. Also, check whether the left
value of an address range configuration is smaller than the right
value.
turns out the __thrsleep and __thrwakeup syscalls largely coordinate
using a single lock per process. if you have heavily threaded code
building locks in userland out of thrsleep, this kernel lock gets
hammered. this is true even if userland thinks it's operating on
separate locks, it all ends up serialised in the kernel. this reduces
the throughput of these heavily threaded programs.
the big change is hashing thrsleep waiters into an different
locks/lists based on their "id" to try and avoid all locks in a
process contending on a single lock. the hash is shared by all
processes though.
the change also avoids having a waiter re-take the lock to avoid
contention on the thrwakeup code which is currently holding the lock.
__thrsleep and __thrwakeup seem to be largely unused these days,
except by go. go still uses it as a backend to it's locks, and also
creates a lot of threads which end up contending on the lock. these
changes provide an improvement for go programs.
the contention was pointed out by nick owens
jsing@ and nick owens did a bit of testing
In pte_insert(), if both the primary page table entry group and the
secondary pteg are full, then we delete an old pte and replace it with
the new pte. We might have set "idx" wrong and inserted the new pte
into the wrong pteg (with the wrong PTE_HID bit). This problem almost
never happened; it is rare for both ptegs to be full.
When the loop "for (try = 0; try < 16; try++)" looks for a slot for
the new pte, set "idx" to the new pte's primary pteg. Put it in the
primary pteg "idx" or secondary pteg "idx ^ pmap_ptab_mask". When we
delete the old pte, set "idx" to the old pte's primary pteg.
Eric Gosse reported a bug where the kernel crashed on an unexpected
fault. I suspect that a pte fell into the wrong "idx" and got lost.
ok kettenis@
Wired faults are always "narrow". That means the fault handler do not try to
fault neighbor pages ahead. So do not propagate the `flt->wired' attribute to
the corresponding pmap_enter(9) calls and instead assert that it is false
whenever neighbor pages are entered in a memory space.
ok tb@
