tb [Tue, 15 Mar 2022 15:52:39 +0000 (15:52 +0000)]
Fix infinite loop in BN_mod_sqrt()
A bug in the implementation of the Tonelli-Shanks algorithm can lead to
an infinite loop. This loop can be hit in various ways, in particular on
decompressing an elliptic curve public key via EC_POINT_oct2point() - to
do this, one must solve y^2 = x^3 + ax + b for y, given x.
If a certificate uses explicit encoding for elliptic curve parameters,
this operation needs to be done during certificate verification, leading
to a DoS. In particular, everything dealing with untrusted certificates
is affected, notably TLS servers explicitly configured to request
client certificates (httpd, smtpd, various VPN implementations, ...).
Ordinary TLS servers do not consume untrusted certificates.
The problem is that we cannot assume that x^3 + ax + b is actually a
square on untrusted input and neither can we assume that the modulus
p is a prime. Ensuring that p is a prime is too expensive (it would
likely itself lead to a DoS). To avoid the infinite loop, fix the logic
to be more resilient and explicitly limit the number of iterations that
can be done. The bug is such that the infinite loop can also be hit for
primes = 3 (mod 4) but fortunately that case is optimized earlier.
It's also worth noting that there is a size bound on the field size
enforced via OPENSSL_ECC_MAX_FIELD_BITS (= 661), which help mitigate
further DoS vectors in presence of this fix.
Reported by Tavis Ormandy and David Benjamin, Google
Patch based on the fixes by David Benjamin and Tomas Mraz, OpenSSL
ok beck inoguchi
espie [Tue, 15 Mar 2022 14:53:53 +0000 (14:53 +0000)]
document noconfigurejunk, assuming it works as expected
claudio [Tue, 15 Mar 2022 14:39:34 +0000 (14:39 +0000)]
Refactor prefix_adjout_update(). Move the new prefix logic up and
then just fall through the update path. This is more in line with
prefix_update() and will make further work simpler.
OK tb@
tobhe [Tue, 15 Mar 2022 13:07:33 +0000 (13:07 +0000)]
Fix build after recent IKEv2 message fragment retransmit change.
Found by anton@
sthen [Tue, 15 Mar 2022 13:00:30 +0000 (13:00 +0000)]
sync
jan [Tue, 15 Mar 2022 11:22:10 +0000 (11:22 +0000)]
Enable IP header checksum offloading in ix(4).
ok jmatthew@
claudio [Tue, 15 Mar 2022 11:16:25 +0000 (11:16 +0000)]
Add a test for expanding macros in large-community strings.
claudio [Tue, 15 Mar 2022 11:13:48 +0000 (11:13 +0000)]
Change how $macros are expanded in the config.
Expand $macros not only at the start of a yacc token but also inside STRING
elements. STRING elements are used e.g. for community specifications and
it makes sense to allow $FOO:$BAR to correctly expand. There is no expansion
of macros in quoted strings (both single and double quotes).
Factor out the macro expand logic and with this introduce its own lookup
buffer for the macro name. For expansion to work inside STRING the char
after the makro name must be a character not allowed in macro names (not
alpha-numerical or '_').
Add extra checks to set variables. Mainly restrict length of the name and
also make sure it does not include not allowed characters.
OK tb@
stsp [Tue, 15 Mar 2022 09:23:01 +0000 (09:23 +0000)]
Fix Tx rate used by rtwn(4) and urtwn(4) for RTS frames.
Using ni_txrate for RTS is a bad choice since it could go up to 54 Mbit/s.
The AP needs to receive our RTS frame reliably. Usually, 1 Mbit/s is used
for RTS, but this hurts throughput and does not really make sense on today's
wifi networks.
Use 1 Mbit/s in 11b mode, and otherwise use 24 Mbit/s, as damien@
already hard-coded in urtwn long ago.
ok kevlo@
stsp [Tue, 15 Mar 2022 09:22:56 +0000 (09:22 +0000)]
Fix Tx rate used by rtwn(4) and urtwn(4) for RTS frames.
Using ni_txrate for RTS is a bad choice since it could go up to 54 Mbit/s.
The AP needs to receive our RTS frame reliably. Usually, 1 Mbit/s is used
for RTS, but this hurts throughput and does not really make sense on today's
wifi networks.
Use 1 Mbit/s in 11b mode, and otherwise use 24 Mbit/s, as damien@
already hard-coded in urtwn long ago.
ok kevlo@
jsg [Tue, 15 Mar 2022 08:15:23 +0000 (08:15 +0000)]
remove if_vxlan.h unused after if_vxlan.c rev 1.84
ok kevlo@ claudio@
espie [Tue, 15 Mar 2022 08:12:53 +0000 (08:12 +0000)]
if we pass exact pkg args, just check that their files are there instead
of the full pkgtree, useful for debug
ratchov [Tue, 15 Mar 2022 05:53:37 +0000 (05:53 +0000)]
Fix crash caused by confusion between requested device and last used one
Found by and ok semarie@
djm [Tue, 15 Mar 2022 05:27:37 +0000 (05:27 +0000)]
improve DEBUG_CHANNEL_POLL debugging message
jmatthew [Tue, 15 Mar 2022 02:07:21 +0000 (02:07 +0000)]
Enable checksum offloads. The nic does all the work here, so we don't
need to calculate header offsets for it.
ok dlg@
dlg [Mon, 14 Mar 2022 23:41:42 +0000 (23:41 +0000)]
unload the dmamap in bnxt_dmamem_free.
this is technically not necessary, but it makes it feel symmetrical
with bnxt_dmamem_alloc which loads it.
ok jmatthew@
tb [Mon, 14 Mar 2022 22:38:43 +0000 (22:38 +0000)]
Unbreak the tree, revert commitid aZ8fm4iaUnTCc0ul
This reverts the commit protecting the list and hashes in the PCB tables
with a mutex since the build of sysctl(8) breaks, as found by kettenis.
ok sthen
solene [Mon, 14 Mar 2022 21:52:08 +0000 (21:52 +0000)]
add -k flag to gzip and gunzip
When using this flag, the input file is kept after
compression or decompression, this makes our gzip
more compatible with the other gzip
changes reworked by jca@, thanks
ok jca@ millert@
tb [Mon, 14 Mar 2022 21:30:48 +0000 (21:30 +0000)]
Add a few regress test cases for name constraints.
From Alex Wilson
tb [Mon, 14 Mar 2022 21:29:46 +0000 (21:29 +0000)]
Allow constraints of the form @domain.com
Some things issue and expect that we support a non-standard extension of
accepting any email address from a host by prefixing an email name
constraint with @. This used to be the case with the old code as well.
Pointed out and based on a diff by Alex Wilson.
ok jsing
tb [Mon, 14 Mar 2022 21:15:49 +0000 (21:15 +0000)]
Rework ownership handling in x509_constraints_validate()
Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.
ok jsing
miod [Mon, 14 Mar 2022 20:07:57 +0000 (20:07 +0000)]
There is no objectionable-C compiler in the comp set anymore.
kettenis [Mon, 14 Mar 2022 19:09:32 +0000 (19:09 +0000)]
The current FDT code we use in the bootloader is buggy and will write into
memory beyond the actual FDT data structure when adding information to the
device tree. This is especially problematic on ACPI systems where we add
lots of information to the device tree based on ACPI tables. Fix the FDT
code to never write beyond the end of the data structure and panic if we
run out of free space. Raise the amount of free space frm 4K to 16K for
the proto-FDT we use on ACPI systems. Bump the version number of the
arm64 bootloader.
ok visa@, patrick@
bluhm [Mon, 14 Mar 2022 17:23:00 +0000 (17:23 +0000)]
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To
run pf in parallel, make parts of the stack MP safe. Protect the
list and hashes in the PCB tables with a mutex.
Note that the protocol notify functions may call pf via tcp_output().
As the pf lock is a sleeping rw_lock, we must not hold a mutex. To
solve this for now, collect these PCBs in inp_notify list and protect
it with exclusive netlock.
OK sashan@
krw [Mon, 14 Mar 2022 17:11:44 +0000 (17:11 +0000)]
Abstract duplicated code scanning gpt_types[] into a helper
function find_gpt_type().
Use find_gpt_type() to simplify the functions obtaining
information from gpt_types[]. Add not yet used
PRT_uuid_to_protection() to allow simplification of GPT partition
protection code..
No intentional functional change.
jsing [Mon, 14 Mar 2022 16:49:35 +0000 (16:49 +0000)]
Factor out unexpected handshake message handling code in the legacy stack.
The TLS record layer has to be able to handle unexpected handshake messages
that result when it has been asked to read application data. The way that
this is currently done in the legacy stack is a layering violation - the
record layer knows about DTLS/TLS handshake messages, parsing them and then
deciding what action to take. This is further complicated by the need to
handle handshake message fragments.
For now, factor this code out with minimal changes - since it is a layering
violation we have to retain separate code for DTLS and TLS.
ok beck@ inoguchi@ tb@
jsing [Mon, 14 Mar 2022 16:35:45 +0000 (16:35 +0000)]
Factor out ASN1_STRING clearing code.
This fixes a bug in ASN1_STRING_set0() where it does not respect the
ASN1_STRING_FLAG_NDEF flag and potentially frees memory that we do not own.
ok inguchi@ tb@
jsing [Mon, 14 Mar 2022 16:23:29 +0000 (16:23 +0000)]
First pass clean up of ASN1_STRING code.
Use consistent variable names (astr/src) rather than 'a', 'bs', 'str', 'v'
or 'x', add some whitespace and remove some unneeded parentheses.
ok inoguchi@ tb@
stsp [Mon, 14 Mar 2022 15:17:17 +0000 (15:17 +0000)]
update iwx(4) man page CAVEATS section in light of 11ac support
stsp [Mon, 14 Mar 2022 15:08:50 +0000 (15:08 +0000)]
Add initial support for 802.11ac (VHT) to the iwx(4) driver.
This makes it possible to use 80MHz channels and VHT-specific MCS.
Other 11ac features remain disabled for now.
Tested:
ax200: Matthias Schmidt, phessler, dv, kevlo, Joel Carnat, hrvoje, jmc, stsp
ax201: mlarkin, stsp
iwm (regression testing): stsp
stsp [Mon, 14 Mar 2022 15:07:24 +0000 (15:07 +0000)]
Add initial 802.11ac (VHT) support to net80211.
Add VHT capability and operation IE definitions to ieee80211.h.
Introduce channel flags to identify 80MHz and 160MHz capable channels.
Parse VHT IEs in beacons, announce the driver's VHT capabilities in
probe requests and assoc requests, and hop into 11ac mode after
association to the AP if possible.
Enable VHT by default if the driver announces support for it.
ok claudio@
stsp [Mon, 14 Mar 2022 15:06:04 +0000 (15:06 +0000)]
sync ieee80211 channel flags over to radiotap
krw [Mon, 14 Mar 2022 14:31:23 +0000 (14:31 +0000)]
And the prototype too.
krw [Mon, 14 Mar 2022 14:28:58 +0000 (14:28 +0000)]
PRT_uuid_to_typename() can return const char *.
krw [Mon, 14 Mar 2022 14:22:32 +0000 (14:22 +0000)]
Nuke extraneous blank line.
stsp [Mon, 14 Mar 2022 14:15:33 +0000 (14:15 +0000)]
Fix Tx performance on urtwn(4) RTL8192EU devices.
The "driver rate" bit which tells firmware to use the driver-provided
Tx rate is in a different spot of Tx descriptor double word 3.
Fix the corresponding macro definition.
The device was sending all frames at CCK1 because of this bug, regardless
of the Tx rate the driver had chosen.
tcpbench before:
Conn: 1 Mbps: 0.808 Peak Mbps: 1.108 Avg Mbps: 0.808
tcpbench with fix:
Conn: 1 Mbps: 21.078 Peak Mbps: 21.078 Avg Mbps: 21.078
ok jmatthew@
kettenis [Mon, 14 Mar 2022 13:08:32 +0000 (13:08 +0000)]
Make sure the apldart(4) implementation of bus_dmamap_destroy(9) does the
equivalent of bus_dmamap_unload(9) if active mappings exist. This fixes
the kerenal panics seen with bringing bwfm(4) down and up again.
ok jsg@, patrick@
tobhe [Mon, 14 Mar 2022 12:58:55 +0000 (12:58 +0000)]
Improve retransmission of message fragments. RFC 7383 states that loss of
a single fragment results in a retransmit of all fragments belonging
to the same message. Instead of treating each fragment as message with
seperate retransmit timer, keep only a single timer for all fragments of
a message and retransmit all fragments in order on timeout.
Improves reliability in case of packet loss when fragmentation is enabled.
Found by and diff from Daniel Herzinger
ok patrick@
sthen [Mon, 14 Mar 2022 10:58:35 +0000 (10:58 +0000)]
minor lint fixes
sthen [Mon, 14 Mar 2022 10:56:55 +0000 (10:56 +0000)]
document changes to MODPERL_REGEN_PPPORT
bluhm [Mon, 14 Mar 2022 00:51:27 +0000 (00:51 +0000)]
Increase timeout to make test pass on sparc64.
cheloha [Sun, 13 Mar 2022 23:27:54 +0000 (23:27 +0000)]
ssh: xstrdup(): use memcpy(3)
Copying the given string into the buffer with strlcpy(3) confers no
benefit in this context because we have already determined the
string's length with strlen(3) in order to allocate that buffer.
Thread: https://marc.info/?l=openbsd-tech&m=
164687525802691&w=2
ok dtucker@ millert@
bluhm [Sun, 13 Mar 2022 22:16:59 +0000 (22:16 +0000)]
Document membar_enter_after_atomic and membar_exit_before_atomic.
OK kettenis@
bluhm [Sun, 13 Mar 2022 21:38:32 +0000 (21:38 +0000)]
Hrvoje has hit a crash with IPsec acquire while testing the parallel
IP forwarding diff. Add mutex and refcount to make memory management
of struct ipsec_acquire MP safe.
testing Hrvoje Popovski; input sashan@; OK mvs@
kettenis [Sun, 13 Mar 2022 21:17:52 +0000 (21:17 +0000)]
Revert previous commit. It breaks the serial console on my rpi4.
tb [Sun, 13 Mar 2022 17:23:02 +0000 (17:23 +0000)]
Relax the check of x509_constraints_dirname()
The dirname constraint must be a prefix in DER format, so relax the
check from requiring equal-length strings to allow shorter names also.
From Alex Wilson
ok jsing
tb [Sun, 13 Mar 2022 17:08:04 +0000 (17:08 +0000)]
Add x509_constraints_validate() to x509_internal.h
From Alex Wilson
ok jsing
tb [Sun, 13 Mar 2022 16:48:49 +0000 (16:48 +0000)]
Check name constraints using the proper API
The previous versions were too strict and disallowed leading dots.
From Alex Wilson
ok jsing
tb [Sun, 13 Mar 2022 16:30:31 +0000 (16:30 +0000)]
style tweak
tb [Sun, 13 Mar 2022 16:25:58 +0000 (16:25 +0000)]
Add missing error check after strdup()
From Alex Wilson
ok jsing
florian [Sun, 13 Mar 2022 15:14:01 +0000 (15:14 +0000)]
parse_packet() is used by unbound to parse response packets, not
queries. There is no need to do all this work just to get access to
the query id and flags.
OK bket, sthen
jsing [Sun, 13 Mar 2022 14:58:14 +0000 (14:58 +0000)]
Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i().
The constructed ASN.1 handling in asn1_d2i_ex_primitive() and asn1_ex_c2i()
currently has code to potentially avoid a malloc/memcpy - this is a less
common code path and it introduces a bunch of complexity for minimal gain.
In particular, we're manually adding a trailing NUL when ASN1_STRING_set()
would already do that for us, plus we currently manually free() the data on
an ASN1_STRING, rather than using freezero().
ok inoguchi@ tb@
espie [Sun, 13 Mar 2022 14:39:56 +0000 (14:39 +0000)]
better without warnings
kettenis [Sun, 13 Mar 2022 14:33:46 +0000 (14:33 +0000)]
Now that fdisk(8) retains the EFI System Partition on Apple systems, skip
formatting the partition such that its contents actually survive.
ok krw@
espie [Sun, 13 Mar 2022 13:42:04 +0000 (13:42 +0000)]
show the realname in verbose mode for tieing.
if we're "fixing" a partial-* package, we want to see exactly what filename
we're tieing up to, concretely, not the "theoretic" filename
mpi [Sun, 13 Mar 2022 13:34:54 +0000 (13:34 +0000)]
Constify struct cfattach.
ok miod@
espie [Sun, 13 Mar 2022 13:28:09 +0000 (13:28 +0000)]
make those checks less chatty... once the file is not there, we don't need
to say anything more
krw [Sun, 13 Mar 2022 12:57:29 +0000 (12:57 +0000)]
Missing 'or'.
Pointed out by jmc@
mpi [Sun, 13 Mar 2022 12:33:01 +0000 (12:33 +0000)]
Constify struct cfattach.
ok miod@
jmatthew [Sun, 13 Mar 2022 10:13:54 +0000 (10:13 +0000)]
Enable vlan promisc and header stripping, and use vlan rx/tx offloads.
The vlan tx information takes up an extra slot on the tx ring, so this
affects the point at which we stop putting packets on the ring too.
ok dlg@
mpi [Sun, 13 Mar 2022 08:04:38 +0000 (08:04 +0000)]
Constify struct cfattach.
ok miod@
mpi [Sun, 13 Mar 2022 08:04:13 +0000 (08:04 +0000)]
Constify struct cfattach.
ok miod@
jmatthew [Sat, 12 Mar 2022 23:54:53 +0000 (23:54 +0000)]
Transmit segmented packets using multiple tx ring slots rather than
defragging them first.
ok dlg@
mpi [Sat, 12 Mar 2022 14:40:41 +0000 (14:40 +0000)]
Constify struct cfattach.
ok patrick@
florian [Sat, 12 Mar 2022 14:35:29 +0000 (14:35 +0000)]
Probe for DNS64 presence with an absolute name so that asr doesn't add
search domains and retry.
jsing [Sat, 12 Mar 2022 12:53:03 +0000 (12:53 +0000)]
Factor out change cipher spec handing code in the legacy stack.
Factor out the code that handles the processing of a change cipher spec
message that has been read in the legacy stack, deduplicating code in the
DTLS stack.
ok inoguchi@ tb@
mpi [Sat, 12 Mar 2022 12:34:22 +0000 (12:34 +0000)]
Uncompress some one line comments to reduce the difference with NetBSD.
No functionnal change.
sthen [Sat, 12 Mar 2022 12:20:03 +0000 (12:20 +0000)]
document MODPERL_REGEN_PPPORT
kettenis [Sat, 12 Mar 2022 11:28:55 +0000 (11:28 +0000)]
Unfortunately some last-minute changes were made to the AIC2 device tree
bindings before it was accepted in Linux. But handling both the
preliminary and (hopefully) final bindings can be done in a fairly clean
way.
ok jsg@
mpi [Sat, 12 Mar 2022 08:11:07 +0000 (08:11 +0000)]
Revert holding a read lock on the map while copying out data during sysctl(2).
This introduced a lock ordering issue reported by naddy@, anton@ and syzkaller.
Reported-by: syzbot+739bb901045d9b193bde@syzkaller.appspotmail.com
jmatthew [Sat, 12 Mar 2022 06:54:05 +0000 (06:54 +0000)]
Constify struct cfattach, not struct cfdriver
krw [Fri, 11 Mar 2022 22:29:55 +0000 (22:29 +0000)]
Simple hack to preserve the EFI System partition when
auto-allocating the space on a disk whose GPT contains
any of the magic Apple partitions.
One step towards saving the firmware files on Apple
M1 machines when installing OpenBSD.
Tested & ok kettenis@
kettenis [Fri, 11 Mar 2022 19:24:19 +0000 (19:24 +0000)]
Hold a read lock on the map while copying out data during a sysctl(2) call
to prevent another thread from unmapping the memory and triggering
an assertion or even corrupting random physical memory pages.
This fix is similar to the change in uvm_glue.c rev. 1.74. However in this
case we need to be careful since some sysctl(2) calls look at the map of
the current process. In those cases we must not attempt to lock the map
again.
ok mpi@
Should fix:
Reported-by: syzbot+be89fe83d6c004fcb412@syzkaller.appspotmail.com
bluhm [Fri, 11 Mar 2022 19:02:15 +0000 (19:02 +0000)]
Declare membar_datadep_consumer() inline to fix build on sparc64.
mpi [Fri, 11 Mar 2022 18:00:45 +0000 (18:00 +0000)]
Constify struct cfattach.
visa [Fri, 11 Mar 2022 14:42:08 +0000 (14:42 +0000)]
Fix formatting of cond_signal().
jsg [Fri, 11 Mar 2022 12:44:58 +0000 (12:44 +0000)]
remove reference to gcu(4) which is only used by em(4) on Intel EP80579
jmatthew [Fri, 11 Mar 2022 12:14:17 +0000 (12:14 +0000)]
Fix receive filter handling. Update the unicast mac address in the filter
when bringing the interface up, so it's possible to change it with
ifconfig. Rearrange multicast handling so IFF_ALLMULTI is set correctly
and multicast ranges don't trigger promisc mode. Perhaps most importantly,
set RPF_MCAST_FILTER_EN to 0 when we don't want all multicast traffic -
we use mac address filters to receive specific multicast groups, and the
multicast filter is programmed to accept all multicast traffic.
based on a diff from Brad
ok dlg@
kn [Fri, 11 Mar 2022 12:01:22 +0000 (12:01 +0000)]
Fix wxneeded elf section name, use markup
OK espie
claudio [Fri, 11 Mar 2022 10:05:38 +0000 (10:05 +0000)]
Revert part of rev 1.293. Using cursig() to deliver masked signals
to the debugger can cause a loop between the debugger and cursig()
if the signal is masked. cursig() has no way to know which signal
was already delivered to the debugger and so it delivers the same
signal over and over again.
Instead handle traps to masked signals directly in trapsignal. This
is what rev 1.293 was mostly about. If SIGTRAP was masked by the
process breakpoints no longer worked since the signal deliver to
the debugger did not happen. Doing this case in trapsignal solves
both the problem with the loop and the delivery of masked traps.
Problem reported and fix tested by matthieu@
OK kettenis@ mpi@
claudio [Fri, 11 Mar 2022 09:57:54 +0000 (09:57 +0000)]
Fix overflow protection check in the poll loop. The check needs to happen
at the start of the loop and with i >= NPFDS.
Reported by Martin Vahlensieck (openbsd (at) academicsolutions.ch)
OK tb@
dtucker [Fri, 11 Mar 2022 09:04:59 +0000 (09:04 +0000)]
Revert previous commit. The problem it was attempting to fix was already
fixed by tb@ in rev 1.20. Spotted by tb@
jsg [Fri, 11 Mar 2022 08:29:21 +0000 (08:29 +0000)]
regen
jsg [Fri, 11 Mar 2022 08:28:40 +0000 (08:28 +0000)]
fix previous
dtucker [Fri, 11 Mar 2022 07:29:53 +0000 (07:29 +0000)]
Check for underflow as well as overflow when scaling negative numbers.
ok millert@
anton [Fri, 11 Mar 2022 06:45:22 +0000 (06:45 +0000)]
Enable PL011 UART FIF0 support in pluart(4). The FIFO depth depends on
the revision and ranges from 16 to 32 bytes.
Special treatment of Server Base System Architecture (SBSA) generic UART
devices is required as presence of the interrupt trigger level register
is not guaranteed. Therefore treat such devices of having a 1-byte FIFO.
With help from kettenis@ and ok visa@
jca [Thu, 10 Mar 2022 23:24:30 +0000 (23:24 +0000)]
Downgrade RISCV ABI mismatch error to a warning
This lets lld link code with object files created with ld -b binary,
as used by several ports (mupdf, postgresql-pllua, various games).
Upstream report with an unfinished diff: https://reviews.llvm.org/
D106378
ok kettenis@
bluhm [Thu, 10 Mar 2022 21:00:51 +0000 (21:00 +0000)]
KASSERT should not contain memory barriers as they change behavior.
Read the integer values without atomic operations.
OK kettenis@
bluhm [Thu, 10 Mar 2022 15:21:08 +0000 (15:21 +0000)]
Use atomic load and store functions to access refcnt and wait
variables. Although not necessary everywhere, using atomic functions
exclusively for variables marked as atomic is clearer.
OK mvs@ visa@
bluhm [Thu, 10 Mar 2022 15:19:01 +0000 (15:19 +0000)]
Forgot makefile for atomic_load_int.9 in previous commit.
bluhm [Thu, 10 Mar 2022 14:12:40 +0000 (14:12 +0000)]
Provide atomic load and store functions for int and long. FreeBSD
also uses these names. This implements a complete interface for
atomic operations, such functions can be used for every access.
They provide compiler barriers, but no CPU memory barriers. This
is consistent with our other atomic operations.
OK mvs@ visa@
jmatthew [Thu, 10 Mar 2022 11:35:13 +0000 (11:35 +0000)]
Invalidate the nic's rx descriptor cache when taking the interface up
or down, and turn off the global tx and rx enables when going down.
Without this, the nic can write to mbufs that were taken off the ring
when the interface was taken down, triggering mbuf cluster pool use
after free checks.
ok dlg@
mpi [Thu, 10 Mar 2022 10:46:56 +0000 (10:46 +0000)]
Do not clear the PG_BUSY flag before passing the anon to uvm_anon_release().
Should prevent a KASSERT() from tiggering when freeing an anon after swaping-out
its memory.
This code path has been broken since at least January 2021 and is apparently not
so easy to trigger.
Found the hard way by sthen@
ok kettenis@, kn@
hastings [Thu, 10 Mar 2022 10:30:10 +0000 (10:30 +0000)]
Add support for Sunrisepoint-H and Sunrisepoint-LP platforms.
Also mask unhandled interrupts like we do in amdgpio(4).
ok kettenis@, deraadt@
hastings [Thu, 10 Mar 2022 07:18:24 +0000 (07:18 +0000)]
Add mtw(4) to fw_update(8).
ok jsg@
hastings [Thu, 10 Mar 2022 07:12:13 +0000 (07:12 +0000)]
Inform fw_update(8) about mtw(4) pattern.
ok jsg@
tb [Thu, 10 Mar 2022 04:39:49 +0000 (04:39 +0000)]
Simple regress for NULL deref reported by Guido Vranken and fixed in
bn_exp2.c r1.13.
jsg [Thu, 10 Mar 2022 03:09:55 +0000 (03:09 +0000)]
authentcation -> authentication
jsg [Thu, 10 Mar 2022 01:56:02 +0000 (01:56 +0000)]
tansformed -> transformed
jsg [Thu, 10 Mar 2022 01:45:30 +0000 (01:45 +0000)]
immediatly -> immediately