upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-20 00:11:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
OPNsense - FreeBSD source
255441 commits 28 branches 220 tags 2.1 GiB
C 59.6%
C++ 26.7%
Roff 4.9%
Shell 2.8%
Assembly 1.7%
Other 3.8%
Find a file
Roger Pau Monné 4e4e43dc9e xen: allow limiting the amount of duplicated pending xenstore watches 
Xenstore watches received are queued in a list and processed in a
deferred thread. Such queuing was done without any checking, so a
guest could potentially trigger a resource starvation against the
FreeBSD kernel if such kernel is watching any user-controlled xenstore
path.

Allowing limiting the amount of pending events a watch can accumulate
to prevent a remote guest from triggering this resource starvation
issue.

For the PV device backends and frontends this limitation is only
applied to the other end /state node, which is limited to 1 pending
event, the rest of the watched paths can still have unlimited pending
watches because they are either local or controlled by a privileged
domain.

The xenstore user-space device gets special treatment as it's not
possible for the kernel to know whether the paths being watched by
user-space processes are controlled by a guest domain. For this reason
watches set by the xenstore user-space device are limited to 1000
pending events. Note this can be modified using the
max_pending_watch_events sysctl of the device.

This is XSA-349.

Sponsored by:	Citrix Systems R&D
MFC after:	3 days
2020-12-30 11:18:26 +01:00
.github/workflows GH Actions: Use pre-installed clang packages 2020-11-26 14:42:16 +00:00
bin Replace sscanf() by strtoul() 2020-12-27 22:32:22 +01:00
cddl dtrace: honor LC_NUMERIC for %'d and alike, and LC_TIME for %T 2020-12-03 11:59:40 +00:00
contrib contrib/tzdata: import tzdata 2020f 2020-12-30 12:50:26 +08:00
crypto Merge OpenSSL 1.1.1i. 2020-12-09 02:05:14 +00:00
etc build: remove the option to build gnugrep 2020-12-25 15:14:17 -06:00
gnu gnu: remove gnugrep and libgnuregex 2020-12-25 15:16:33 -06:00
include Add tcgetwinsize(3) and tcsetwinsize(3) to termios 2020-12-25 20:43:09 +02:00
kerberos5 Fix more -Wundef warnings during bootstrap 2020-10-14 12:28:54 +00:00
lib libcam(3): make cam_getccb(3) zero the whole ccb, not just the header 2020-12-29 14:26:06 +00:00
libexec rtld-elf: link libcompiler_rt on all architectures 2020-12-28 00:44:25 -08:00
release release.sh: Update GITROOT URL 2020-12-29 09:40:28 -05:00
rescue ping: add a ping6 hard link for backwards compatibility 2020-11-26 18:33:04 +00:00
sbin dump(8): clarify the recommended use of cache and snapshots 2020-12-28 21:56:58 +00:00
secure caroot: drop $FreeBSD$ expansion from root bundle 2020-12-27 21:47:41 -06:00
share Revert "uefi.8: mention boot1.efi" 2020-12-29 12:08:19 +08:00
stand libsa: xdrproc_t should return bool 2020-12-27 23:25:18 +02:00
sys xen: allow limiting the amount of duplicated pending xenstore watches 2020-12-30 11:18:26 +01:00
targets Add WITH_CLANG_FORMAT option 2020-06-24 17:03:42 +00:00
tests fusefs: fix the tests for a wider range of maxphys 2020-12-28 18:56:17 +00:00
tools Fix generation of colldef source files for non-UTF-8 locales 2020-12-30 04:40:27 +09:00
usr.bin bsdcat,cpio,tar: derive version string from archive.h 2020-12-29 14:21:50 -08:00
usr.sbin Update leap-seconds to leap-seconds.3676924800. 2020-12-29 22:01:46 -08:00
.arcconfig arcconfig: add callsign again 2020-11-23 04:39:29 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Update vendor/libarchive/dist to 227a4b9719a7fbeba6ba46e377ff7d953f405cd5 2020-12-28 00:06:27 +01:00
.clang-format clang-format: Avoid breaking after the opening paren of function definitions 2020-10-28 11:54:00 +00:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore Stop ignoring makeLINT generated files 2020-10-09 00:27:45 +00:00
COPYRIGHT Happy New Year 2020! 2019-12-31 16:01:36 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Add a pointer to csprng@ for the CSPRNG driver. This is enforced anyway by 2020-09-01 08:02:12 +00:00
Makefile Import tzdata 2020f 2020-12-30 12:45:24 +08:00
Makefile.inc1 Remove additional GDB leftovers missed in r368667 2020-12-15 18:12:03 +00:00
Makefile.libcompat Race in 32-bit fixed 2020-10-08 17:30:05 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc build: remove the option to build gnugrep 2020-12-25 15:14:17 -06:00
README Mark the repository has been converted to Git 2020-12-23 12:27:27 +08:00
README.md Mark the repository has been converted to Git 2020-12-23 12:27:27 +08:00
RELNOTES Add relnote for r368667, GDB 6.1.1 removal 2020-12-15 17:52:04 +00:00
UPDATING UPDATING: Announce git transition 2020-12-23 09:40:45 -07:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html