bluhm [Wed, 21 Jul 2021 11:11:41 +0000 (11:11 +0000)]
Propagate errors from crypto_invoke() and count them in IPsec. They
should not happen, but always check error conditions. tq is never
NULL, remove the check. tdb->tdb_odrops++ is not MP safe, but will
be addressed separately in ipsec_output_cb().
OK mvs@
sthen [Wed, 21 Jul 2021 09:18:32 +0000 (09:18 +0000)]
sync
jsing [Wed, 21 Jul 2021 08:42:14 +0000 (08:42 +0000)]
Remove DTLS processed_rcds queue.
When DTLS handshake records are received from the next epoch, we will
potentially queue them on the unprocessed_rcds queue - this is usually
a Finished message that has been received without the ChangeCipherSuite
(CCS) message (which may have been dropped or reordered).
After the epoch increments (due to the CCS being received), the current
code processes all records on the unprocessed queue and immediate queues
them on the processed queue, which dtls1_get_record() then pulls from.
This form of processing only adds more complexity and another queue.
Instead, once the epoch increments, pull a single record from the
unprocessed queue and process it, allowing the contents to be consumed
by the caller. We repeat this process until the unprocessed queue is
empty, at which point we go back to consuming messages from the wire.
ok inoguchi@ tb@
nicm [Wed, 21 Jul 2021 08:09:43 +0000 (08:09 +0000)]
Do not add height twice when calculating popup_mouse_top, from M Kelly.
nicm [Wed, 21 Jul 2021 08:06:36 +0000 (08:06 +0000)]
Do not close popups on resize, instead adjust them to fit, from Anindya
Mukherjee.
jsing [Wed, 21 Jul 2021 07:51:12 +0000 (07:51 +0000)]
Silently discard invalid DTLS records.
Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records,
including those that have a bad MAC. When converting to the new record
layer, we inadvertantly switched to standard TLS behaviour, where an
invalid record is fatal. This restores the previous behaviour.
Issue noted by inoguchi@
ok inoguchi@
kn [Wed, 21 Jul 2021 03:53:50 +0000 (03:53 +0000)]
Use exclusive lock under /dev/, silence expected errors in installer
resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.
resolvd already does this, adjust slaacd and dhcpleased accordingly while
moving the lockfile paths under /dev/ such that they work early on boot and
don't run into races should /var be (un)mounted between daemon starts.
Locking is especially required in the installer where all three daemons are
started every time the "(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? "
prompt is entered, i.e. restarting installation or dropping into a shell
and back into the prompt again would start multiple instances.
To avoid expected lockfile error messages in between installer prompts,
discard standard error when starting the autoconf daemons; none of them
has other potential failure cases in installer mode before daemon(3)izing.
Input sthen deraadt
OK deraadt
jsg [Wed, 21 Jul 2021 01:03:49 +0000 (01:03 +0000)]
drm/amdkfd: fix sysfs kobj leak
From Philip Yang
b3205768cd1a3a9869500ec27e129f8a71d2152a in linux 5.10.y/5.10.52
dcdb4d904b4bd3078fe8d4d24b1658560d6078ef in mainline linux
jsg [Wed, 21 Jul 2021 01:01:21 +0000 (01:01 +0000)]
drm/dp_mst: Add missing drm parameters to recently added call to drm_dbg_kms()
From Jose Souza
cae871baa4f30608dc2084ca8ddc8f7e49913721 in linux 5.10.y/5.10.52
24ff3dc18b99c4b912ab1746e803ddb3be5ced4c in mainline linux
jsg [Wed, 21 Jul 2021 00:59:32 +0000 (00:59 +0000)]
drm/dp_mst: Avoid to mess up payload table by ports in stale topology
From Wayne Lin
16fb4e9c39b9543efd0c3dbc3dbb8865d090646a in linux 5.10.y/5.10.52
3769e4c0af5b82c8ea21d037013cb9564dfaa51f in mainline linux
jsg [Wed, 21 Jul 2021 00:57:36 +0000 (00:57 +0000)]
drm/dp_mst: Do not set proposed vcpi directly
From Wayne Lin
3462bc8b1a1f1b507804d33d118402235e8a1fab in linux 5.10.y/5.10.52
35d3e8cb35e75450f87f87e3d314e2d418b6954b in mainline linux
jsg [Wed, 21 Jul 2021 00:53:30 +0000 (00:53 +0000)]
drm/i915/gt: Fix -EDEADLK handling regression
From Ville Syrjala
0728df8048060e9bdedb9dd38c62782ee97184ba in linux 5.10.y/5.10.52
2feeb52859fc1ab94cd35b61ada3a6ac4ff24243 in mainline linux
jsg [Wed, 21 Jul 2021 00:50:05 +0000 (00:50 +0000)]
drm/i915/gtt: drop the page table optimisation
From Matthew Auld
81dd2d60f677bbab622c52711a711f0f43d37458 in linux 5.10.y/5.10.52
0abb33bfca0fb74df76aac03e90ce685016ef7be in mainline linux
jcs [Tue, 20 Jul 2021 18:33:59 +0000 (18:33 +0000)]
add AMD 17h/6xh Root Complex
ok brynet
schwarze [Tue, 20 Jul 2021 17:31:32 +0000 (17:31 +0000)]
Split X509_NAME_hash(3) out of d2i_X509_NAME(3) and document
X509_issuer_name_hash(3), X509_subject_name_hash(3), and the _old variants.
Even though this is only tangentially related to decoding and encoding,
including a single function in d2i_X509_NAME(3) was probably OK,
but let's not bog down that page with six functions that are likely
to become obsolete at some point - even though right now, they are
still being used both internally and by external software.
mvs [Tue, 20 Jul 2021 16:44:55 +0000 (16:44 +0000)]
Turn pipex(4) session statistics to per-CPU counters. This makes pipex(4)
more compliant to bluhm@'s work on traffic forwarding parallelization.
ok yasuoka@ bluhm@
bluhm [Tue, 20 Jul 2021 16:32:28 +0000 (16:32 +0000)]
The current workaround to disable parallel IPsec did not work.
Variable nettaskqs must not change at runtime. Interface input
queues choose the thread during init with ifiq_softnet = net_tq().
So it cannot be modified after pfkeyv2_send() sets the first SA in
kernel. Also changing the calculation in net_tq() may call task_del()
with a different taskq than task_add().
Instead of restricting the index to the first softnet task, use an
exclusive lock. For now just move the comment. We can later decide
if a write net lock or kernel lock is better.
OK mvs@
stsp [Tue, 20 Jul 2021 16:01:52 +0000 (16:01 +0000)]
Add the 7265-17 image back into the list of firmware used by iwm(4).
stsp [Tue, 20 Jul 2021 16:00:47 +0000 (16:00 +0000)]
Do not attempt to load 7265D iwm(4) firmware on all 7265 devices.
There are several variants of 7265 devices, all of which share a PCI ID.
7265D devices can be told apart by looking at the hardware revision number.
Non-D 7265 devices won't load 7265D firmware. Load the 7265-17 image instead.
Problem reported and fix tested on a non-D 7265 by Tilo Stritzky.
Tested on a 7265D by myself.
kettenis [Tue, 20 Jul 2021 15:25:48 +0000 (15:25 +0000)]
Use installboot -p such that the right partition will be newfs'ed.
ok krw@, deraadt@
kettenis [Tue, 20 Jul 2021 14:51:56 +0000 (14:51 +0000)]
Add -p option to "prepare" (newfs) a filesystem that will be used for
the bootloader. This is a no-op on architectures where such a filesystem
isn't needed.
ok krw@, deraadt@
stsp [Tue, 20 Jul 2021 14:44:37 +0000 (14:44 +0000)]
Make iwm_init() call iwm_stop() if we fail to move into SCAN state.
Generally, iwm_init() must either succeed or reset everything. In the case
I observed, the missing call to iwm_stop() left us with a non-zero refcount
for the newstate task which failed to perform the INIT -> SCAN transition.
The next ioctl request from userspace would then trigger a KASSERT in
iwm_init() which checks for old tasks that haven't run to completion.
This problem won't happen under normal conditions. It will happen if
the firmware crashes in response to a bad scan command, for instance.
I ran into this while working on support for newer iwx(4) firmware.
stsp [Tue, 20 Jul 2021 14:44:09 +0000 (14:44 +0000)]
Make iwx_init() call iwx_stop() if we fail to move into SCAN state.
Generally, iwx_init() must either succeed or reset everything. In the case
I observed, the missing call to iwx_stop() left us with a non-zero refcount
for the newstate task which failed to perform the INIT -> SCAN transition.
The next ioctl request from userspace would then trigger a KASSERT in
iwx_init() which checks for old tasks that haven't run to completion.
This problem won't happen under normal conditions. It will happen if
the firmware crashes in response to a bad scan command, for instance.
I ran into this while working on support for newer iwx(4) firmware.
deraadt [Tue, 20 Jul 2021 13:36:42 +0000 (13:36 +0000)]
sync
claudio [Tue, 20 Jul 2021 12:08:53 +0000 (12:08 +0000)]
Also add missing -V to usage
claudio [Tue, 20 Jul 2021 12:07:46 +0000 (12:07 +0000)]
Add -V to usage. Reported by Pier Carlo Chiodi.
inoguchi [Tue, 20 Jul 2021 12:04:53 +0000 (12:04 +0000)]
Check pointer variable if it is NULL in ca.c
missed with r1.32
kn [Tue, 20 Jul 2021 11:20:09 +0000 (11:20 +0000)]
Simplify DHCP lease file parer after switch to dhcpleased
dhcpleased(8)'s lease files are much simpler than dhclient.leases(5):
- exactly one lease per file (not many)
- only option lines (not statement, declaration, etc.)
- every option/value is separated by a single ": " (no optional leading
"option ")
- values are not quoted or escaped (like dhclient does)
lease_value() is hard to read, mostly because it strips optional double
quotes around option values as was required with dhclient.
dhclient VIS_ALL's values if they contain backticks, backslashes and
other characters, otherwise it VIS_SAFE's (and optionally quotes them).
dhcpleased VIS_SAFE's all value strings equally.
All install.sub users of lease_value() quote its output so they should
be safe without any special unescaping as previously done.
OK florian
visa [Tue, 20 Jul 2021 07:53:39 +0000 (07:53 +0000)]
Remove bogus use of CPU_MAXID and get cpu_info only once.
visa [Tue, 20 Jul 2021 07:51:08 +0000 (07:51 +0000)]
Remove unneeded __sync_* library functions from the kernel.
These library functions were added as stopgaps because GCC 4.2.1
lacks the corresponding __sync_* builtins on mips64. However,
the builtins are now provided by Clang.
mlarkin [Tue, 20 Jul 2021 00:41:54 +0000 (00:41 +0000)]
Fix trailing whitespace in a few places.
No code change.
krw [Mon, 19 Jul 2021 23:24:54 +0000 (23:24 +0000)]
Tweak one comment and nuke a bunch of pointless ones.
krw [Mon, 19 Jul 2021 19:46:20 +0000 (19:46 +0000)]
Abstract reading the built-in MBR or MBR file into
a separate function.
No functional change.
krw [Mon, 19 Jul 2021 19:30:35 +0000 (19:30 +0000)]
MBR_protective_mbr() can take a const struct mbr *.
No functional change.
krw [Mon, 19 Jul 2021 19:23:50 +0000 (19:23 +0000)]
An MBR knows (mbr_lba_self) where it is supposed to go, no
need to pass the value to MBR_write().
Let MBR_write() do the translation from struct mbr to the
struct dos_mbr that will be written to the disk. Thus
eliminating unnecessary struct dos_mbr variables and the
parsing thereof.
No intentional functional change.
stsp [Mon, 19 Jul 2021 19:00:58 +0000 (19:00 +0000)]
Fix an alignment fault observed on an octeon machine while pppoe(4) was
attempting to negotiate a large MTU.
Copy the peer's max payload size from the discovery packet with memcpy()
instead of using a pointer to this value's offset in the packet buffer.
tweak and ok visa@
additional testing and ok sthen@
kn [Mon, 19 Jul 2021 16:23:56 +0000 (16:23 +0000)]
Markup optional ICMP/ICMP6 codes as such
Only icmp(4)/icmp6(4) types are required for `icmp-type'/`icmp6-type' rules
while codes are optional.
From Martin Vahlensieck < openbsd at academicsolutions dot ch >, thanks!
mvs [Mon, 19 Jul 2021 14:49:55 +0000 (14:49 +0000)]
Remove `ids' from `ipsec_ids_tree' while following ipsp_ids_insert()
error path. This fixes use-after-free issue. Also fix debug message
mistype pointed by bluhm@ in error path.
ok millert@ bluhm@
krw [Mon, 19 Jul 2021 14:30:08 +0000 (14:30 +0000)]
Revert incorrect tweaks to disk geometry calculations and
non '-b' MBR disk initialization.
Detected by bluhm@'s ever vigilant regress testing.
schwarze [Mon, 19 Jul 2021 13:16:43 +0000 (13:16 +0000)]
document X509_CRL_print(3) and X509_CRL_print_fp(3)
jsg [Mon, 19 Jul 2021 10:51:58 +0000 (10:51 +0000)]
drm/i915/display: Do not zero past infoframes.vsc
From Kees Cook
3f9c2a058e61b8df9fef196ad6180fbf9932ed80 in linux 5.10.y/5.10.51
07b72960d2b4a087ff2445e286159e69742069cc in mainline linux
jsg [Mon, 19 Jul 2021 10:49:37 +0000 (10:49 +0000)]
drm/amd/display: Reject non-zero src_y and src_x for video planes
From Harry Wentland
c6016936171a7b179b2c478ceb7fbd092ee4f9f8 in linux 5.10.y/5.10.51
c6c6a712199ab355ce333fa5764a59506bb107c1 in mainline linux
jsg [Mon, 19 Jul 2021 10:47:20 +0000 (10:47 +0000)]
drm/amd/display: fix incorrrect valid irq check
From Guchun Chen
b13574fa83ac55a9c3aa7f075ef5db62b444f7b5 in linux 5.10.y/5.10.51
e38ca7e422791a4d1c01e56dbf7f9982db0ed365 in mainline linux
jsg [Mon, 19 Jul 2021 10:45:08 +0000 (10:45 +0000)]
drm/dp: Handle zeroed port counts in drm_dp_read_downstream_info()
From Lyude Paul
2998599fb16cd99b0384d2517bbd409a233a9695 in linux 5.10.y/5.10.51
205bb69a90363541a634a662a599fddb95956524 in mainline linux
jsg [Mon, 19 Jul 2021 10:42:27 +0000 (10:42 +0000)]
drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown() for Loongson64
From Tiezhu Yang
0d50d93d05d6571347f3ab9d28d0b80e5d142d81 in linux 5.10.y/5.10.51
c1bfd74bfef77bcefc88d12eaf8996c0dfd51331 in mainline linux
jsg [Mon, 19 Jul 2021 10:39:54 +0000 (10:39 +0000)]
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
From Jing Xiangfeng
7aa28f2f67421d7ba9957275bc211a7782238f31 in linux 5.10.y/5.10.51
9ba85914c36c8fed9bf3e8b69c0782908c1247b7 in mainline linux
jsg [Mon, 19 Jul 2021 10:37:21 +0000 (10:37 +0000)]
drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2)
From Aaron Liu
2674ffcad0aef41425e1a4a40d3508caed989a1a in linux 5.10.y/5.10.51
e2329e74a615cc58b25c42b7aa1477a5e3f6a435 in mainline linux
jsg [Mon, 19 Jul 2021 10:35:16 +0000 (10:35 +0000)]
drm/amdgpu: Update NV SIMD-per-CU to 2
From Joseph Greathouse
8f933b27cbf1cd176f0a73ddeae19fae5e9bc189 in linux 5.10.y/5.10.51
aa6158112645aae514982ad8d56df64428fcf203 in mainline linux
jsg [Mon, 19 Jul 2021 10:33:03 +0000 (10:33 +0000)]
drm/amdkfd: Walk through list with dqm lock hold
From xinhui pan
4cd713e48c272a80af935424afaa607ea125aed4 in linux 5.10.y/5.10.51
56f221b6389e7ab99c30bbf01c71998ae92fc584 in mainline linux
jsg [Mon, 19 Jul 2021 10:30:39 +0000 (10:30 +0000)]
drm/amdgpu: fix bad address translation for sienna_cichlid
From Stanley.Yang
a2122e07920456e5d43f32e61d52be59634ddcab in linux 5.10.y/5.10.51
6ec598cc9dfbf40433e94a2ed1a622e3ef80268b in mainline linux
jsg [Mon, 19 Jul 2021 10:27:52 +0000 (10:27 +0000)]
drm/amdkfd: Fix circular lock in nocpsch path
From Amber Lin
0e72b151e394106ad3e3d5bebd1118952970047a in linux 5.10.y/5.10.51
a7b2451d31cfa2e8aeccf3b35612ce33f02371fc in mainline linux
jsg [Mon, 19 Jul 2021 10:26:13 +0000 (10:26 +0000)]
drm/amdkfd: fix circular locking on get_wave_state
From Jonathan Kim
cd29db48bb65e53efe4b05c75e575c5f1af5ddaf in linux 5.10.y/5.10.51
63f6e01237257e7226efc5087f3f0b525d320f54 in mainline linux
jsg [Mon, 19 Jul 2021 10:24:06 +0000 (10:24 +0000)]
drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check
From Mark Yacoub
a5f8862967c453aff5b32883d1b6be8e2009e4f0 in linux 5.10.y/5.10.51
03fc4cf45d30533d54f0f4ebc02aacfa12f52ce2 in mainline linux
jsg [Mon, 19 Jul 2021 10:21:09 +0000 (10:21 +0000)]
drm/amdkfd: use allowed domain for vmbo validation
From Nirmoy Das
378c156f9dd0f0e758513c38e33311ae3e5540b2 in linux 5.10.y/5.10.51
bc05716d4fdd065013633602c5960a2bf1511b9c in mainline linux
jsg [Mon, 19 Jul 2021 10:19:12 +0000 (10:19 +0000)]
drm/amd/display: Fix off-by-one error in DML
From Wesley Chalmers
c71de31b2e0f4ef71cc69ba841aeac12519b3607 in linux 5.10.y/5.10.51
e4e3678260e9734f6f41b4325aac0b171833a618 in mainline linux
jsg [Mon, 19 Jul 2021 10:17:06 +0000 (10:17 +0000)]
drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
From Wesley Chalmers
afa06442d23d32e95e3336cf8ff366bdd8d590ee in linux 5.10.y/5.10.51
3577e1678772ce3ede92af3a75b44a4b76f9b4ad in mainline linux
jsg [Mon, 19 Jul 2021 10:15:04 +0000 (10:15 +0000)]
drm/amd/display: Release MST resources on switch from MST to SST
From Vladimir Stempen
02f444321b3a0f3f94e34329f8aafa814c45b8e4 in linux 5.10.y/5.10.51
3f8518b60c10aa96f3efa38a967a0b4eb9211ac0 in mainline linux
jsg [Mon, 19 Jul 2021 10:12:33 +0000 (10:12 +0000)]
drm/amd/display: Update scaling settings on modeset
From Roman Li
01d6a693196595d356f0f5e42ab155c293470676 in linux 5.10.y/5.10.51
c521fc316d12fb9ea7b7680e301d673bceda922e in mainline linux
jsg [Mon, 19 Jul 2021 10:10:26 +0000 (10:10 +0000)]
drm/amd/display: Fix DCN 3.01 DSCCLK validation
From Nikola Cornij
57c63b47d6f188b44d93d1602bd24d8d9a9131f6 in linux 5.10.y/5.10.51
346cf627fb27c0fea63a041cedbaa4f31784e504 in mainline linux
jsg [Mon, 19 Jul 2021 10:08:03 +0000 (10:08 +0000)]
drm/amdgpu: remove unsafe optimization to drop preamble ib
From Jiansong Chen
8fa6473a61ecc9972ad543d8ba1d927d442d1f67 in linux 5.10.y/5.10.51
7d9c70d23550eb86a1bec1954ccaa8d6ec3a3328 in mainline linux
jsg [Mon, 19 Jul 2021 10:05:24 +0000 (10:05 +0000)]
drm/amd/display: Avoid HDCP over-read and corruption
From Kees Cook
c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2e in linux 5.10.y/5.10.51
06888d571b513cbfc0b41949948def6cb81021b2 in mainline linux
jsg [Mon, 19 Jul 2021 10:03:08 +0000 (10:03 +0000)]
drm/sched: Avoid data corruptions
From Andrey Grodzovsky
0687411e2a8858262de2fc4a1d576016fd77292e in linux 5.10.y/5.10.51
0b10ab80695d61422337ede6ff496552d8ace99d in mainline linux
jsg [Mon, 19 Jul 2021 10:01:10 +0000 (10:01 +0000)]
drm/scheduler: Fix hang when sched_entity released
From Andrey Grodzovsky
5ed8c298b2e140c640af8813a490fb4d77165e97 in linux 5.10.y/5.10.51
c61cdbdbffc169dc7f1e6fe94dfffaf574fe672a in mainline linux
jsg [Mon, 19 Jul 2021 09:58:16 +0000 (09:58 +0000)]
drm/amd/display: fix use_max_lb flag for 420 pixel formats
From Dmytro Laktyushkin
3ca86d44b9023cd96c893d6dd90aacbca90e4d74 in linux 5.10.y/5.10.51
8809a7a4afe90ad9ffb42f72154d27e7c47551ae in mainline linux
jsg [Mon, 19 Jul 2021 09:55:11 +0000 (09:55 +0000)]
drm/amd/amdgpu/sriov disable all ip hw status by default
From Jack Zhang
b025bc07c94770ab5ca68a8b2ead12628c2a0698 in linux 5.10.y/5.10.51
95ea3dbc4e9548d35ab6fbf67675cef8c293e2f5 in mainline linux
jsg [Mon, 19 Jul 2021 09:51:46 +0000 (09:51 +0000)]
drm/amd/display: fix HDCP reset sequence on reinitialize
From Brandon Syu
fb7479d64d77a3bb0ee992f9e450cf52d56c6b2c in linux 5.10.y/5.10.51
99c248c41c2199bd34232ce8e729d18c4b343b64 in mainline linux
jsg [Mon, 19 Jul 2021 09:22:32 +0000 (09:22 +0000)]
sync kfd_ioctl.h with linux 5.10.y
dtucker [Mon, 19 Jul 2021 08:48:33 +0000 (08:48 +0000)]
Use SUDO when setting up hostkey.
jsing [Mon, 19 Jul 2021 08:42:24 +0000 (08:42 +0000)]
Mop up dtls1_get_ccs_header() and struct ccs_header_st.
All this code does is read one byte from memory with an unknown length,
potentially being a one byte overread... and then nothing is actually done
with the value.
ok tb@
jsing [Mon, 19 Jul 2021 08:39:28 +0000 (08:39 +0000)]
Inline DTLS1_CCS_HEADER_LENGTH rather than having a single use variable.
ok tb@
dtucker [Mon, 19 Jul 2021 05:08:54 +0000 (05:08 +0000)]
Increase time margin for rekey tests. Should help reliability on very
heavily loaded hosts.
dtucker [Mon, 19 Jul 2021 03:13:28 +0000 (03:13 +0000)]
Ensure that all returned SSHFP records for the specified host name and
hostkey type match instead of only one. While there, simplify the code
somewhat and add some debugging. Based on discussion in bz#3322, ok djm@.
dtucker [Mon, 19 Jul 2021 02:46:34 +0000 (02:46 +0000)]
Add test for host key verification via SSHFP records. This requires
some external setup to operate so is disabled by default (see
comments in sshfp-connect.sh).
dtucker [Mon, 19 Jul 2021 02:29:28 +0000 (02:29 +0000)]
Add
ed25519 key and test SSHFP export of it. Only test RSA SSHFP export
if we have RSA functionality compiled in.
dtucker [Mon, 19 Jul 2021 02:21:50 +0000 (02:21 +0000)]
Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes build with
OPENSSL=no.
dtucker [Mon, 19 Jul 2021 00:16:26 +0000 (00:16 +0000)]
Group keygen tests together.
dtucker [Sun, 18 Jul 2021 23:10:10 +0000 (23:10 +0000)]
Add test for ssh-keygen printing of SSHFP records.
kn [Sun, 18 Jul 2021 23:02:57 +0000 (23:02 +0000)]
Markup promises with Cm not Va
These are not variable names but rather keywords (as port of one big
string).
I originally changed this such that `.Bl -tag' would automatically tag them
and thus allow ":t id" in the manual pager; since schwarze's recent
mandoc(1) commit this is no longer needed as `.Va' gained tagging with it,
but its use is incorrect here nonetheless, so still change it to the more
appropiate `.Cm'.
Input jmc schwarze
krw [Sun, 18 Jul 2021 21:40:13 +0000 (21:40 +0000)]
Don't save the prt_scyl/prt_ecyl values, change them, use them
and then restore them. Just change/use the saved values and skip
the restoring.
Allows PRT_make() to add 'const' to its struct mbr parameter, and
thus allows MBR_make() to add 'const' to its struct mbr
parameter.
No intentional functional change.
mvs [Sun, 18 Jul 2021 18:19:22 +0000 (18:19 +0000)]
Introduce and use garbage collector for 'ipsec_ids' struct entities
destruction instead of using per-entity timeout. This fixes the races
between ipsp_ids_insert(), ipsp_ids_free() and ipsp_ids_timeout().
ipsp_ids_insert() can't stop ipsp_ids_timeout() timeout handler which is
already running and awaiting netlock to be released, so reused `ids' will
be silently removed in this case.
ipsp_ids_free() can't determine is ipsp_ids_timeout() timeout handler
running because timeout_del(9) called by ipsp_ids_insert() clears it's
triggered state. So ipsp_ids_timeout() could be scheduled to run twice in
this case.
Also hrvoje@ reported about ipsec(4) throughput increased with this diff
so it seems we caught significant count of ipsp_ids_insert() races.
tests and feedback by hrvoje@
ok bluhm@
kn [Sun, 18 Jul 2021 17:44:46 +0000 (17:44 +0000)]
Zap dhclient bits, mention resolvd
OK deraadt
krw [Sun, 18 Jul 2021 15:28:37 +0000 (15:28 +0000)]
Make GPT_read() obtain and validate the on-disk MBR itself, via
MBR_read(), and report success/failure.
Simplifies logic and makes clearer that the protective MBR is a
required part of a GPT.
With the standardization on 0/-1 return values for helper
functions, rename 'valid' to 'error' in GPT_read() to make logic
less mind bending.
No functional change.
deraadt [Sun, 18 Jul 2021 15:18:47 +0000 (15:18 +0000)]
Remove hackery around /tmp/i/resolv.conf*. In particular "lookup file bind"
is required because of TLS servername for contacting ftp.openbsd.org, and
there is no point doing that in resolv.conf.tail because it is no longer used.
ok florian kn
bluhm [Sun, 18 Jul 2021 14:38:20 +0000 (14:38 +0000)]
The IPsec authentication before decryption used a different replay
counter than after decryption. This could result in "esp_input_cb:
authentication failed for packet in SA" errors. As we run crypto
operations async, thousands of packets are stored in the crypto
task. During the queueing the replay counter of the tdb can change.
Then the higher 32 bits may increment although the lower 32 bits
did not wrap.
checkreplaywindow() must be called twice per packet with the same
replay counter. Store the value in struct tdb_crypto while dangling
in the task queue and doing crypto operations.
tested by Hrvoje Popovski; joint work with tobhe@
stsp [Sun, 18 Jul 2021 13:07:13 +0000 (13:07 +0000)]
Do not ask iwx(4) firmware to send probe requests on passive channels.
This seems to fix a problem where firmware becomes unresponsive after
association and eventually raises a fatal error. iwx(4) already has a
workaround in place for this: We always ask firmware to perform a
passive scan, on any channel.
This change is a better fix from iwm(4) CVS commit jJFMeXcos9GOqFQz.
However, the current workaround will stay in place for now, until we
have evidence that active scanning is working on iwx(4) devices.
I will try to organize an out-of-tree round of testing for this.
krw [Sun, 18 Jul 2021 12:41:00 +0000 (12:41 +0000)]
Put MBR_parse() invocation inside MBR_read() instead of always
following an invocation of MBR_read() with a call to MBR_parse().
No functional change.
stsp [Sun, 18 Jul 2021 12:39:16 +0000 (12:39 +0000)]
Clear the "persistence bit" on iwx(4) devices during hardware init.
According to iwlwifi commit messages this fixes an edge case where
devices fail to resume after system suspend.
See Linux commit
8954e1eb2270fa2effffd031b4839253952c76f2
Same fix was made for iwm(4) in CVS commit x0XTNdEmudy5oBR4
florian [Sun, 18 Jul 2021 12:33:41 +0000 (12:33 +0000)]
Ignore routers option when a classless static routes option is present
as mandated by RFC3442.
Pointed out by, initial diff, testing & OK bket@
stsp [Sun, 18 Jul 2021 12:21:49 +0000 (12:21 +0000)]
Set MIMO-related flags in the iwx(4) ADD_STA command.
Not sure how we ended up missing these. MIMO apparently works without the
flags set, and setting them doesn't seem to have any immediately visible
effect on firmware. But let's be consistent with iwm(4) and iwlwifi.
stsp [Sun, 18 Jul 2021 12:03:57 +0000 (12:03 +0000)]
Newer iwx(4) firmware doesn't like the DQA command anymore.
Check whether firmware advertises DQA support before sending the DQA
command during device initialization. Newer firmware will raise a
fatal error otherwise. The Tx queue API has been redesigned yet again.
stsp [Sun, 18 Jul 2021 11:56:11 +0000 (11:56 +0000)]
Fix wrong usage of iwx_lookup_cmd_ver() in iwx_send_soc_conf().
Callers are supposed to check whether iwx_lookup_cmd_ver() returns
CMD_VER_UNKNOWN, and this check was missing here. Fortunately, the
buggy check was part of a condition which also requires the
low_latency_xtal constant to be set. We do not yet support devices
where low_latency_xtal is non-zero, so the bug never triggered.
dv [Sun, 18 Jul 2021 11:55:45 +0000 (11:55 +0000)]
vmd(8): remove invalid errno values from config_setvm
Refactor config_setvm to directly return error code on failure
instead of returning -1 and setting errno. It was setting unsupported
values not defined in <errno.h>.
OK mlarkin@
schwarze [Sun, 18 Jul 2021 11:40:58 +0000 (11:40 +0000)]
Support auto-tagging for ".It Va".
This combination is somewhat rare because few libraries expose so many
global variables that they need a list to enumerate them, but when the
idiom does occur, tagging the variable names is generally useful.
For example, this helps awk(1), dc(1), make(1), rc.subr(8), ...
Missing feature reported and patch reviewed, tested, and OK'ed by kn@.
stsp [Sun, 18 Jul 2021 11:40:31 +0000 (11:40 +0000)]
Fix iwx(4) PHY context updates for newer firmware versions.
Firmware which advertises the BINDING_CDB_SUPPORT capability
needs a remove+add dance when the channel band has changed.
See Linux commit
730a18912bcbde0b94ae7f1b554a9908b3424a22
and Linux commit
91109f42d0ad0c0c282d1fa1257a1548977aa895
The same fix was applied to iwm(4) in CVS commit uQ0WjqRUp03vxHg1
schwarze [Sun, 18 Jul 2021 11:25:47 +0000 (11:25 +0000)]
Let the mandoc.db(5) test suite work with parallel make (make -j),
by making sure that different tests use different directory names
for their work such that they do not collide.
As a side benefit, this allows keeping the complete working directories
of the tests until "make cleandir" is run, which may occasionally
help debugging when something breaks.
The failure with make -j was detected and reported by anton@,
who also reviewed, tested, and OK'ed this somewhat lengthy patch.
kn [Sun, 18 Jul 2021 11:18:38 +0000 (11:18 +0000)]
Document dhcpleased(8) and slaacd(8) besides dhclient(8) as DNS source
Zap the obsolete dhclient.conf(5) supersede quirk while here.
Feedback OK florian
kn [Sun, 18 Jul 2021 11:08:34 +0000 (11:08 +0000)]
Follow dhclient -> dhcpleased switch, reduce supported DHCP statements
dhcpleased(8) does not support every statement dhclient(8) does, so reflect
the status quo simplify things to the smaller set of statements that still
suffice to use autoinstall(8).
While here, speak of dhcp-options(5) and "DHCP lease" instead of
dhcpd.conf statements and the installer's specific DHCP client/parser.
OK florian
jsg [Sun, 18 Jul 2021 10:20:06 +0000 (10:20 +0000)]
make the printf on skipping reset with gen7/gen8 debug only
With the 5.10 drm on vlv/ivb/hsw/bdw inteldrm has been known to reset
the chip when a gpu hang is falsely detected. This appears to be
related to the workarounds for cleaning up after switching hardware
contexts.
intel_gt_reset *NOTICE* [drm] Resetting chip for context closure in glsl-uniform-int<99177>
mark_guilty *NOTICE* [drm] glsl-uniform-int[97885] context reset due to GPU hang
A local change skips the reset (which kills Xorg) on gen7/gen8.
The printf is in that path.
stsp [Sun, 18 Jul 2021 09:37:49 +0000 (09:37 +0000)]
Update the list of firmware files used by iwm(4).
jsg [Sun, 18 Jul 2021 05:02:37 +0000 (05:02 +0000)]
regen