jsg [Mon, 9 Sep 2024 08:31:19 +0000 (08:31 +0000)]
drm/amd/pm: fix uninitialized variable warning
From Jesse Zhang
fc0cb02efdfbf8f913417bb06ac16a1a985523e7 in linux-6.6.y/6.6.50
7c836905520703dbc8b938993b6d4d718bc739f3 in mainline linux
jsg [Mon, 9 Sep 2024 08:29:45 +0000 (08:29 +0000)]
drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
From Ma Jun
a2f2beaba783e5e99b05bb455b701257e6f1fa37 in linux-6.6.y/6.6.50
579f0c21baec9e7506b6bb3f60f0a9b6d07693b4 in mainline linux
jsg [Mon, 9 Sep 2024 08:27:57 +0000 (08:27 +0000)]
drm/amdgpu: fix overflowed array index read warning
From Tim Huang
da22d1b98d9d3a1bfd62bd291b10d57b0f19d6e5 in linux-6.6.y/6.6.50
ebbc2ada5c636a6a63d8316a3408753768f5aa9f in mainline linux
jsg [Mon, 9 Sep 2024 08:26:08 +0000 (08:26 +0000)]
drm/amd/display: Assign linear_pitch_alignment even for VM
From Alvin Lee
d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997 in linux-6.6.y/6.6.50
984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 in mainline linux
jsg [Mon, 9 Sep 2024 08:22:35 +0000 (08:22 +0000)]
drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
From Ma Jun
761964b756c6e760e8af25e383b7f0a8cc473ac0 in linux-6.6.y/6.6.50
c0d6bd3cd209419cc46ac49562bef1db65d90e70 in mainline linux
jsg [Mon, 9 Sep 2024 08:21:03 +0000 (08:21 +0000)]
drm: panel-orientation-quirks: Add quirk for OrangePi Neo
From Philip Mueller
512bd0cd535bf9b819e638585d5fc69e97d2663b in linux-6.6.y/6.6.50
d60c429610a14560085d98fa6f4cdb43040ca8f0 in mainline linux
jsg [Mon, 9 Sep 2024 08:18:38 +0000 (08:18 +0000)]
drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()
From Qiuxu Zhuo
d5618eaea8868e2534c375b8a512693658068cf8 in linux-6.6.y/6.6.50
833cd3e9ad8360785b6c23c82dd3856df00732d9 in mainline linux
tb [Mon, 9 Sep 2024 07:40:03 +0000 (07:40 +0000)]
Make error 235 resolve to "no application protocol"
We accidentally have two errors 235 since we didn't notice that OpenSSL
removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that
becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher"
error when fiddling with ALPN is confusing, so fix that.
ok jsing
mvs [Mon, 9 Sep 2024 07:38:45 +0000 (07:38 +0000)]
Document 'socket' and 'sockbuf' structures locking.
`so_oobmark' marked as [mr]. It is accessed in reception path and
corresponding SS_RCVATMARK flag belongs `so_rcv' buffer. However, it is
still protected by exclusive solock()/netlock.
No functional changes.
ok bluhm
mvs [Mon, 9 Sep 2024 07:37:47 +0000 (07:37 +0000)]
Don't take netlock while setting `if_description'.
net/if_pppx.c is the only place where `if_description' accessed outside
ifioctl() path and there is no reason to take netlock here. SIOCSIFDESCR
case of ifioctl() modifies `if_description' with the only kernel lock.
ok bluhm
kn [Mon, 9 Sep 2024 05:36:17 +0000 (05:36 +0000)]
Add triple-dots to synopsis as multiple name[=value] arguments may be given
OK jmc sobrado
tb [Mon, 9 Sep 2024 03:55:55 +0000 (03:55 +0000)]
Fix alert callback in the QUIC layer
Only close_notify and user_cancelled are warning alerts. All others
should be fatal. In order for the lower layers to behave correctly,
the return code for fatal alerts needs to be TLS13_IO_ALERT instead
of TLS13_IO_SUCCESS.
Failure to signal handshake failure in the public API led to a crash
in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as
found by haproxyfred while investigating
https://github.com/haproxy/haproxy/issues/2569
Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a
similar patch and tested this version.
Fixes https://github.com/libressl/portable/issues/1093
ok jsing
jsg [Mon, 9 Sep 2024 03:50:14 +0000 (03:50 +0000)]
move some server only functions from nfs_subs.c to nfs_srvsubs.c
saves space on ramdisks that have option NFSCLIENT
initial diff from and ok miod@
tb [Mon, 9 Sep 2024 03:32:29 +0000 (03:32 +0000)]
Add and use tls13_record_layer_alert_sent()
This is a small refactoring that wraps a direct call to the record layer's
alert_sent() callback into a handler for upcoming reuse in the QUIC code.
No functional change.
ok jsing
djm [Mon, 9 Sep 2024 03:13:39 +0000 (03:13 +0000)]
test mlkem768x25519-sha256
djm [Mon, 9 Sep 2024 02:39:57 +0000 (02:39 +0000)]
pull post-quantum ML-KEM/x25519 key exchange out from compile-time
flag now than an IANA codepoint has been assigned for the algorithm.
Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot.
ok markus@
tb [Sun, 8 Sep 2024 07:23:36 +0000 (07:23 +0000)]
rpki-client: fix typos in comments and one in a warning message
aisha [Sat, 7 Sep 2024 22:41:55 +0000 (22:41 +0000)]
fix RBT_ENTRY in pf_state and pf_state_key
ok sashan@
tb [Sat, 7 Sep 2024 16:39:29 +0000 (16:39 +0000)]
Futhermore -> Furthermore
tb [Fri, 6 Sep 2024 14:56:57 +0000 (14:56 +0000)]
Prepare for an upcoming tlsfuzzer test that expects decode_error
when we send illegal_parameter. Shrug.
mbuhl [Fri, 6 Sep 2024 13:31:59 +0000 (13:31 +0000)]
Fix KUBSAN by adding invalid builtin detection, as needed by our current clang.
ok anton@
mbuhl [Fri, 6 Sep 2024 13:30:59 +0000 (13:30 +0000)]
Document float cast overflow detection.
ok anton@
jsg [Fri, 6 Sep 2024 10:54:08 +0000 (10:54 +0000)]
spelling; ok mglocker@
tb [Fri, 6 Sep 2024 09:57:32 +0000 (09:57 +0000)]
Reenable AES-NI in libcrypto
The OPENSSL_cpu_caps() change after the last bump missed a crucial bit:
there is more MD mess in the MI code than anticipated, with the result
that AES is now used without AES-NI on amd64 and i386, hurting machines
that previously greatly benefitted from it.
Temporarily add an internal crypto_cpu_caps_ia32() API that returns the
OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can
be improved after the release.
Regression reported and fix tested by Mark Patruck.
No impact on public ABI or API.
with/ok jsing
PS: Next time my pkg_add feels very slow, I should perhaps not mechanically
blame IEEE 802.11...
mpi [Fri, 6 Sep 2024 08:38:21 +0000 (08:38 +0000)]
Allow tracing interrupts by defering the wakeup(9) to a different context.
It is currently not safe to call wakeup(9) in interrupt handlers at a priority
higher than IPL_SCHED. As long as dt(4) relies on generic kernel primitives
we have to play tricks to be able to inspect more parts of the kernel. In this
case defer the wakeup(9) to a custom soft-interrupt. This will be good enough
as long as we don't add tracepoints to the soft-interrupt machinery. A more
complex & viable solution would be to not rely on the kernel generic IPC to
avoid recursion.
From visa@ and Christian Ludwig, ok claudio@
mpi [Fri, 6 Sep 2024 08:21:21 +0000 (08:21 +0000)]
Remove incorrect increment of the context switch counter.
From Christian Ludwig.
ok claudio@
mpi [Fri, 6 Sep 2024 08:00:36 +0000 (08:00 +0000)]
Regression for '%c'.
From Christian Ludwig.
mpi [Fri, 6 Sep 2024 07:58:50 +0000 (07:58 +0000)]
Interpret the argument of '%c' as an integer instead of a string.
From Christian Ludwig.
tb [Fri, 6 Sep 2024 07:48:20 +0000 (07:48 +0000)]
Adjust documentation to work without X509_LOOKUP_by_subject()
X509_LOOKUP_by_subject() was made internal a while back. Its documentation
was very detailed, so this was a bit of a tangle to undo.
miod [Fri, 6 Sep 2024 06:31:11 +0000 (06:31 +0000)]
Repair build with gcc.
anton [Fri, 6 Sep 2024 04:11:26 +0000 (04:11 +0000)]
sync
jsg [Fri, 6 Sep 2024 03:52:38 +0000 (03:52 +0000)]
match on Lunar Lake
jsg [Fri, 6 Sep 2024 03:48:52 +0000 (03:48 +0000)]
regen
jsg [Fri, 6 Sep 2024 03:48:20 +0000 (03:48 +0000)]
add Intel Lunar Lake ids
from:
Intel Core Ultra 200V Series Processors
Datasheet, Volume 1 of 2, Doc. No.: 829568, Rev.: 001
additional graphics ids from Mesa
djm [Fri, 6 Sep 2024 02:30:44 +0000 (02:30 +0000)]
make parsing user@host consistently look for the last '@' in the
string rather than the first. This makes it possible to use usernames
that contain '@' characters.
Prompted by Max Zettlmeißl; feedback/ok millert@
claudio [Thu, 5 Sep 2024 20:28:42 +0000 (20:28 +0000)]
Bump version
tb [Thu, 5 Sep 2024 16:17:56 +0000 (16:17 +0000)]
sync with base
tb [Thu, 5 Sep 2024 16:16:54 +0000 (16:16 +0000)]
Avoid out-of-bounds pointer arithmetic in inflateCopy().
from upstream, no ABI or API change.
ok beck deraadt
bluhm [Thu, 5 Sep 2024 08:52:27 +0000 (08:52 +0000)]
In ddb(4) print mbuf chain and packet list.
For debugging hardware offloading, DMA requirements, bounce buffers,
and performance optimizations, knowing the memory layout of mbuf
content helps.
Implement /c and /p modifiers in ddb show mbuf. It traverses the
pointer m_next for mbuf chain or m_nextpkt for packet list. Show
mbuf type, data offset, mbuf length, packet length, cluster size,
and total number of elements, length and size.
OK claudio@ mvs@
florian [Thu, 5 Sep 2024 08:22:46 +0000 (08:22 +0000)]
Sync to unbound 1.21.0; heavy lifting by sthen
parse_edns_from_query_pkt() grew a parameter to handle cookies, which
we don't use.
bluhm [Thu, 5 Sep 2024 07:57:14 +0000 (07:57 +0000)]
Update libexpat to version 2.6.3.
Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889
#892, other changes #886 #885, infrastructure #880. No library
bump necessary. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
OK tb@ deraadt@
jmc [Thu, 5 Sep 2024 06:39:53 +0000 (06:39 +0000)]
have sysmerge and sysupgrade Xr each other;
diff originally from peter n. m. hansteen
ok ajacoutot
jmc [Thu, 5 Sep 2024 06:33:04 +0000 (06:33 +0000)]
note that "|" and ":include:" are disallowed for root;
prompted by mail from illya meyer
ok gilles
jmc [Thu, 5 Sep 2024 06:30:52 +0000 (06:30 +0000)]
retire this older version of forward(5) to the attic
(whilst retaining the smtpd copy);
ok op gilles
jmc [Thu, 5 Sep 2024 05:51:46 +0000 (05:51 +0000)]
remove note falsely claiming that :include: is disallowed
(it is, but only for root, which i'll address in separate commit);
ok mp gilles
jsg [Thu, 5 Sep 2024 04:31:26 +0000 (04:31 +0000)]
drm/amd/display: avoid using null object of framebuffer
From Ma Ke
f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0 in linux-6.6.y/6.6.49
3b9a33235c773c7a3768060cf1d2cf8a9153bc37 in mainline linux
jsg [Thu, 5 Sep 2024 04:29:04 +0000 (04:29 +0000)]
drm/amdgpu/swsmu: always force a state reprogram on init
From Alex Deucher
39defab0ebf0872b7a84deafbe903c8e30da7748 in linux-6.6.y/6.6.49
d420c857d85777663e8d16adfc24463f5d5c2dbc in mainline linux
jsg [Thu, 5 Sep 2024 04:27:10 +0000 (04:27 +0000)]
drm/amdgpu: align pp_power_profile_mode with kernel docs
From Alex Deucher
11182b33faf3ee80f5ea042a465b26a23e257f8a in linux-6.6.y/6.6.49
8f614469de248a4bc55fb07e55d5f4c340c75b11 in mainline linux
dlg [Wed, 4 Sep 2024 23:57:20 +0000 (23:57 +0000)]
regen
dlg [Wed, 4 Sep 2024 23:56:43 +0000 (23:56 +0000)]
add PLX PEX 8718 and SK hynix PC601 devices.
The PEX 8718 is used on a QNAP QM2-2P-something card, and we have
a couple of pc601 nvme ssds plugged into it.
hastings [Wed, 4 Sep 2024 21:39:18 +0000 (21:39 +0000)]
Push acpi(4) _CRS parsing down after matching skippable and ISA hardware IDs.
ok kettenis@
beck [Wed, 4 Sep 2024 17:00:08 +0000 (17:00 +0000)]
Work around vnode reuse bug resulting in a panic: vop_generic_badop
Joel hit this frequently on the go builder, and this was
also found by szykiller
https://syzkaller.appspot.com/bug?extid=
58bdde9f7a1a407514a7
https://syzkaller.appspot.com/bug?extid=
5779bc64fc4fdd0a5140
This is based on a workaround originally done by visa@ and mbuhl@
but not committed or widely distributed.
Realistically this should be fixed more like the previous attempt
with vdoom, but my attempts to do this at the moment are colliding
with finding all sources of similar races, now that kernel unlocking
is exposing these previously existing bugs
for now, let's put in this ugly workaround
ok deraadt@
dv [Wed, 4 Sep 2024 16:12:40 +0000 (16:12 +0000)]
vmm: set highest cpuid feature leaf based on host cpu.
Fixes Linux guests on older Intel hardware. vmm was reporting a
value that doesn't match the host. Cap it at the highest value vmm
currently emulates.
ok bluhm@, ratchov@
job [Wed, 4 Sep 2024 15:46:43 +0000 (15:46 +0000)]
Remove deprecated '-r' command line option
OK tb@ claudio@
claudio [Wed, 4 Sep 2024 15:06:36 +0000 (15:06 +0000)]
Qualifying nexthops via BGP does not properly work since nexthops need
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
jsg [Wed, 4 Sep 2024 14:24:10 +0000 (14:24 +0000)]
list the other doc pspvar.h mentions, add publication numbers
ok jmc@
deraadt [Wed, 4 Sep 2024 14:18:36 +0000 (14:18 +0000)]
correct .OBJDIR use; from Denis Bodor
jsg [Wed, 4 Sep 2024 13:45:25 +0000 (13:45 +0000)]
regen
claudio [Wed, 4 Sep 2024 13:30:10 +0000 (13:30 +0000)]
Call pfkey_remove() only after the Session Engine finished reloading its
configuration. Doing so before could result in some messages being sent
out without proper TCP-MD5 signature.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/82
OK tb@
jsg [Wed, 4 Sep 2024 11:12:53 +0000 (11:12 +0000)]
add psp(4) manual page
ok jmc@ bluhm@
sthen [Wed, 4 Sep 2024 09:36:40 +0000 (09:36 +0000)]
merge unbound 1.21.0
sthen [Wed, 4 Sep 2024 09:35:34 +0000 (09:35 +0000)]
import unbound 1.21.0, ok phessler florian
sf [Wed, 4 Sep 2024 09:12:55 +0000 (09:12 +0000)]
vio: put enqueue and dmasync into a function
Before we enqueue with VIO_DMAMEM_ENQUEUE(), we always sync with
VIO_DMAMEM_SYNC(). In order to reduce verbosity, create a function that
does both.
ok bluhm@
sthen [Wed, 4 Sep 2024 09:07:03 +0000 (09:07 +0000)]
Update bsd.port.mk(5) DISTFILES* description - it no longer uses :0 to :9
to select different SITES, the mechanism changed to SITES.somename /
DISTFILES.somename.
jsg [Wed, 4 Sep 2024 08:14:18 +0000 (08:14 +0000)]
wrap long lines
mglocker [Wed, 4 Sep 2024 07:54:51 +0000 (07:54 +0000)]
Fix some spelling.
Input and ok jmc@, jsg@
tb [Wed, 4 Sep 2024 07:52:45 +0000 (07:52 +0000)]
Missing RCSID
jsg [Wed, 4 Sep 2024 07:47:21 +0000 (07:47 +0000)]
remove unused timeout from softc
jsg [Wed, 4 Sep 2024 07:45:08 +0000 (07:45 +0000)]
make psp attach to ccp as a different driver
'fine with me' hshoexer, ok bluhm@
sf [Wed, 4 Sep 2024 06:36:33 +0000 (06:36 +0000)]
vio: style fixes
ok bluhm@
sf [Wed, 4 Sep 2024 06:34:08 +0000 (06:34 +0000)]
vio: Re-arrange structs for multi-queue
Move per-queue data structures into a new struct vio_queue and adjust
mem allocation. Only one queue is allocated for now.
ok bluhm@
djm [Wed, 4 Sep 2024 05:33:34 +0000 (05:33 +0000)]
be more strict in parsing key type names. Only allow shortnames (e.g
"rsa") in user-interface code and require full SSH protocol names (e.g.
"ssh-rsa") everywhere else.
Prompted by bz3725; ok markus@
djm [Wed, 4 Sep 2024 05:11:33 +0000 (05:11 +0000)]
fix RCSID in output
tb [Wed, 4 Sep 2024 04:36:14 +0000 (04:36 +0000)]
Remove openssl 1.1 regress
tb [Wed, 4 Sep 2024 04:35:30 +0000 (04:35 +0000)]
Unlink OpenSSL 1.1 regress
tb [Wed, 4 Sep 2024 04:35:05 +0000 (04:35 +0000)]
Link openssl 3.2 regress to build
tb [Wed, 4 Sep 2024 04:34:14 +0000 (04:34 +0000)]
Add regress against OpenSSL 3.2
OpenSSL 1.1 is dead. This directory will use the default version in ports
(currently 3.2) for regress testing.
op [Tue, 3 Sep 2024 18:27:04 +0000 (18:27 +0000)]
fix some typos; courtesy of codespell; ok gilles@
op [Tue, 3 Sep 2024 18:21:55 +0000 (18:21 +0000)]
typo in comment; Effectivly -> Effectively; ok gilles@
op [Tue, 3 Sep 2024 18:20:35 +0000 (18:20 +0000)]
typo in comment; saveguard -> safeguard; ok gilles@
bluhm [Tue, 3 Sep 2024 17:19:53 +0000 (17:19 +0000)]
For virtual addresses use fixed page frame without AMD SEV reduction.
When running as a SEV guest, page frame mask is calculated from the
CPUID provided "physical address bit reduction". The amd64 pmap
code uses the variable pg_frame instead of the defined PG_FRAME
0x000ffffffffff000.
There was one instance in pmap code where pg_frame was applied to
virtual address, not physical address. On some machines the address
bit reduction is rather large with six bits. So the calculated
pg_frame is 0x00003fffffe00000. However, on amd64 VM_MAX_ADDRESS
is defined as 0x00007fbfdfeff000. Masking a such large address
with pg_frame caused havoc. Therefore, when masking virtual
addresses, still use PG_FRAME.
from hshoexer@
deraadt [Tue, 3 Sep 2024 17:05:59 +0000 (17:05 +0000)]
wild white space
tb [Tue, 3 Sep 2024 15:37:03 +0000 (15:37 +0000)]
Make state file parsing errors more explicit. Also don't leak the deltas.
joint effort with/ok claudio
deraadt [Tue, 3 Sep 2024 15:28:58 +0000 (15:28 +0000)]
sync
job [Tue, 3 Sep 2024 15:04:48 +0000 (15:04 +0000)]
Also gate SPL statistics behind 'experimental' command line option
This changes the JSON output, without -x some keys are missing from 'metadata'
OK tb@
dv [Tue, 3 Sep 2024 13:36:19 +0000 (13:36 +0000)]
vmm(4)/vmx: avoid VPID leakage by allocating at vcpu init.
VPID allocation being dependent on the host and guest config
(consequently pushing it into the reset register handler) creates
a leak where previous VPIDs are not freed if the hypervisor program
resets a vcpu's registers.
Recent SVM related changes pulled the VPID (ASID in AMD world)
allocation up into vcpu initialization. This change does the same
for VMX and cleans up appropriate logic. Minor changes to keep SVM
and VMX styles in line with each other.
ok bluhm@
claudio [Tue, 3 Sep 2024 13:31:31 +0000 (13:31 +0000)]
In rrdp_session_parse() set the last_reset time to now if the .state file
does not exist.
OK tb@
gilles [Tue, 3 Sep 2024 12:07:40 +0000 (12:07 +0000)]
bump version
bluhm [Tue, 3 Sep 2024 09:36:12 +0000 (09:36 +0000)]
regen
bluhm [Tue, 3 Sep 2024 09:35:46 +0000 (09:35 +0000)]
For AMD SEV create /dev/psp.
To call ioctl(2) for the platform security processor (PSP), vmd(8)
needs a device file. It is currently linked to the cryptographic
co-processor ccp(4). We may split this into a separate psp(4)
device.
from hshoexer@; input jsg@
tb [Tue, 3 Sep 2024 08:49:16 +0000 (08:49 +0000)]
check_sym: adjust logic not to exit 1 in the default dynamic mode
ok guenther
jmc [Tue, 3 Sep 2024 06:17:48 +0000 (06:17 +0000)]
envrionment -> environment;
djm [Tue, 3 Sep 2024 05:58:56 +0000 (05:58 +0000)]
regression test for Include variable expansion
djm [Tue, 3 Sep 2024 05:29:55 +0000 (05:29 +0000)]
allow the "Include" directive to expand the same set of %-tokens
that "Match Exec" and environment variables.
ok dtucker@
anton [Tue, 3 Sep 2024 04:59:03 +0000 (04:59 +0000)]
Fix test_fork() prototype.
anton [Tue, 3 Sep 2024 04:58:30 +0000 (04:58 +0000)]
Stop invoking diff(1) from C in access unveil regress, instead perform
the diffing from the make target.
anton [Tue, 3 Sep 2024 04:58:00 +0000 (04:58 +0000)]
Adjust expected output after recent X_OK changes.
jsg [Tue, 3 Sep 2024 00:23:05 +0000 (00:23 +0000)]
move psp functions to psp.c and remove the ifdefs
ok bluhm@ hshoexer@
deraadt [Mon, 2 Sep 2024 16:39:03 +0000 (16:39 +0000)]
sync
deraadt [Mon, 2 Sep 2024 16:37:58 +0000 (16:37 +0000)]
In our fight against the cosmos, in the chaos of the source tree, we
deleted the greek quiz. Some people felt trauma, and called out our
hubris. At my request, Carson Harding performed a metamorphosis of
the quiz -- kudos to him! After playing, I consider it the acme of
quizzes.
ok jmc mglocker