openbsd
7 weeks agodrm/amd/pm: fix uninitialized variable warning
jsg [Mon, 9 Sep 2024 08:31:19 +0000 (08:31 +0000)]
drm/amd/pm: fix uninitialized variable warning

From Jesse Zhang
fc0cb02efdfbf8f913417bb06ac16a1a985523e7 in linux-6.6.y/6.6.50
7c836905520703dbc8b938993b6d4d718bc739f3 in mainline linux

7 weeks agodrm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
jsg [Mon, 9 Sep 2024 08:29:45 +0000 (08:29 +0000)]
drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc

From Ma Jun
a2f2beaba783e5e99b05bb455b701257e6f1fa37 in linux-6.6.y/6.6.50
579f0c21baec9e7506b6bb3f60f0a9b6d07693b4 in mainline linux

7 weeks agodrm/amdgpu: fix overflowed array index read warning
jsg [Mon, 9 Sep 2024 08:27:57 +0000 (08:27 +0000)]
drm/amdgpu: fix overflowed array index read warning

From Tim Huang
da22d1b98d9d3a1bfd62bd291b10d57b0f19d6e5 in linux-6.6.y/6.6.50
ebbc2ada5c636a6a63d8316a3408753768f5aa9f in mainline linux

7 weeks agodrm/amd/display: Assign linear_pitch_alignment even for VM
jsg [Mon, 9 Sep 2024 08:26:08 +0000 (08:26 +0000)]
drm/amd/display: Assign linear_pitch_alignment even for VM

From Alvin Lee
d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997 in linux-6.6.y/6.6.50
984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 in mainline linux

7 weeks agodrm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
jsg [Mon, 9 Sep 2024 08:22:35 +0000 (08:22 +0000)]
drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr

From Ma Jun
761964b756c6e760e8af25e383b7f0a8cc473ac0 in linux-6.6.y/6.6.50
c0d6bd3cd209419cc46ac49562bef1db65d90e70 in mainline linux

7 weeks agodrm: panel-orientation-quirks: Add quirk for OrangePi Neo
jsg [Mon, 9 Sep 2024 08:21:03 +0000 (08:21 +0000)]
drm: panel-orientation-quirks: Add quirk for OrangePi Neo

From Philip Mueller
512bd0cd535bf9b819e638585d5fc69e97d2663b in linux-6.6.y/6.6.50
d60c429610a14560085d98fa6f4cdb43040ca8f0 in mainline linux

7 weeks agodrm/fb-helper: Don't schedule_work() to flush frame buffer during panic()
jsg [Mon, 9 Sep 2024 08:18:38 +0000 (08:18 +0000)]
drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()

From Qiuxu Zhuo
d5618eaea8868e2534c375b8a512693658068cf8 in linux-6.6.y/6.6.50
833cd3e9ad8360785b6c23c82dd3856df00732d9 in mainline linux

7 weeks agoMake error 235 resolve to "no application protocol"
tb [Mon, 9 Sep 2024 07:40:03 +0000 (07:40 +0000)]
Make error 235 resolve to "no application protocol"

We accidentally have two errors 235 since we didn't notice that OpenSSL
removed the unused SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER and later that
becamse SSL_R_NO_APPLICATION_PROTOCOL. Getting an "unsupported cipher"
error when fiddling with ALPN is confusing, so fix that.

ok jsing

7 weeks agoDocument 'socket' and 'sockbuf' structures locking.
mvs [Mon, 9 Sep 2024 07:38:45 +0000 (07:38 +0000)]
Document 'socket' and 'sockbuf' structures locking.

`so_oobmark' marked as [mr]. It is accessed in reception path and
corresponding SS_RCVATMARK flag belongs `so_rcv' buffer. However, it is
still protected by exclusive solock()/netlock.

No functional changes.

ok bluhm

7 weeks agoDon't take netlock while setting `if_description'.
mvs [Mon, 9 Sep 2024 07:37:47 +0000 (07:37 +0000)]
Don't take netlock while setting `if_description'.

net/if_pppx.c is the only place where `if_description' accessed outside
ifioctl() path and there is no reason to take netlock here. SIOCSIFDESCR
case of ifioctl() modifies `if_description' with the only kernel lock.

ok bluhm

7 weeks agoAdd triple-dots to synopsis as multiple name[=value] arguments may be given
kn [Mon, 9 Sep 2024 05:36:17 +0000 (05:36 +0000)]
Add triple-dots to synopsis as multiple name[=value] arguments may be given

OK jmc sobrado

7 weeks agoFix alert callback in the QUIC layer
tb [Mon, 9 Sep 2024 03:55:55 +0000 (03:55 +0000)]
Fix alert callback in the QUIC layer

Only close_notify and user_cancelled are warning alerts. All others
should be fatal. In order for the lower layers to behave correctly,
the return code for fatal alerts needs to be TLS13_IO_ALERT instead
of TLS13_IO_SUCCESS.

Failure to signal handshake failure in the public API led to a crash
in HAProxy when forcing the tls cipher to TLS_AES_128_CCM_SHA256 as
found by haproxyfred while investigating
https://github.com/haproxy/haproxy/issues/2569

Kenjiro Nakayama found misbehavior of ngtcp2-based servers, wrote a
similar patch and tested this version.

Fixes https://github.com/libressl/portable/issues/1093

ok jsing

7 weeks agomove some server only functions from nfs_subs.c to nfs_srvsubs.c
jsg [Mon, 9 Sep 2024 03:50:14 +0000 (03:50 +0000)]
move some server only functions from nfs_subs.c to nfs_srvsubs.c
saves space on ramdisks that have option NFSCLIENT

initial diff from and ok miod@

7 weeks agoAdd and use tls13_record_layer_alert_sent()
tb [Mon, 9 Sep 2024 03:32:29 +0000 (03:32 +0000)]
Add and use tls13_record_layer_alert_sent()

This is a small refactoring that wraps a direct call to the record layer's
alert_sent() callback into a handler for upcoming reuse in the QUIC code.

No functional change.

ok jsing

7 weeks agotest mlkem768x25519-sha256
djm [Mon, 9 Sep 2024 03:13:39 +0000 (03:13 +0000)]
test mlkem768x25519-sha256

7 weeks agopull post-quantum ML-KEM/x25519 key exchange out from compile-time
djm [Mon, 9 Sep 2024 02:39:57 +0000 (02:39 +0000)]
pull post-quantum ML-KEM/x25519 key exchange out from compile-time
flag now than an IANA codepoint has been assigned for the algorithm.

Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot.

ok markus@

7 weeks agorpki-client: fix typos in comments and one in a warning message
tb [Sun, 8 Sep 2024 07:23:36 +0000 (07:23 +0000)]
rpki-client: fix typos in comments and one in a warning message

7 weeks agofix RBT_ENTRY in pf_state and pf_state_key
aisha [Sat, 7 Sep 2024 22:41:55 +0000 (22:41 +0000)]
fix RBT_ENTRY in pf_state and pf_state_key

ok sashan@

7 weeks agoFuthermore -> Furthermore
tb [Sat, 7 Sep 2024 16:39:29 +0000 (16:39 +0000)]
Futhermore -> Furthermore

7 weeks agoPrepare for an upcoming tlsfuzzer test that expects decode_error
tb [Fri, 6 Sep 2024 14:56:57 +0000 (14:56 +0000)]
Prepare for an upcoming tlsfuzzer test that expects decode_error
when we send illegal_parameter. Shrug.

7 weeks agoFix KUBSAN by adding invalid builtin detection, as needed by our current clang.
mbuhl [Fri, 6 Sep 2024 13:31:59 +0000 (13:31 +0000)]
Fix KUBSAN by adding invalid builtin detection, as needed by our current clang.
ok anton@

7 weeks agoDocument float cast overflow detection.
mbuhl [Fri, 6 Sep 2024 13:30:59 +0000 (13:30 +0000)]
Document float cast overflow detection.
ok anton@

7 weeks agospelling; ok mglocker@
jsg [Fri, 6 Sep 2024 10:54:08 +0000 (10:54 +0000)]
spelling; ok mglocker@

7 weeks agoReenable AES-NI in libcrypto
tb [Fri, 6 Sep 2024 09:57:32 +0000 (09:57 +0000)]
Reenable AES-NI in libcrypto

The OPENSSL_cpu_caps() change after the last bump missed a crucial bit:
there is more MD mess in the MI code than anticipated, with the result
that AES is now used without AES-NI on amd64 and i386, hurting machines
that previously greatly benefitted from it.

Temporarily add an internal crypto_cpu_caps_ia32() API that returns the
OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can
be improved after the release.

Regression reported and fix tested by Mark Patruck.
No impact on public ABI or API.

with/ok jsing

PS: Next time my pkg_add feels very slow, I should perhaps not mechanically
blame IEEE 802.11...

7 weeks agoAllow tracing interrupts by defering the wakeup(9) to a different context.
mpi [Fri, 6 Sep 2024 08:38:21 +0000 (08:38 +0000)]
Allow tracing interrupts by defering the wakeup(9) to a different context.

It is currently not safe to call wakeup(9) in interrupt handlers at a priority
higher than IPL_SCHED.  As long as dt(4) relies on generic kernel primitives
we have to play tricks to be able to inspect more parts of the kernel.  In this
case defer the wakeup(9) to a custom soft-interrupt.  This will be good enough
as long as we don't add tracepoints to the soft-interrupt machinery.  A more
complex & viable solution would be to not rely on the kernel generic IPC to
avoid recursion.

From visa@ and Christian Ludwig, ok claudio@

7 weeks agoRemove incorrect increment of the context switch counter.
mpi [Fri, 6 Sep 2024 08:21:21 +0000 (08:21 +0000)]
Remove incorrect increment of the context switch counter.

From Christian Ludwig.

ok claudio@

7 weeks agoRegression for '%c'.
mpi [Fri, 6 Sep 2024 08:00:36 +0000 (08:00 +0000)]
Regression for '%c'.

From Christian Ludwig.

7 weeks agoInterpret the argument of '%c' as an integer instead of a string.
mpi [Fri, 6 Sep 2024 07:58:50 +0000 (07:58 +0000)]
Interpret the argument of '%c' as an integer instead of a string.

From Christian Ludwig.

7 weeks agoAdjust documentation to work without X509_LOOKUP_by_subject()
tb [Fri, 6 Sep 2024 07:48:20 +0000 (07:48 +0000)]
Adjust documentation to work without X509_LOOKUP_by_subject()

X509_LOOKUP_by_subject() was made internal a while back. Its documentation
was very detailed, so this was a bit of a tangle to undo.

7 weeks agoRepair build with gcc.
miod [Fri, 6 Sep 2024 06:31:11 +0000 (06:31 +0000)]
Repair build with gcc.

7 weeks agosync
anton [Fri, 6 Sep 2024 04:11:26 +0000 (04:11 +0000)]
sync

7 weeks agomatch on Lunar Lake
jsg [Fri, 6 Sep 2024 03:52:38 +0000 (03:52 +0000)]
match on Lunar Lake

7 weeks agoregen
jsg [Fri, 6 Sep 2024 03:48:52 +0000 (03:48 +0000)]
regen

7 weeks agoadd Intel Lunar Lake ids
jsg [Fri, 6 Sep 2024 03:48:20 +0000 (03:48 +0000)]
add Intel Lunar Lake ids

from:
Intel Core Ultra 200V Series Processors
Datasheet, Volume 1 of 2, Doc. No.: 829568, Rev.: 001

additional graphics ids from Mesa

7 weeks agomake parsing user@host consistently look for the last '@' in the
djm [Fri, 6 Sep 2024 02:30:44 +0000 (02:30 +0000)]
make parsing user@host consistently look for the last '@' in the
string rather than the first. This makes it possible to use usernames
that contain '@' characters.

Prompted by Max Zettlmeißl; feedback/ok millert@

7 weeks agoBump version
claudio [Thu, 5 Sep 2024 20:28:42 +0000 (20:28 +0000)]
Bump version

7 weeks agosync with base
tb [Thu, 5 Sep 2024 16:17:56 +0000 (16:17 +0000)]
sync with base

7 weeks agoAvoid out-of-bounds pointer arithmetic in inflateCopy().
tb [Thu, 5 Sep 2024 16:16:54 +0000 (16:16 +0000)]
Avoid out-of-bounds pointer arithmetic in inflateCopy().

from upstream, no ABI or API change.
ok beck deraadt

7 weeks agoIn ddb(4) print mbuf chain and packet list.
bluhm [Thu, 5 Sep 2024 08:52:27 +0000 (08:52 +0000)]
In ddb(4) print mbuf chain and packet list.

For debugging hardware offloading, DMA requirements, bounce buffers,
and performance optimizations, knowing the memory layout of mbuf
content helps.
Implement /c and /p modifiers in ddb show mbuf.  It traverses the
pointer m_next for mbuf chain or m_nextpkt for packet list.  Show
mbuf type, data offset, mbuf length, packet length, cluster size,
and total number of elements, length and size.

OK claudio@ mvs@

7 weeks agoSync to unbound 1.21.0; heavy lifting by sthen
florian [Thu, 5 Sep 2024 08:22:46 +0000 (08:22 +0000)]
Sync to unbound 1.21.0; heavy lifting by sthen

parse_edns_from_query_pkt() grew a parameter to handle cookies, which
we don't use.

7 weeks agoUpdate libexpat to version 2.6.3.
bluhm [Thu, 5 Sep 2024 07:57:14 +0000 (07:57 +0000)]
Update libexpat to version 2.6.3.

Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889
#892, other changes #886 #885, infrastructure #880.  No library
bump necessary.  CVE-2024-45490 CVE-2024-45491 CVE-2024-45492

OK tb@ deraadt@

7 weeks agohave sysmerge and sysupgrade Xr each other;
jmc [Thu, 5 Sep 2024 06:39:53 +0000 (06:39 +0000)]
have sysmerge and sysupgrade Xr each other;
diff originally from peter n. m. hansteen

ok ajacoutot

7 weeks agonote that "|" and ":include:" are disallowed for root;
jmc [Thu, 5 Sep 2024 06:33:04 +0000 (06:33 +0000)]
note that "|" and ":include:" are disallowed for root;
prompted by mail from illya meyer

ok gilles

7 weeks agoretire this older version of forward(5) to the attic
jmc [Thu, 5 Sep 2024 06:30:52 +0000 (06:30 +0000)]
retire this older version of forward(5) to the attic
(whilst retaining the smtpd copy);

ok op gilles

7 weeks agoremove note falsely claiming that :include: is disallowed
jmc [Thu, 5 Sep 2024 05:51:46 +0000 (05:51 +0000)]
remove note falsely claiming that :include: is disallowed
(it is, but only for root, which i'll address in separate commit);

ok mp gilles

7 weeks agodrm/amd/display: avoid using null object of framebuffer
jsg [Thu, 5 Sep 2024 04:31:26 +0000 (04:31 +0000)]
drm/amd/display: avoid using null object of framebuffer

From Ma Ke
f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0 in linux-6.6.y/6.6.49
3b9a33235c773c7a3768060cf1d2cf8a9153bc37 in mainline linux

7 weeks agodrm/amdgpu/swsmu: always force a state reprogram on init
jsg [Thu, 5 Sep 2024 04:29:04 +0000 (04:29 +0000)]
drm/amdgpu/swsmu: always force a state reprogram on init

From Alex Deucher
39defab0ebf0872b7a84deafbe903c8e30da7748 in linux-6.6.y/6.6.49
d420c857d85777663e8d16adfc24463f5d5c2dbc in mainline linux

7 weeks agodrm/amdgpu: align pp_power_profile_mode with kernel docs
jsg [Thu, 5 Sep 2024 04:27:10 +0000 (04:27 +0000)]
drm/amdgpu: align pp_power_profile_mode with kernel docs

From Alex Deucher
11182b33faf3ee80f5ea042a465b26a23e257f8a in linux-6.6.y/6.6.49
8f614469de248a4bc55fb07e55d5f4c340c75b11 in mainline linux

7 weeks agoregen
dlg [Wed, 4 Sep 2024 23:57:20 +0000 (23:57 +0000)]
regen

7 weeks agoadd PLX PEX 8718 and SK hynix PC601 devices.
dlg [Wed, 4 Sep 2024 23:56:43 +0000 (23:56 +0000)]
add PLX PEX 8718 and SK hynix PC601 devices.

The PEX 8718 is used on a QNAP QM2-2P-something card, and we have
a couple of pc601 nvme ssds plugged into it.

8 weeks agoPush acpi(4) _CRS parsing down after matching skippable and ISA hardware IDs.
hastings [Wed, 4 Sep 2024 21:39:18 +0000 (21:39 +0000)]
Push acpi(4) _CRS parsing down after matching skippable and ISA hardware IDs.

ok kettenis@

8 weeks agoWork around vnode reuse bug resulting in a panic: vop_generic_badop
beck [Wed, 4 Sep 2024 17:00:08 +0000 (17:00 +0000)]
Work around vnode reuse bug resulting in a panic: vop_generic_badop

Joel hit this frequently on the go builder, and this was
also found by szykiller

https://syzkaller.appspot.com/bug?extid=58bdde9f7a1a407514a7
https://syzkaller.appspot.com/bug?extid=5779bc64fc4fdd0a5140

This is based on a workaround originally done by visa@ and mbuhl@
but not committed or widely distributed.

Realistically this should be fixed more like the previous attempt
with vdoom, but my attempts to do this at the moment are colliding
with finding all sources of similar races, now that kernel unlocking
is exposing these previously existing bugs

for now, let's put in this ugly workaround

ok deraadt@

8 weeks agovmm: set highest cpuid feature leaf based on host cpu.
dv [Wed, 4 Sep 2024 16:12:40 +0000 (16:12 +0000)]
vmm: set highest cpuid feature leaf based on host cpu.

Fixes Linux guests on older Intel hardware. vmm was reporting a
value that doesn't match the host. Cap it at the highest value vmm
currently emulates.

ok bluhm@, ratchov@

8 weeks agoRemove deprecated '-r' command line option
job [Wed, 4 Sep 2024 15:46:43 +0000 (15:46 +0000)]
Remove deprecated '-r' command line option

OK tb@ claudio@

8 weeks agoQualifying nexthops via BGP does not properly work since nexthops need
claudio [Wed, 4 Sep 2024 15:06:36 +0000 (15:06 +0000)]
Qualifying nexthops via BGP does not properly work since nexthops need
to be rechecked when a BGP route is added (or changed).

We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.

Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.

Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@

8 weeks agolist the other doc pspvar.h mentions, add publication numbers
jsg [Wed, 4 Sep 2024 14:24:10 +0000 (14:24 +0000)]
list the other doc pspvar.h mentions, add publication numbers
ok jmc@

8 weeks agocorrect .OBJDIR use; from Denis Bodor
deraadt [Wed, 4 Sep 2024 14:18:36 +0000 (14:18 +0000)]
correct .OBJDIR use; from Denis Bodor

8 weeks agoregen
jsg [Wed, 4 Sep 2024 13:45:25 +0000 (13:45 +0000)]
regen

8 weeks agoCall pfkey_remove() only after the Session Engine finished reloading its
claudio [Wed, 4 Sep 2024 13:30:10 +0000 (13:30 +0000)]
Call pfkey_remove() only after the Session Engine finished reloading its
configuration. Doing so before could result in some messages being sent
out without proper TCP-MD5 signature.

Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/82
OK tb@

8 weeks agoadd psp(4) manual page
jsg [Wed, 4 Sep 2024 11:12:53 +0000 (11:12 +0000)]
add psp(4) manual page
ok jmc@ bluhm@

8 weeks agomerge unbound 1.21.0
sthen [Wed, 4 Sep 2024 09:36:40 +0000 (09:36 +0000)]
merge unbound 1.21.0

8 weeks agoimport unbound 1.21.0, ok phessler florian
sthen [Wed, 4 Sep 2024 09:35:34 +0000 (09:35 +0000)]
import unbound 1.21.0, ok phessler florian

8 weeks agovio: put enqueue and dmasync into a function
sf [Wed, 4 Sep 2024 09:12:55 +0000 (09:12 +0000)]
vio: put enqueue and dmasync into a function

Before we enqueue with VIO_DMAMEM_ENQUEUE(), we always sync with
VIO_DMAMEM_SYNC(). In order to reduce verbosity, create a function that
does both.

ok bluhm@

8 weeks agoUpdate bsd.port.mk(5) DISTFILES* description - it no longer uses :0 to :9
sthen [Wed, 4 Sep 2024 09:07:03 +0000 (09:07 +0000)]
Update bsd.port.mk(5) DISTFILES* description - it no longer uses :0 to :9
to select different SITES, the mechanism changed to SITES.somename /
DISTFILES.somename.

8 weeks agowrap long lines
jsg [Wed, 4 Sep 2024 08:14:18 +0000 (08:14 +0000)]
wrap long lines

8 weeks agoFix some spelling.
mglocker [Wed, 4 Sep 2024 07:54:51 +0000 (07:54 +0000)]
Fix some spelling.

Input and ok jmc@, jsg@

8 weeks agoMissing RCSID
tb [Wed, 4 Sep 2024 07:52:45 +0000 (07:52 +0000)]
Missing RCSID

8 weeks agoremove unused timeout from softc
jsg [Wed, 4 Sep 2024 07:47:21 +0000 (07:47 +0000)]
remove unused timeout from softc

8 weeks agomake psp attach to ccp as a different driver
jsg [Wed, 4 Sep 2024 07:45:08 +0000 (07:45 +0000)]
make psp attach to ccp as a different driver
'fine with me' hshoexer, ok bluhm@

8 weeks agovio: style fixes
sf [Wed, 4 Sep 2024 06:36:33 +0000 (06:36 +0000)]
vio: style fixes

ok bluhm@

8 weeks agovio: Re-arrange structs for multi-queue
sf [Wed, 4 Sep 2024 06:34:08 +0000 (06:34 +0000)]
vio: Re-arrange structs for multi-queue

Move per-queue data structures into a new struct vio_queue and adjust
mem allocation. Only one queue is allocated for now.

ok bluhm@

8 weeks agobe more strict in parsing key type names. Only allow shortnames (e.g
djm [Wed, 4 Sep 2024 05:33:34 +0000 (05:33 +0000)]
be more strict in parsing key type names. Only allow shortnames (e.g
"rsa") in user-interface code and require full SSH protocol names (e.g.
"ssh-rsa") everywhere else.

Prompted by bz3725; ok markus@

8 weeks agofix RCSID in output
djm [Wed, 4 Sep 2024 05:11:33 +0000 (05:11 +0000)]
fix RCSID in output

8 weeks agoRemove openssl 1.1 regress
tb [Wed, 4 Sep 2024 04:36:14 +0000 (04:36 +0000)]
Remove openssl 1.1 regress

8 weeks agoUnlink OpenSSL 1.1 regress
tb [Wed, 4 Sep 2024 04:35:30 +0000 (04:35 +0000)]
Unlink OpenSSL 1.1 regress

8 weeks agoLink openssl 3.2 regress to build
tb [Wed, 4 Sep 2024 04:35:05 +0000 (04:35 +0000)]
Link openssl 3.2 regress to build

8 weeks agoAdd regress against OpenSSL 3.2
tb [Wed, 4 Sep 2024 04:34:14 +0000 (04:34 +0000)]
Add regress against OpenSSL 3.2

OpenSSL 1.1 is dead. This directory will use the default version in ports
(currently 3.2) for regress testing.

8 weeks agofix some typos; courtesy of codespell; ok gilles@
op [Tue, 3 Sep 2024 18:27:04 +0000 (18:27 +0000)]
fix some typos;  courtesy of codespell;  ok gilles@

8 weeks agotypo in comment; Effectivly -> Effectively; ok gilles@
op [Tue, 3 Sep 2024 18:21:55 +0000 (18:21 +0000)]
typo in comment; Effectivly -> Effectively; ok gilles@

8 weeks agotypo in comment; saveguard -> safeguard; ok gilles@
op [Tue, 3 Sep 2024 18:20:35 +0000 (18:20 +0000)]
typo in comment; saveguard -> safeguard; ok gilles@

8 weeks agoFor virtual addresses use fixed page frame without AMD SEV reduction.
bluhm [Tue, 3 Sep 2024 17:19:53 +0000 (17:19 +0000)]
For virtual addresses use fixed page frame without AMD SEV reduction.

When running as a SEV guest, page frame mask is calculated from the
CPUID provided "physical address bit reduction".  The amd64 pmap
code uses the variable pg_frame instead of the defined PG_FRAME
0x000ffffffffff000.
There was one instance in pmap code where pg_frame was applied to
virtual address, not physical address.  On some machines the address
bit reduction is rather large with six bits.  So the calculated
pg_frame is 0x00003fffffe00000.  However, on amd64 VM_MAX_ADDRESS
is defined as 0x00007fbfdfeff000.  Masking a such large address
with pg_frame caused havoc.  Therefore, when masking virtual
addresses, still use PG_FRAME.

from hshoexer@

8 weeks agowild white space
deraadt [Tue, 3 Sep 2024 17:05:59 +0000 (17:05 +0000)]
wild white space

8 weeks agoMake state file parsing errors more explicit. Also don't leak the deltas.
tb [Tue, 3 Sep 2024 15:37:03 +0000 (15:37 +0000)]
Make state file parsing errors more explicit. Also don't leak the deltas.

joint effort with/ok claudio

8 weeks agosync
deraadt [Tue, 3 Sep 2024 15:28:58 +0000 (15:28 +0000)]
sync

8 weeks agoAlso gate SPL statistics behind 'experimental' command line option
job [Tue, 3 Sep 2024 15:04:48 +0000 (15:04 +0000)]
Also gate SPL statistics behind 'experimental' command line option

This changes the JSON output, without -x some keys are missing from 'metadata'

OK tb@

8 weeks agovmm(4)/vmx: avoid VPID leakage by allocating at vcpu init.
dv [Tue, 3 Sep 2024 13:36:19 +0000 (13:36 +0000)]
vmm(4)/vmx: avoid VPID leakage by allocating at vcpu init.

VPID allocation being dependent on the host and guest config
(consequently pushing it into the reset register handler) creates
a leak where previous VPIDs are not freed if the hypervisor program
resets a vcpu's registers.

Recent SVM related changes pulled the VPID (ASID in AMD world)
allocation up into vcpu initialization. This change does the same
for VMX and cleans up appropriate logic. Minor changes to keep SVM
and VMX styles in line with each other.

ok bluhm@

8 weeks agoIn rrdp_session_parse() set the last_reset time to now if the .state file
claudio [Tue, 3 Sep 2024 13:31:31 +0000 (13:31 +0000)]
In rrdp_session_parse() set the last_reset time to now if the .state file
does not exist.
OK tb@

8 weeks agobump version
gilles [Tue, 3 Sep 2024 12:07:40 +0000 (12:07 +0000)]
bump version

8 weeks agoregen
bluhm [Tue, 3 Sep 2024 09:36:12 +0000 (09:36 +0000)]
regen

8 weeks agoFor AMD SEV create /dev/psp.
bluhm [Tue, 3 Sep 2024 09:35:46 +0000 (09:35 +0000)]
For AMD SEV create /dev/psp.

To call ioctl(2) for the platform security processor (PSP), vmd(8)
needs a device file.  It is currently linked to the cryptographic
co-processor ccp(4).  We may split this into a separate psp(4)
device.

from hshoexer@; input jsg@

8 weeks agocheck_sym: adjust logic not to exit 1 in the default dynamic mode
tb [Tue, 3 Sep 2024 08:49:16 +0000 (08:49 +0000)]
check_sym: adjust logic not to exit 1 in the default dynamic mode

ok guenther

8 weeks agoenvrionment -> environment;
jmc [Tue, 3 Sep 2024 06:17:48 +0000 (06:17 +0000)]
envrionment -> environment;

8 weeks agoregression test for Include variable expansion
djm [Tue, 3 Sep 2024 05:58:56 +0000 (05:58 +0000)]
regression test for Include variable expansion

8 weeks agoallow the "Include" directive to expand the same set of %-tokens
djm [Tue, 3 Sep 2024 05:29:55 +0000 (05:29 +0000)]
allow the "Include" directive to expand the same set of %-tokens
that "Match Exec" and environment variables.

ok dtucker@

8 weeks agoFix test_fork() prototype.
anton [Tue, 3 Sep 2024 04:59:03 +0000 (04:59 +0000)]
Fix test_fork() prototype.

8 weeks agoStop invoking diff(1) from C in access unveil regress, instead perform
anton [Tue, 3 Sep 2024 04:58:30 +0000 (04:58 +0000)]
Stop invoking diff(1) from C in access unveil regress, instead perform
the diffing from the make target.

8 weeks agoAdjust expected output after recent X_OK changes.
anton [Tue, 3 Sep 2024 04:58:00 +0000 (04:58 +0000)]
Adjust expected output after recent X_OK changes.

8 weeks agomove psp functions to psp.c and remove the ifdefs
jsg [Tue, 3 Sep 2024 00:23:05 +0000 (00:23 +0000)]
move psp functions to psp.c and remove the ifdefs
ok bluhm@ hshoexer@

8 weeks agosync
deraadt [Mon, 2 Sep 2024 16:39:03 +0000 (16:39 +0000)]
sync

8 weeks agoIn our fight against the cosmos, in the chaos of the source tree, we
deraadt [Mon, 2 Sep 2024 16:37:58 +0000 (16:37 +0000)]
In our fight against the cosmos, in the chaos of the source tree, we
deleted the greek quiz.  Some people felt trauma, and called out our
hubris.  At my request, Carson Harding performed a metamorphosis of
the quiz -- kudos to him!  After playing, I consider it the acme of
quizzes.
ok jmc mglocker