openbsd
8 months agoNew sentence, new line. Use .Pa for /etc/login.conf.
jsg [Fri, 16 Feb 2024 01:48:06 +0000 (01:48 +0000)]
New sentence, new line.  Use .Pa for /etc/login.conf.

8 months agoIntroduce new IMSG_CTL_PROCREADY which is used to signal that all pipes
tobhe [Thu, 15 Feb 2024 20:10:45 +0000 (20:10 +0000)]
Introduce new IMSG_CTL_PROCREADY which is used to signal that all pipes
are set up by child processes. The parent sends a ping to all children
and only starts once it has received an acknowledgement from all of them.
This fixes a race condition on process startup when the parent starts
running before all children are ready.

From markus@

8 months agoDelay enabling sockets until ikev2 process is ready.
tobhe [Thu, 15 Feb 2024 19:11:00 +0000 (19:11 +0000)]
Delay enabling sockets until ikev2 process is ready.

from markus@

8 months agoRemove unused control_socks queue.
tobhe [Thu, 15 Feb 2024 19:04:12 +0000 (19:04 +0000)]
Remove unused control_socks queue.

from markus@

8 months agochange permit to be more bits away from deny, because rowhammer.
tedu [Thu, 15 Feb 2024 18:57:58 +0000 (18:57 +0000)]
change permit to be more bits away from deny, because rowhammer.
not really sure why this is our problem, but the diff is small.
ok deraadt millert miod

8 months agoqwx(4) works well enough to enable
deraadt [Thu, 15 Feb 2024 16:33:54 +0000 (16:33 +0000)]
qwx(4) works well enough to enable
ok stsp

8 months agofix wrong tsleep waiting address in qwx_qmi_mem_seg_send()
stsp [Thu, 15 Feb 2024 16:29:45 +0000 (16:29 +0000)]
fix wrong tsleep waiting address in qwx_qmi_mem_seg_send()

Fixes spurious "qwx0: failed to send qmi memory segments: -1" error with
associated lag during 'ifconfig qwx0 down up'

8 months agomake qwx(4) clean up ic_bss and set link down when moving into SCAN state
stsp [Thu, 15 Feb 2024 15:53:51 +0000 (15:53 +0000)]
make qwx(4) clean up ic_bss and set link down when moving into SCAN state

This matches what iwx(4) is doing.

8 months agosort sections;
jmc [Thu, 15 Feb 2024 15:42:57 +0000 (15:42 +0000)]
sort sections;

8 months agosort the qwx(4) entry;
jmc [Thu, 15 Feb 2024 15:42:16 +0000 (15:42 +0000)]
sort the qwx(4) entry;

8 months agofix wrong ifmedia macro used to check for IFM_AUTO
stsp [Thu, 15 Feb 2024 15:40:56 +0000 (15:40 +0000)]
fix wrong ifmedia macro used to check for IFM_AUTO

ok claudio@

8 months agosync
deraadt [Thu, 15 Feb 2024 15:08:00 +0000 (15:08 +0000)]
sync

8 months agoinstall & Xr
deraadt [Thu, 15 Feb 2024 15:07:55 +0000 (15:07 +0000)]
install & Xr

8 months agosome qwx(4) man page tweaks by me
stsp [Thu, 15 Feb 2024 15:05:40 +0000 (15:05 +0000)]
some qwx(4) man page tweaks by me

8 months agoadd an initial qwx(4) man page; written by mpi@ some time ago
stsp [Thu, 15 Feb 2024 15:05:18 +0000 (15:05 +0000)]
add an initial qwx(4) man page; written by mpi@ some time ago

8 months agovmx(4): Add TCP/UDP Checksum Offloading for IPv4/6
jan [Thu, 15 Feb 2024 13:24:45 +0000 (13:24 +0000)]
vmx(4): Add TCP/UDP Checksum Offloading for IPv4/6

ok jmatthew@, bluhm@

8 months agofix datapath Rx buffer management in qwx(4)
stsp [Thu, 15 Feb 2024 11:57:38 +0000 (11:57 +0000)]
fix datapath Rx buffer management in qwx(4)

Fixes Tx/Rx stalls where the device ran out of free Rx buffers to use.

The device consumes buffers on the Rx refill ring out of order, which
the ring management code I wrote intially would not handle properly.
Instead of using an index into the ring where we would expect to see
a free slot which was in fact occupied, keep track of free buffers via
a bitmap.

8 months agoFix bogus packet length calculation in the RX/LRO path, which can lead to
mglocker [Thu, 15 Feb 2024 10:56:53 +0000 (10:56 +0000)]
Fix bogus packet length calculation in the RX/LRO path, which can lead to
TSO tagging forwarded packets which shouldn't.  This will also fix the em(4)
watchdog timeouts seen after the em(4) TSO commit.

Thanks to Hrvoje Popovski for providing the infrastructure the reproduce
the issue, and test the fix.

Discussed with bluhm@.  OK claudio@

8 months agoBIO_dump*() avoid signed integer overflow
tb [Thu, 15 Feb 2024 10:34:30 +0000 (10:34 +0000)]
BIO_dump*() avoid signed integer overflow

This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior.  With an indent of 64, as little as 26 MB is enough to make this
happen.

ok jsing

8 months agoreturn non-zero if drm_fb_helper_alloc_info() fails in rkdrm_fb_probe()
jsg [Thu, 15 Feb 2024 09:48:03 +0000 (09:48 +0000)]
return non-zero if drm_fb_helper_alloc_info() fails in rkdrm_fb_probe()
found by smatch

8 months agoEnsure that the FileAndHashes list in a mft has no duplicates
tb [Thu, 15 Feb 2024 07:01:33 +0000 (07:01 +0000)]
Ensure that the FileAndHashes list in a mft has no duplicates

ok job

8 months agofix fd leaks in error paths
jsg [Thu, 15 Feb 2024 00:55:01 +0000 (00:55 +0000)]
fix fd leaks in error paths
ok miod@

8 months agoCheck IP length in ether_extract_headers().
bluhm [Wed, 14 Feb 2024 22:41:48 +0000 (22:41 +0000)]
Check IP length in ether_extract_headers().

For LRO with ix(4) it is necessary to detect ethernet padding.
Extract ip_len and ip6_plen from the mbuf and provide it to the
drivers.
Add extended sanitity checks, like IP packet is shorter than TCP
header.  This prevents offloading to network hardware with bougus
packets.
Also iphlen of extracted headers contains header length for IPv4
and IPv6, to make code in drivers simpler.

OK mglocker@

8 months agoRemove spurious GET_CURPROC in copyout() mistakenly introduced in r1.43.
miod [Wed, 14 Feb 2024 20:44:54 +0000 (20:44 +0000)]
Remove spurious GET_CURPROC in copyout() mistakenly introduced in r1.43.

8 months agoHide struct ip6q, struct ip6asfrag, struct ip6_moptions,
claudio [Wed, 14 Feb 2024 13:18:21 +0000 (13:18 +0000)]
Hide struct ip6q, struct ip6asfrag, struct ip6_moptions,
struct ip6po_rhinfo and struct ip6_pktopts behind _KERNEL.
The only bit userland may want from netinet6/ip6_var.h is
struct ip6stat.

The recent change to struct ip6po_rhinfo to use struct route
resulted in various build failures in ports because code
included netinet6/ip6_var.h without net/route.h.

OK tb@ sthen@

8 months agoRemove defines no longer needed in locore. NFC
miod [Wed, 14 Feb 2024 12:48:31 +0000 (12:48 +0000)]
Remove defines no longer needed in locore. NFC

8 months agoRemove never ever used cpu_exec() macro, apparently already obsolete by the
miod [Wed, 14 Feb 2024 12:36:35 +0000 (12:36 +0000)]
Remove never ever used cpu_exec() macro, apparently already obsolete by the
time this file was introduced close to 30 years ago.

8 months agomake qwx(4) work with custom MAC addresses set via ifconfig(8)
stsp [Wed, 14 Feb 2024 11:30:55 +0000 (11:30 +0000)]
make qwx(4) work with custom MAC addresses set via ifconfig(8)

ok phessler@

8 months agorpki-client: simplify x509_get_ski()
tb [Wed, 14 Feb 2024 10:49:00 +0000 (10:49 +0000)]
rpki-client: simplify x509_get_ski()

Use X509_public_digest() to calculate the SKI to get rid of a few dances
and weirdly named variables.

ok claudio

8 months agoAdjust test after the change to struct bgpd_addr.
claudio [Wed, 14 Feb 2024 07:56:23 +0000 (07:56 +0000)]
Adjust test after the change to struct bgpd_addr.
Noticed by anton@

8 months agoEnable the pool gc thread on m88k MULTIPROCESSOR kernels now that
miod [Wed, 14 Feb 2024 06:17:51 +0000 (06:17 +0000)]
Enable the pool gc thread on m88k MULTIPROCESSOR kernels now that
pmap_unmap_direct() has been fixed; also tested by aoyama@

8 months agoMake sure pmap_unmap_direct flushes dirty cache lines.
miod [Wed, 14 Feb 2024 06:16:53 +0000 (06:16 +0000)]
Make sure pmap_unmap_direct flushes dirty cache lines.

8 months agoavoid use after free of frp and frp->tname
jsg [Wed, 14 Feb 2024 03:07:58 +0000 (03:07 +0000)]
avoid use after free of frp and frp->tname
found by smatch, ok miod@ millert@

8 months agoavoid use after free of q
jsg [Wed, 14 Feb 2024 02:44:58 +0000 (02:44 +0000)]
avoid use after free of q
found by smatch, ok miod@ deraadt@

8 months agoavoid use after free of fcode
jsg [Wed, 14 Feb 2024 02:40:02 +0000 (02:40 +0000)]
avoid use after free of fcode
found by smatch, fix from deraadt@ ok miod@

8 months agoAdd explicit ASN1_ITEM_EXP prototypes
job [Tue, 13 Feb 2024 22:44:21 +0000 (22:44 +0000)]
Add explicit ASN1_ITEM_EXP prototypes

In LibreSSL *_it are variables, in other implementations they might
be a function. This helps squash compiler warnings in -portable.

Related: https://github.com/openbsd/src/commit/65af98848fc7a42e34d470d10fc1db8e23f9db93

OK tb@

8 months agoRefactor parse_takey()
job [Tue, 13 Feb 2024 21:18:55 +0000 (21:18 +0000)]
Refactor parse_takey()

Avoid i2d_RSAPublicKey() to help with future portability efforts.
Avoid a complication related to size_t/int for the return value
of i2d_X509_PUBKEY. While there, change the out label to 'err'.

OK tb@

8 months agoRemove the stalemanifests metrics (which are no longer in use)
job [Tue, 13 Feb 2024 20:41:22 +0000 (20:41 +0000)]
Remove the stalemanifests metrics (which are no longer in use)

OK tb@

8 months agoImprove printing of TALs extracted from .tak objects
job [Tue, 13 Feb 2024 20:40:17 +0000 (20:40 +0000)]
Improve printing of TALs extracted from .tak objects

This changeset makes the output align more with the TAL file syntax.

OK tb@

8 months agoImprove a comment about what exactly the SKI is
job [Tue, 13 Feb 2024 20:37:15 +0000 (20:37 +0000)]
Improve a comment about what exactly the SKI is

OK tb@

8 months agoAvoid using i2d_RSAPublicKey()
job [Tue, 13 Feb 2024 20:36:42 +0000 (20:36 +0000)]
Avoid using i2d_RSAPublicKey()

This should help with future portability efforts, and perhaps
makes the code a bit more readable.

OK tb@

8 months agoFix splbio usage in oosiop_scsicmd() - it does not need to be taken early
miod [Tue, 13 Feb 2024 17:51:17 +0000 (17:51 +0000)]
Fix splbio usage in oosiop_scsicmd() - it does not need to be taken early
since the switch to iopool years ago, but on the other had the update of
the command TAILQ needs to be done at splbio, and it wasn't.

8 months agoUse an C99 anonymous union inside struct bgpd_addr
claudio [Tue, 13 Feb 2024 16:35:43 +0000 (16:35 +0000)]
Use an C99 anonymous union inside struct bgpd_addr

This kills the two far to generic v4 and v6 macros which is a big win.
OK tb@

8 months agoRemove IMSG_SESSION_DOWN handler in the session engine. The RDE does
claudio [Tue, 13 Feb 2024 16:12:37 +0000 (16:12 +0000)]
Remove IMSG_SESSION_DOWN handler in the session engine. The RDE does
not issue such imsgs.
OK tb@

8 months agoStop logging misleading errors when custom generic error pages are in use.
claudio [Tue, 13 Feb 2024 14:00:24 +0000 (14:00 +0000)]
Stop logging misleading errors when custom generic error pages are in use.

Only call the open(2) log_warn for errnos that are not ENOENT. Since
that is an error worth logging.

Based on a diff from Carsten Reith (carsten.reith t-online.de)
OK florian@ deraadt@

8 months agoAnalyse header layout in ether_extract_headers().
bluhm [Tue, 13 Feb 2024 13:58:19 +0000 (13:58 +0000)]
Analyse header layout in ether_extract_headers().

Several drivers need IPv4 header length and TCP offset for checksum
offload, TSO and LRO.  Accessing these fields directly caused crashes
on sparc64 due to misaligned access.  It cannot be guaranteed that
IP and TCP header is 4 byte aligned in driver level.  Also gcc 4.2.1
assumes that bit fields can be accessed with 32 bit load instructions.

Use memcpy() in ether_extract_headers() to get the bits from IPv4
and TCP header and store the header length in struct ether_extracted.
From there network drivers can esily use it without caring about
alignment and bit shift.  Do some sanity checks with the length
values to prevent that invalid values from evil packets get stored
into hardware registers.  If check fails, clear the pointer to the
header to hide it from the driver.  Add debug prints that help to
figure out the reason for bad packets and provide information when
debugging drivers.

OK mglocker@

8 months agoFix for CVE-2023-50387 and CVE-2023-50868.
florian [Tue, 13 Feb 2024 12:58:05 +0000 (12:58 +0000)]
Fix for CVE-2023-50387 and CVE-2023-50868.

Both can be used to cause high CPU load and potentially denial of
service with specifically crafted DNSSEC responses.

This is a sync with unbound(8).

8 months agoFix for CVE-2023-50387 and CVE-2023-50868.
florian [Tue, 13 Feb 2024 12:57:11 +0000 (12:57 +0000)]
Fix for CVE-2023-50387 and CVE-2023-50868.

Both can be used to cause high CPU load and potentially denial of
service with specifically crafted DNSSEC responses.

8 months agoOnly generate a new xid at the start of getting a new lease.
florian [Tue, 13 Feb 2024 12:53:05 +0000 (12:53 +0000)]
Only generate a new xid at the start of getting a new lease.

"RFC 2131 4.1 Constructing and sending DHCP messages" has this:

| Selecting a new 'xid' for each retransmission is an implementation
| decision.  A client may choose to reuse the same 'xid' or select a new
| 'xid' for each retransmitted message.

We used to change xid for each request / response cycle but this ran
into problems with slow dhcp servers where we would change the xid too
frequently and would ignore late coming replies from the server.

Andre S points out that table 5 in "4.4.1 Initialization and
allocation of network address" says for the xid field in "DHCPREQUEST"
messages:

| 'xid' from server DHCPOFFER message

This seems to suggest that we need to use the same xid for the whole
DHCPDISCOVER / DHCPOFFER / DHCPREQUEST / DHCPACK exchange of messages.

Nothing else in the RFC is saying this though.

But since there are DHCP servers out there that depend on this, we
only generate a new xid when entering the INIT, REBOOTING and RENEWING
state.

I do wonder if we should just go with a static value of 0x04, which
was chosen by a fair dice roll, so guaranteed to be random.

Issue reported, initial diff and fix tested by Andre S
deraadt likes this version
OK tb

8 months agoDocument a portability caveat about GeneralizedTime and UTCTime
job [Tue, 13 Feb 2024 12:38:43 +0000 (12:38 +0000)]
Document a portability caveat about GeneralizedTime and UTCTime

OK tb@

8 months agoControl startup of PROC_CERT and PROC_IKEV2.
tobhe [Tue, 13 Feb 2024 12:25:11 +0000 (12:25 +0000)]
Control startup of PROC_CERT and PROC_IKEV2.
Currenly PROC_PARENT sends the configuration to both PROC_CERT and
PROC_IKEV2 and finishes by sending IMSG_CTL_ACTIVE to PROC_IKEV2.

However, when PROC_IKEV2 receives IMSG_CTL_ACTIVE it does not know
the state of PROC_CERT: PROC_CERT might not have processed the
initial configuration while PROC_IKEV2 already sends requests to
PROC_CERT, causing failed requests, or even crashes (NULL deref of
ca_certs).

In order to make sure that PROC_CERT is ready before
IMSG_CTL_ACTIVE is sent to PROC_IKEV2 that startup protocol
is changed as follows:

(1) PROC_PARENT sends configuration to both PROC_CERT and PROC_IKEV2
(2) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_CERT
(3) PROC_CERT acks IMSG_CTL_ACTIVE by sending it back to PROC_PARENT
(4) PROC_PARENT now knows that PROC_CERT is ready and has processed
    all messages from step (1)
(5) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_IKEV2 and knows that
    IMSG_CTL_ACTIVE will be processed by PROC_IKEV2 after all
    messages from step (1)
(6) PROC_IKEV2 can now assume that PROC_CERT is ready because it has
    already processed IMSG_CTL_ACTIVE

from markus@

8 months agoMerge struct route and struct route_in6.
bluhm [Tue, 13 Feb 2024 12:22:09 +0000 (12:22 +0000)]
Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6.  Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h.  Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route.  Internet PCB
and TCP SYN cache can use a plain struct route now.  All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

8 months agoRemove sanity checks from uvm_pagefree(). The first thing this function does
miod [Tue, 13 Feb 2024 10:16:28 +0000 (10:16 +0000)]
Remove sanity checks from uvm_pagefree(). The first thing this function does
is invoke uvm_pageclean(), which performs the exact same sanity check, so
one set of checks is enough.

ok mpi@

8 months agoThere is no way to implement the INKERNEL() macro on sparc64.
claudio [Tue, 13 Feb 2024 09:29:39 +0000 (09:29 +0000)]
There is no way to implement the INKERNEL() macro on sparc64.
It was set to just 1 since the dawn of sparc64 support. It is
time to accept the fact and remove all INKERNEL() checks.
OK miod@ mpi@

8 months agozlib: sync with base
tb [Tue, 13 Feb 2024 08:26:56 +0000 (08:26 +0000)]
zlib: sync with base

8 months agoPull in z_off64_t handling from upstream
tb [Tue, 13 Feb 2024 08:26:26 +0000 (08:26 +0000)]
Pull in z_off64_t handling from upstream

Since we don't define Z_LARGE64, we continue to define z_off64_t to z_off_t
and all the other changes are no-ops for OpenBSD.

ok kettenis millert

8 months agoAdd two new values for the destroy-unattached option to destroy sessions
nicm [Tue, 13 Feb 2024 08:10:23 +0000 (08:10 +0000)]
Add two new values for the destroy-unattached option to destroy sessions
only if they are not members of sessions groups, from Mark Huang, GitHub
issue 3806.

8 months agoDo not allow paste into panes which have exited, from Romain Francoise
nicm [Tue, 13 Feb 2024 08:03:50 +0000 (08:03 +0000)]
Do not allow paste into panes which have exited, from Romain Francoise
in GitHub issue 3830.

8 months agofix off-by-one in bounds test
jsg [Tue, 13 Feb 2024 02:14:25 +0000 (02:14 +0000)]
fix off-by-one in bounds test

found by "buffer overflow 'mvacc_cpu_freqs' 13 <= 13" smatch error
ok miod@

8 months agoPass protosw instead of domain structure to soalloc() to get real
mvs [Mon, 12 Feb 2024 22:48:27 +0000 (22:48 +0000)]
Pass protosw instead of domain structure to soalloc() to get real
`pr_type'. The corresponding domain is referenced as `pr_domain'.
Otherwise dp->dom_protosw->pr_type of inet sockets always points
to inetsw[0].

ok bluhm

8 months agokernel: disable hardclock() on secondary CPUs
cheloha [Mon, 12 Feb 2024 22:07:33 +0000 (22:07 +0000)]
kernel: disable hardclock() on secondary CPUs

There is no useful work left for secondary CPUs to do in hardclock().
Disable cq_hardclock on secondary CPUs and remove the now-unnecessary
early-return from hardclock().

This change reduces every system's normal clock interrupt rate by
(HZ - HZ/10) per secondary CPU.  For example, an 8-core machine
with a HZ=100 kernel should see its clock interrupt rate drop from
~1600 to ~960.

Thread: https://marc.info/?l=openbsd-tech&m=170750140915898&w=2

ok kettenis@

8 months agoadd Allwinner H616 support (and errata fix)
uaa [Mon, 12 Feb 2024 21:37:25 +0000 (21:37 +0000)]
add Allwinner H616 support (and errata fix)

ok kettenis@

8 months agoAdd showfilename set option
job [Mon, 12 Feb 2024 16:42:42 +0000 (16:42 +0000)]
Add showfilename set option

Pressing control-G all the time to understand 'what file is in what
window' might be tedious. Instead, offer a configurable option
(default off) to display the file name in the lower left corner.

OK millert@ otto@

8 months agoFix tuple & string comparisons in maps.
mpi [Mon, 12 Feb 2024 15:12:09 +0000 (15:12 +0000)]
Fix tuple & string comparisons in maps.

8 months agoTrailing spaces
mpi [Mon, 12 Feb 2024 15:11:06 +0000 (15:11 +0000)]
Trailing spaces

8 months agoRevert the change that enables retpoline PLTs by default. While these
kettenis [Mon, 12 Feb 2024 10:46:10 +0000 (10:46 +0000)]
Revert the change that enables retpoline PLTs by default.  While these
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective.  Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.

ok deraadt@

8 months agoIntel and AMD use different cpuid bits for MSR_PRED_CMD IBPB
jsg [Mon, 12 Feb 2024 02:57:14 +0000 (02:57 +0000)]
Intel and AMD use different cpuid bits for MSR_PRED_CMD IBPB
ok guenther@

8 months agoRetpolines are an anti-pattern for IBT, so we need to shift protecting
guenther [Mon, 12 Feb 2024 01:18:17 +0000 (01:18 +0000)]
Retpolines are an anti-pattern for IBT, so we need to shift protecting
userspace from cross-process BTI to the kernel.  Have each CPU track
the last pmap run on in userspace and the last vmm VCPU in guest-mode
and use the IBPB msr to flush predictors right before running in
userspace on a different pmap or entering guest-mode on a different
VCPU.  Codepatch-nop the userspace bits and conditionalize the vmm
bits to keep working if IBPB isn't supported.

ok deraadt@ kettenis@

8 months agoEnable disk encryption in unattended installations
kn [Sun, 11 Feb 2024 21:56:10 +0000 (21:56 +0000)]
Enable disk encryption in unattended installations

Interactively keeps using bioctl(8)'s own prompt, in unattended mode
ask_passphrase() ensures non-empty responses or fails.

Unlike user passwords, autoinstall(8) only supports plaintext passphrases:
    Encrypt the root disk with a (p)assphrase or (k)eydisk = passphrase
    New passphrase = secret
Make sure to trust the install network or use a pre-configured key disk:
    Encrypt the root disk with a (p)assphrase or (k)eydisk = keydisk
    Which disk contains the key disk = sd2
    Which sd2 partition is the key disk = a

initial diff from Chris Narkiewicz
OK afresh1
Feedback sthen

8 months agoRelease `sb_mtx' mutex(9) before sbunlock().
mvs [Sun, 11 Feb 2024 21:36:49 +0000 (21:36 +0000)]
Release `sb_mtx' mutex(9) before sbunlock().

ok bluhm

8 months agoRemove needless includes of netinet6/ip6_var.h header in userland.
bluhm [Sun, 11 Feb 2024 21:29:12 +0000 (21:29 +0000)]
Remove needless includes of netinet6/ip6_var.h header in userland.

OK millert@

8 months agoUse `sb_mtx' instead of `inp_mtx' in receive path for inet sockets.
mvs [Sun, 11 Feb 2024 18:14:26 +0000 (18:14 +0000)]
Use `sb_mtx' instead of `inp_mtx' in receive path for inet sockets.

In soreceve(), we only touch `so_rcv' socket buffer, which has it's own
`sb_mtx' mutex(9) for protection. So, we can avoid solock() in this
path - it's enough to hold `sb_mtx' in soreceive() and around
corresponding sbappend*(). But not right now :)

This time we use shared netlock for some inet sockets in the soreceive()
path. To protect `so_rcv' buffer we use `inp_mtx' mutex(9) and the
pru_lock() to acquire this mutex(9) in socket layer. But the `inp_mtx'
mutex belongs to the PCB. We initialize socket before PCB, tcp(4)
sockets could exist without PCB, so use `sb_mtx' mutex(9) to protect
sockbuf stuff.

This diff mechanically replaces `inp_mtx' by `sb_mtx' in the receive
path. Only for sockets which already use `inp_mtx'. All other sockets
left as is. They will be converted later.

Since the `sb_mtx' is optional, the new SB_MTXLOCK flag introduced. If
this flag is set on `sb_flags', the `sb_mtx' mutex(9) should be taken.
New sb_mtx_lock() and sb_mtx_unlock() was introduced to hide this check.
They are temporary and will be replaced by mtx_enter() when all this
area will be converted to `sb_mtx' mutex(9).

Also, the new sbmtxassertlocked() function introduced to throw
corresponding assertion for SB_MTXLOCK marked buffers. This time only
sbappendaddr() calls it. This function is also temporary and will be
replaced by MTX_ASSERT_LOCKED() later.

ok bluhm

8 months agoFix potential out-of-bounds array access.
kettenis [Sun, 11 Feb 2024 16:01:09 +0000 (16:01 +0000)]
Fix potential out-of-bounds array access.

Found by smatch, reported by and ok jsg@

8 months agounify smtpd and makemap table parser
op [Sun, 11 Feb 2024 09:24:26 +0000 (09:24 +0000)]
unify smtpd and makemap table parser

These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.

Converge both to the simpler smtpd parser which doesn't handle
continuation lines nor escaping, and support comments only at the start
of the line.

improvements and ok millert@

8 months agosync with src
tb [Sun, 11 Feb 2024 08:40:37 +0000 (08:40 +0000)]
sync with src

8 months agolibz: more windows ifdef turd shining from upstream
tb [Sun, 11 Feb 2024 08:40:06 +0000 (08:40 +0000)]
libz: more windows ifdef turd shining from upstream

8 months agorecue -> reduce (in comment); from andrius v
jmc [Sun, 11 Feb 2024 06:40:46 +0000 (06:40 +0000)]
recue -> reduce (in comment); from andrius v

8 months agoIn pkg-config, accept both "CFlags:" and "Cflags:"
gkoehler [Sun, 11 Feb 2024 03:57:10 +0000 (03:57 +0000)]
In pkg-config, accept both "CFlags:" and "Cflags:"

matthieu@ noticed that "pkg-config libpkgconf --cflags" failed because
libpkgconf.pc has "CFlags:" with upper-case 'F', but we accepted only
"Cflags:" with lower-case 'f'.  freedesktop.org's pkg-config accepts
both "C[Ff]lags", but is otherwise sensitive to case.

Accept "CFlags" by mapping it to "Cflags" when reading the file.  Fail
if the file has more than one "C[Ff]lags".

ok millert@ matthieu@

8 months agofirefall -> firewall, from Joel Carnat
jsg [Sun, 11 Feb 2024 01:31:28 +0000 (01:31 +0000)]
firefall -> firewall, from Joel Carnat

8 months agoRemove include netinet6/ip6_var.h from netinet/in_pcb.h.
bluhm [Sun, 11 Feb 2024 01:27:45 +0000 (01:27 +0000)]
Remove include netinet6/ip6_var.h from netinet/in_pcb.h.

OK mvs@

8 months agolibexpat minor bump to 14.1
bluhm [Sun, 11 Feb 2024 01:26:17 +0000 (01:26 +0000)]
libexpat minor bump to 14.1

8 months agoUpdate libexpat regress to version 2.6.0.
bluhm [Sun, 11 Feb 2024 01:01:32 +0000 (01:01 +0000)]
Update libexpat regress to version 2.6.0.

8 months agoUpdate libexpat to version 2.6.0.
bluhm [Sun, 11 Feb 2024 00:56:28 +0000 (00:56 +0000)]
Update libexpat to version 2.6.0.

This fixes CVE-2023-52425.  OpenBSD is not affected by CVE-2023-52426.
Relevant for OpenBSD are security fixes #789 #814, bug fixes #753
#812 #813, other changes #771 #788 #764 #765, and examples, docs,
compiler warnings, clang-tidy, tests.  Only a minor library bump
is necessary, this has been discussed with tb@ guenther@ kettenis@.

OK deraadt@

8 months agogrow arm64 iso media again
deraadt [Sat, 10 Feb 2024 16:47:46 +0000 (16:47 +0000)]
grow arm64 iso media again

8 months agoIf anything goes wrong with reading the 'sysctl hw.ucomnames', act
deraadt [Sat, 10 Feb 2024 15:29:04 +0000 (15:29 +0000)]
If anything goes wrong with reading the 'sysctl hw.ucomnames', act
like it is the empty string, rather than considering it an error.
ok krw

8 months agoOn kernels without ucom(4) support, 'sysctl hw.ucomnames' should return
deraadt [Sat, 10 Feb 2024 15:28:16 +0000 (15:28 +0000)]
On kernels without ucom(4) support, 'sysctl hw.ucomnames' should return
the empty string, rather than error.
ok krw

8 months agoPrevent use of uninitialized byte in vmd's mmio decoder.
dv [Sat, 10 Feb 2024 12:31:16 +0000 (12:31 +0000)]
Prevent use of uninitialized byte in vmd's mmio decoder.

The mmio code isn't wired in, but if the ModRM decode fails, byte
may be used with an uninitialized value. Properly return an error,
but initialize the byte variable as well.

Found by smatch, reported by and ok jsg@.

8 months agoclean sshd random relinking kit; ok miod@
naddy [Sat, 10 Feb 2024 11:28:52 +0000 (11:28 +0000)]
clean sshd random relinking kit; ok miod@

8 months agofix off-by-one when printing fr_arg
jsg [Sat, 10 Feb 2024 07:10:13 +0000 (07:10 +0000)]
fix off-by-one when printing fr_arg

found by "buffer overflow 'fp64->fr_arg' 6 <= 6" smatch error
ok miod@ claudio@

8 months agolibz: sync with base
tb [Sat, 10 Feb 2024 06:10:41 +0000 (06:10 +0000)]
libz: sync with base

8 months agolibz: sync with upstream
tb [Sat, 10 Feb 2024 06:10:04 +0000 (06:10 +0000)]
libz: sync with upstream

- fix type of local variable in deflate_stored()
- more Windows compat shuffling
- wrap overlong line in gzread

8 months agoFix locked address interfaces in vmd(8).
dv [Sat, 10 Feb 2024 02:19:12 +0000 (02:19 +0000)]
Fix locked address interfaces in vmd(8).

Before comparing the amount of bytes read to the size of a packet
struct, make sure the fd being read was actually the packet injection
pipe(2). Locked address interfaces force using the same copy-based
approach used for the internal dhcp service for "local" interfaces
but were accidentally being treated as reads from the pipe(2) and
not the tap.

This broke networking for any locked address interfaces in vmd(8).

Reported by and ok kn@

8 months agoSet vmd virtio device fds to -1 on close after fork.
dv [Sat, 10 Feb 2024 02:10:41 +0000 (02:10 +0000)]
Set vmd virtio device fds to -1 on close after fork.

After the recent vmd(8) commit to clean up file descriptor lifecycles,
virtio disks with multiple file descriptors (QCOW2 images with at
least one base) would fail to initialize when booted with a network
device.

Use the new fd closing routine in the vm process for virtio devices
to close the device fds and set to -1, removing buggy copying and
closing of fds.

Additionally, close the vm/device sync and async channels when
closing a device's fds.

Issue reported by and ok kn@

8 months agopull in another upstream tweak for windows
tb [Fri, 9 Feb 2024 19:15:53 +0000 (19:15 +0000)]
pull in another upstream tweak for windows

8 months agodt(4): move interval/profile entry points to dedicated clockintr callback
cheloha [Fri, 9 Feb 2024 17:42:18 +0000 (17:42 +0000)]
dt(4): move interval/profile entry points to dedicated clockintr callback

To improve the utility of dt(4)'s interval and profile probes we need
to move the probe entry points from the fixed-frequency hardclock() to
a dedicated clock interrupt callback so that the probes can fire at
arbitrary frequencies.

- Remove entry points for interval/profile probes from hardclock().

- Merge dt_prov_profile_enter(), dt_prov_interval_enter(), and
  dt_prov_profile_fire() into one function, dt_clock().  This is
  the now-unified callback for interval/profile probes.  dt_clock()
  will consume multiple events during a single execution if it is
  delayed, but on platforms with high quality interrupt clocks this
  should be rare.

- Each struct dt_pcb gets its own clockintr handle, dp_clockintr.

- In struct dt_pcb, replace dp_maxtick/dp_nticks with dp_nsecs,
  the PCB's sampling period.  Aynchronous probes must initialize
  dp_nsecs to a non-zero value during dtpv_alloc().

- In struct dt_pcb, replace dp_cpuid with dp_cpu so that
  dt_ioctl_record_start() knows where to bind the PCB's
  dp_clockintr.

- dt_ioctl_record_start() binds, staggers, and starts all
  interval/profile PCBs on the given dt_softc.  Each dp_clockintr
  is given a reference to its enclosing PCB so that dt_clock()
  doesn't need to search for it.  The staggering sort-of simulates
  the current behavior under hardclock().

- dt_ioctl_record_stop() unbinds all interval/profile PCBs.  The
  CL_BARRIER ensures that dp_clockintr's PCB reference is not in
  use by dt_clock() so that the PCB may be safely freed upon
  return from dt_ioctl_record_stop().  Blocking while holding
  dt_lock is not ideal, but in practice blocking in this spot is
  rare and dt_clock() completes quickly on all but the oldest
  hardware.  An extremely unlucky thread could block for every
  interval/profile PCB on the softc, but this is implausible.

DT_FA_PROFILE values are up-to-date for amd64, i386, and macppc.
Somebody with the right hardware needs to check-and-maybe-fix the
values on octeon, powerpc64, and sparc64.

Joint effort with mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170629371821879&w=2

ok mpi@

8 months agoclockintr: add clockintr_unbind()
cheloha [Fri, 9 Feb 2024 16:52:58 +0000 (16:52 +0000)]
clockintr: add clockintr_unbind()

The clockintr_unbind() function cancels any pending execution of the
given clock interrupt object's callback and severs the binding between
the object and its host CPU.  Upon return from clockintr_unbind(), the
clock interrupt object may be rebound with a call to clockintr_bind().

The optional CL_BARRIER flag tells clockintr_unbind() to block if the
clockintr's callback function is executing at the moment of the call.
This is useful when the clockintr's arg is a shared reference and the
caller needs to be certain the reference is inactive.

Now that clockintrs can be bound and unbound repeatedly, there is more
room for error.  To help catch programmer errors, clockintr_unbind()
sets cl_queue to NULL.  Calls to other API functions after a clockintr
is unbound will then fault on a NULL dereference.  clockintr_bind()
also KASSERTs that cl_queue is NULL to ensure the clockintr is not
already bound.  These checks are not perfect, but they do catch some
common errors.

With input from mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170629367121800&w=2

ok mpi@

8 months agovmx(4): add missing NVLAN checks
jan [Fri, 9 Feb 2024 15:22:41 +0000 (15:22 +0000)]
vmx(4): add missing NVLAN checks

ok bluhm@

8 months agoclockintr: refactor clockintr_cancel() into clockintr_cancel_locked()
cheloha [Fri, 9 Feb 2024 15:06:23 +0000 (15:06 +0000)]
clockintr: refactor clockintr_cancel() into clockintr_cancel_locked()

Move the mutex-protected portions of clockintr_cancel() into a separate
function, clockintr_cancel_locked(), so that the code can be reused by
other callers.

Thread: https://marc.info/?l=openbsd-tech&m=170629367121800&w=2

ok mpi@

8 months agoInclude sys/lock.h to make qwx(4) compile with GENERIC kernel.
bluhm [Fri, 9 Feb 2024 14:57:36 +0000 (14:57 +0000)]
Include sys/lock.h to make qwx(4) compile with GENERIC kernel.

OK stsp@

8 months agoOnly debug log dhcp packet info if packet is found.
dv [Fri, 9 Feb 2024 14:52:39 +0000 (14:52 +0000)]
Only debug log dhcp packet info if packet is found.

No functional change. vmd(8) was being chatty and incorrect.