jsing [Sat, 17 Feb 2024 14:29:07 +0000 (14:29 +0000)]
Use calloc() instead of malloc() in BIO_new().
ok tb@
kettenis [Sat, 17 Feb 2024 13:29:25 +0000 (13:29 +0000)]
Bindings for the rk3288/rk3328/rk3399 have landed in Linux and are being
adopted by U-Boot. So check for the new compatible strings. Leave the
old ones in place until we have U-Boot packages with update device trees.
ok phessler@, patrick@
kettenis [Sat, 17 Feb 2024 12:01:45 +0000 (12:01 +0000)]
Add JH7100 I2C clocks.
ok miod@, jsg@
phessler [Fri, 16 Feb 2024 22:46:07 +0000 (22:46 +0000)]
implement qwx_init_task(), which will reset the hardware when it gets
confused
OK stsp@
mglocker [Fri, 16 Feb 2024 22:30:54 +0000 (22:30 +0000)]
Re-introduce TSO support after we've implemented fixes for the two reported
issues:
1. Unaligned memory access panic on sparc64 -> Made ether_extract_headers()
memory alignment safe.
2. em(4) watchdog timeouts in conjunction with ix(4)/vlan(4) -> Fixed
RX/LRO packet size calculation used for TSO tagging in ix(4).
Extensive testing done by bluhm@ on amd64 and sparc64 based on different
chips.
Testing done on Hrvoje Popovskis ix(4)/em(4)/vlan(4) setup from where the
issue 2 was reported.
OK bluhm@
stsp [Fri, 16 Feb 2024 16:37:42 +0000 (16:37 +0000)]
improve PBL->SBL EE transition handling in preparation for qwx_init_task()
Use a custom work queue for all EE/MHI state transitions.
Running MHI state changes in the systq won't work while running the
qwx init recovery task from the same systq. The init task would wait
for a state change and time out (assuming the device had failed to load
firmware when all was well), then the MHI state change task would run.
For consistency, send wakeups for the initial PBL->SBL EE transition
from the MHI state change task rather than the interrupt handler.
This in-place wakeup was an early hack from before when state
transitions were handled properly.
tb [Fri, 16 Feb 2024 15:19:02 +0000 (15:19 +0000)]
Rename fn into fileName to avoid name clash
ok job
tb [Fri, 16 Feb 2024 15:18:08 +0000 (15:18 +0000)]
Rename fn into file to avoid clash in upcoming diff
ok job
tb [Fri, 16 Feb 2024 15:15:02 +0000 (15:15 +0000)]
Rename rsc into rsc_asn1
Should have been part of the previous commit.
ok job
tb [Fri, 16 Feb 2024 15:13:49 +0000 (15:13 +0000)]
Use _asn1 suffix for some aspa/mft/roa/rsc/tak
This would otherwie clash with an upcoming replacement of struct parse.
ok job
tb [Fri, 16 Feb 2024 14:48:47 +0000 (14:48 +0000)]
Remove struct parse from cert.c
This is one of those weird things that metastasized throughout the code
base. job is about to introduce the 9th incompatible copy of it. Enough
is enough. It doesn't help anything.
looks good to claudio
ok clang
jsing [Fri, 16 Feb 2024 14:40:18 +0000 (14:40 +0000)]
Inline and disable BIO_set().
BIO_set() is a dangerous function that cannot be used safely. Thankfully,
the only consumer is BIO_new(), hence inline the functionality and disable
the BIO_set() function (for complete removal in the near future).
ok tb@
jsing [Fri, 16 Feb 2024 14:27:43 +0000 (14:27 +0000)]
Use 'bio' more consistently for function arguments.
Rather than 'a' or 'b', use 'bio' more consistently - there are still some
more complex cases that have been left alone for now. Also use fewer
parentheses.
No change to generated assembly other than line numbers.
stsp [Fri, 16 Feb 2024 14:18:36 +0000 (14:18 +0000)]
fix qwx(4) not coming up on first try if firmware was missing from disk at boot
stsp [Fri, 16 Feb 2024 14:16:16 +0000 (14:16 +0000)]
remove high-level error messages that cause noise when qwx fw is missing
stsp [Fri, 16 Feb 2024 14:13:45 +0000 (14:13 +0000)]
prevent memory leaks from duplicate/spurious qwx(4) fw memory requests
The request_mem_indication event handler would always allocate a new
buffer to store the firmware's request, potentially leaking an already
existing copy. Ensure that this buffer is always freed, and avoid
allocating it in the first place if we're not currently expecting this
event to occur.
All this would have surfaced the previously fixed bug with the missing
wakeup much earlier. The wakeup was always missed but when the driver
retried it would find the stale buffer from the previous event and not
even enter tsleep.
tb [Fri, 16 Feb 2024 11:55:42 +0000 (11:55 +0000)]
fix whitespace
tb [Fri, 16 Feb 2024 11:46:57 +0000 (11:46 +0000)]
Zap extra ;
stsp [Fri, 16 Feb 2024 11:44:52 +0000 (11:44 +0000)]
Fix wrong ifmedia check in intel wifi drivers.
IFM_AUTO is a media sub-type, not a media mode.
Should fix issues where only a subset of channels were scanned.
Tested:
iwm 8260: millert@
iwm 8265: mglocker@
iwm 9560: gnezdo@
iwx ax200: jmc@
iwx ax210: spiros thanasoulas
iwx ax211: kn@
phessler [Fri, 16 Feb 2024 09:03:29 +0000 (09:03 +0000)]
start moving some developmental printfs to be DEBUG DPRINTFs
requested and OK by stsp@
tb [Fri, 16 Feb 2024 06:09:36 +0000 (06:09 +0000)]
Make it explicit that the EC_KEY setters don't check things
While EC_POINT_set_affine_coordinates() checks that the resulting point
is on the elliptic curve, this is only necessary, but not sufficient, to
ensure that the point can serve as a valid public key. For example, this
does not check for normalized coordinates or exclude that it is zero (the
point at infinity). Such checks, and more, are performed by the similarly
named EC_KEY_set_public_key_affine_coordinates().
This kind of makes sense from the mathematical standpoint as an elliptic
curve point isn't a priori a public key, even if you are not going to use
libcrypto for actual mathematics (or anything really) unless you like pain.
In a cryptographic library such differences are more of a hazard than a
help.
This is exacerbated by the fact that EC_KEY_set_public_key() does almost
no checking (it only checks that the point's EC_POINT method matches the
one of group set of the EC_KEY, which is far from enough). The API expects
that you call EC_KEY_check_key() on your own. This is kind of confusing
since EC_KEY_set_public_key_affine_coordinates() does that for you.
Unfortunately, adding sanity checks to EC_KEY_set_public_key() isn't easy
since it's going to penalize those who already check. Caching the result
of a check is dangerous and fragile if there are a million ways of fiddling
with an EC_KEY.
While the elliptic curve code is really bad, its documentation is worse
(another thing that applies to OpenSSL in general). Try to help that a
little bit by making it more explicit that you are supposed to call
EC_KEY_check_key() after using lower-level EC_KEY setters. Also make it
clearer that the setters copy the data, they don't take ownership (which
isn't obvious from the naming).
If OpenSSL 3 got one thing kind of right, it was to deprecate the EC_KEY
and EC_POINT APIs. But if you are going to deprecate something, you should
either be prepared to remove it or have a reasonable replacement...
Found by Guido Vranken using cryptofuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66667
ok jsing
tb [Fri, 16 Feb 2024 05:18:29 +0000 (05:18 +0000)]
Factor SKI calculation into a helper
This is a straightforward deduplication and simplification made more
obvious by prior refactoring by job.
"sure" claudio
jsg [Fri, 16 Feb 2024 01:48:06 +0000 (01:48 +0000)]
New sentence, new line. Use .Pa for /etc/login.conf.
tobhe [Thu, 15 Feb 2024 20:10:45 +0000 (20:10 +0000)]
Introduce new IMSG_CTL_PROCREADY which is used to signal that all pipes
are set up by child processes. The parent sends a ping to all children
and only starts once it has received an acknowledgement from all of them.
This fixes a race condition on process startup when the parent starts
running before all children are ready.
From markus@
tobhe [Thu, 15 Feb 2024 19:11:00 +0000 (19:11 +0000)]
Delay enabling sockets until ikev2 process is ready.
from markus@
tobhe [Thu, 15 Feb 2024 19:04:12 +0000 (19:04 +0000)]
Remove unused control_socks queue.
from markus@
tedu [Thu, 15 Feb 2024 18:57:58 +0000 (18:57 +0000)]
change permit to be more bits away from deny, because rowhammer.
not really sure why this is our problem, but the diff is small.
ok deraadt millert miod
deraadt [Thu, 15 Feb 2024 16:33:54 +0000 (16:33 +0000)]
qwx(4) works well enough to enable
ok stsp
stsp [Thu, 15 Feb 2024 16:29:45 +0000 (16:29 +0000)]
fix wrong tsleep waiting address in qwx_qmi_mem_seg_send()
Fixes spurious "qwx0: failed to send qmi memory segments: -1" error with
associated lag during 'ifconfig qwx0 down up'
stsp [Thu, 15 Feb 2024 15:53:51 +0000 (15:53 +0000)]
make qwx(4) clean up ic_bss and set link down when moving into SCAN state
This matches what iwx(4) is doing.
jmc [Thu, 15 Feb 2024 15:42:57 +0000 (15:42 +0000)]
sort sections;
jmc [Thu, 15 Feb 2024 15:42:16 +0000 (15:42 +0000)]
sort the qwx(4) entry;
stsp [Thu, 15 Feb 2024 15:40:56 +0000 (15:40 +0000)]
fix wrong ifmedia macro used to check for IFM_AUTO
ok claudio@
deraadt [Thu, 15 Feb 2024 15:08:00 +0000 (15:08 +0000)]
sync
deraadt [Thu, 15 Feb 2024 15:07:55 +0000 (15:07 +0000)]
install & Xr
stsp [Thu, 15 Feb 2024 15:05:40 +0000 (15:05 +0000)]
some qwx(4) man page tweaks by me
stsp [Thu, 15 Feb 2024 15:05:18 +0000 (15:05 +0000)]
add an initial qwx(4) man page; written by mpi@ some time ago
jan [Thu, 15 Feb 2024 13:24:45 +0000 (13:24 +0000)]
vmx(4): Add TCP/UDP Checksum Offloading for IPv4/6
ok jmatthew@, bluhm@
stsp [Thu, 15 Feb 2024 11:57:38 +0000 (11:57 +0000)]
fix datapath Rx buffer management in qwx(4)
Fixes Tx/Rx stalls where the device ran out of free Rx buffers to use.
The device consumes buffers on the Rx refill ring out of order, which
the ring management code I wrote intially would not handle properly.
Instead of using an index into the ring where we would expect to see
a free slot which was in fact occupied, keep track of free buffers via
a bitmap.
mglocker [Thu, 15 Feb 2024 10:56:53 +0000 (10:56 +0000)]
Fix bogus packet length calculation in the RX/LRO path, which can lead to
TSO tagging forwarded packets which shouldn't. This will also fix the em(4)
watchdog timeouts seen after the em(4) TSO commit.
Thanks to Hrvoje Popovski for providing the infrastructure the reproduce
the issue, and test the fix.
Discussed with bluhm@. OK claudio@
tb [Thu, 15 Feb 2024 10:34:30 +0000 (10:34 +0000)]
BIO_dump*() avoid signed integer overflow
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
jsg [Thu, 15 Feb 2024 09:48:03 +0000 (09:48 +0000)]
return non-zero if drm_fb_helper_alloc_info() fails in rkdrm_fb_probe()
found by smatch
tb [Thu, 15 Feb 2024 07:01:33 +0000 (07:01 +0000)]
Ensure that the FileAndHashes list in a mft has no duplicates
ok job
jsg [Thu, 15 Feb 2024 00:55:01 +0000 (00:55 +0000)]
fix fd leaks in error paths
ok miod@
bluhm [Wed, 14 Feb 2024 22:41:48 +0000 (22:41 +0000)]
Check IP length in ether_extract_headers().
For LRO with ix(4) it is necessary to detect ethernet padding.
Extract ip_len and ip6_plen from the mbuf and provide it to the
drivers.
Add extended sanitity checks, like IP packet is shorter than TCP
header. This prevents offloading to network hardware with bougus
packets.
Also iphlen of extracted headers contains header length for IPv4
and IPv6, to make code in drivers simpler.
OK mglocker@
miod [Wed, 14 Feb 2024 20:44:54 +0000 (20:44 +0000)]
Remove spurious GET_CURPROC in copyout() mistakenly introduced in r1.43.
claudio [Wed, 14 Feb 2024 13:18:21 +0000 (13:18 +0000)]
Hide struct ip6q, struct ip6asfrag, struct ip6_moptions,
struct ip6po_rhinfo and struct ip6_pktopts behind _KERNEL.
The only bit userland may want from netinet6/ip6_var.h is
struct ip6stat.
The recent change to struct ip6po_rhinfo to use struct route
resulted in various build failures in ports because code
included netinet6/ip6_var.h without net/route.h.
OK tb@ sthen@
miod [Wed, 14 Feb 2024 12:48:31 +0000 (12:48 +0000)]
Remove defines no longer needed in locore. NFC
miod [Wed, 14 Feb 2024 12:36:35 +0000 (12:36 +0000)]
Remove never ever used cpu_exec() macro, apparently already obsolete by the
time this file was introduced close to 30 years ago.
stsp [Wed, 14 Feb 2024 11:30:55 +0000 (11:30 +0000)]
make qwx(4) work with custom MAC addresses set via ifconfig(8)
ok phessler@
tb [Wed, 14 Feb 2024 10:49:00 +0000 (10:49 +0000)]
rpki-client: simplify x509_get_ski()
Use X509_public_digest() to calculate the SKI to get rid of a few dances
and weirdly named variables.
ok claudio
claudio [Wed, 14 Feb 2024 07:56:23 +0000 (07:56 +0000)]
Adjust test after the change to struct bgpd_addr.
Noticed by anton@
miod [Wed, 14 Feb 2024 06:17:51 +0000 (06:17 +0000)]
Enable the pool gc thread on m88k MULTIPROCESSOR kernels now that
pmap_unmap_direct() has been fixed; also tested by aoyama@
miod [Wed, 14 Feb 2024 06:16:53 +0000 (06:16 +0000)]
Make sure pmap_unmap_direct flushes dirty cache lines.
jsg [Wed, 14 Feb 2024 03:07:58 +0000 (03:07 +0000)]
avoid use after free of frp and frp->tname
found by smatch, ok miod@ millert@
jsg [Wed, 14 Feb 2024 02:44:58 +0000 (02:44 +0000)]
avoid use after free of q
found by smatch, ok miod@ deraadt@
jsg [Wed, 14 Feb 2024 02:40:02 +0000 (02:40 +0000)]
avoid use after free of fcode
found by smatch, fix from deraadt@ ok miod@
job [Tue, 13 Feb 2024 22:44:21 +0000 (22:44 +0000)]
Add explicit ASN1_ITEM_EXP prototypes
In LibreSSL *_it are variables, in other implementations they might
be a function. This helps squash compiler warnings in -portable.
Related: https://github.com/openbsd/src/commit/
65af98848fc7a42e34d470d10fc1db8e23f9db93
OK tb@
job [Tue, 13 Feb 2024 21:18:55 +0000 (21:18 +0000)]
Refactor parse_takey()
Avoid i2d_RSAPublicKey() to help with future portability efforts.
Avoid a complication related to size_t/int for the return value
of i2d_X509_PUBKEY. While there, change the out label to 'err'.
OK tb@
job [Tue, 13 Feb 2024 20:41:22 +0000 (20:41 +0000)]
Remove the stalemanifests metrics (which are no longer in use)
OK tb@
job [Tue, 13 Feb 2024 20:40:17 +0000 (20:40 +0000)]
Improve printing of TALs extracted from .tak objects
This changeset makes the output align more with the TAL file syntax.
OK tb@
job [Tue, 13 Feb 2024 20:37:15 +0000 (20:37 +0000)]
Improve a comment about what exactly the SKI is
OK tb@
job [Tue, 13 Feb 2024 20:36:42 +0000 (20:36 +0000)]
Avoid using i2d_RSAPublicKey()
This should help with future portability efforts, and perhaps
makes the code a bit more readable.
OK tb@
miod [Tue, 13 Feb 2024 17:51:17 +0000 (17:51 +0000)]
Fix splbio usage in oosiop_scsicmd() - it does not need to be taken early
since the switch to iopool years ago, but on the other had the update of
the command TAILQ needs to be done at splbio, and it wasn't.
claudio [Tue, 13 Feb 2024 16:35:43 +0000 (16:35 +0000)]
Use an C99 anonymous union inside struct bgpd_addr
This kills the two far to generic v4 and v6 macros which is a big win.
OK tb@
claudio [Tue, 13 Feb 2024 16:12:37 +0000 (16:12 +0000)]
Remove IMSG_SESSION_DOWN handler in the session engine. The RDE does
not issue such imsgs.
OK tb@
claudio [Tue, 13 Feb 2024 14:00:24 +0000 (14:00 +0000)]
Stop logging misleading errors when custom generic error pages are in use.
Only call the open(2) log_warn for errnos that are not ENOENT. Since
that is an error worth logging.
Based on a diff from Carsten Reith (carsten.reith t-online.de)
OK florian@ deraadt@
bluhm [Tue, 13 Feb 2024 13:58:19 +0000 (13:58 +0000)]
Analyse header layout in ether_extract_headers().
Several drivers need IPv4 header length and TCP offset for checksum
offload, TSO and LRO. Accessing these fields directly caused crashes
on sparc64 due to misaligned access. It cannot be guaranteed that
IP and TCP header is 4 byte aligned in driver level. Also gcc 4.2.1
assumes that bit fields can be accessed with 32 bit load instructions.
Use memcpy() in ether_extract_headers() to get the bits from IPv4
and TCP header and store the header length in struct ether_extracted.
From there network drivers can esily use it without caring about
alignment and bit shift. Do some sanity checks with the length
values to prevent that invalid values from evil packets get stored
into hardware registers. If check fails, clear the pointer to the
header to hide it from the driver. Add debug prints that help to
figure out the reason for bad packets and provide information when
debugging drivers.
OK mglocker@
florian [Tue, 13 Feb 2024 12:58:05 +0000 (12:58 +0000)]
Fix for CVE-2023-50387 and CVE-2023-50868.
Both can be used to cause high CPU load and potentially denial of
service with specifically crafted DNSSEC responses.
This is a sync with unbound(8).
florian [Tue, 13 Feb 2024 12:57:11 +0000 (12:57 +0000)]
Fix for CVE-2023-50387 and CVE-2023-50868.
Both can be used to cause high CPU load and potentially denial of
service with specifically crafted DNSSEC responses.
florian [Tue, 13 Feb 2024 12:53:05 +0000 (12:53 +0000)]
Only generate a new xid at the start of getting a new lease.
"RFC 2131 4.1 Constructing and sending DHCP messages" has this:
| Selecting a new 'xid' for each retransmission is an implementation
| decision. A client may choose to reuse the same 'xid' or select a new
| 'xid' for each retransmitted message.
We used to change xid for each request / response cycle but this ran
into problems with slow dhcp servers where we would change the xid too
frequently and would ignore late coming replies from the server.
Andre S points out that table 5 in "4.4.1 Initialization and
allocation of network address" says for the xid field in "DHCPREQUEST"
messages:
| 'xid' from server DHCPOFFER message
This seems to suggest that we need to use the same xid for the whole
DHCPDISCOVER / DHCPOFFER / DHCPREQUEST / DHCPACK exchange of messages.
Nothing else in the RFC is saying this though.
But since there are DHCP servers out there that depend on this, we
only generate a new xid when entering the INIT, REBOOTING and RENEWING
state.
I do wonder if we should just go with a static value of 0x04, which
was chosen by a fair dice roll, so guaranteed to be random.
Issue reported, initial diff and fix tested by Andre S
deraadt likes this version
OK tb
job [Tue, 13 Feb 2024 12:38:43 +0000 (12:38 +0000)]
Document a portability caveat about GeneralizedTime and UTCTime
OK tb@
tobhe [Tue, 13 Feb 2024 12:25:11 +0000 (12:25 +0000)]
Control startup of PROC_CERT and PROC_IKEV2.
Currenly PROC_PARENT sends the configuration to both PROC_CERT and
PROC_IKEV2 and finishes by sending IMSG_CTL_ACTIVE to PROC_IKEV2.
However, when PROC_IKEV2 receives IMSG_CTL_ACTIVE it does not know
the state of PROC_CERT: PROC_CERT might not have processed the
initial configuration while PROC_IKEV2 already sends requests to
PROC_CERT, causing failed requests, or even crashes (NULL deref of
ca_certs).
In order to make sure that PROC_CERT is ready before
IMSG_CTL_ACTIVE is sent to PROC_IKEV2 that startup protocol
is changed as follows:
(1) PROC_PARENT sends configuration to both PROC_CERT and PROC_IKEV2
(2) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_CERT
(3) PROC_CERT acks IMSG_CTL_ACTIVE by sending it back to PROC_PARENT
(4) PROC_PARENT now knows that PROC_CERT is ready and has processed
all messages from step (1)
(5) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_IKEV2 and knows that
IMSG_CTL_ACTIVE will be processed by PROC_IKEV2 after all
messages from step (1)
(6) PROC_IKEV2 can now assume that PROC_CERT is ready because it has
already processed IMSG_CTL_ACTIVE
from markus@
bluhm [Tue, 13 Feb 2024 12:22:09 +0000 (12:22 +0000)]
Merge struct route and struct route_in6.
Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.
OK claudio@
miod [Tue, 13 Feb 2024 10:16:28 +0000 (10:16 +0000)]
Remove sanity checks from uvm_pagefree(). The first thing this function does
is invoke uvm_pageclean(), which performs the exact same sanity check, so
one set of checks is enough.
ok mpi@
claudio [Tue, 13 Feb 2024 09:29:39 +0000 (09:29 +0000)]
There is no way to implement the INKERNEL() macro on sparc64.
It was set to just 1 since the dawn of sparc64 support. It is
time to accept the fact and remove all INKERNEL() checks.
OK miod@ mpi@
tb [Tue, 13 Feb 2024 08:26:56 +0000 (08:26 +0000)]
zlib: sync with base
tb [Tue, 13 Feb 2024 08:26:26 +0000 (08:26 +0000)]
Pull in z_off64_t handling from upstream
Since we don't define Z_LARGE64, we continue to define z_off64_t to z_off_t
and all the other changes are no-ops for OpenBSD.
ok kettenis millert
nicm [Tue, 13 Feb 2024 08:10:23 +0000 (08:10 +0000)]
Add two new values for the destroy-unattached option to destroy sessions
only if they are not members of sessions groups, from Mark Huang, GitHub
issue 3806.
nicm [Tue, 13 Feb 2024 08:03:50 +0000 (08:03 +0000)]
Do not allow paste into panes which have exited, from Romain Francoise
in GitHub issue 3830.
jsg [Tue, 13 Feb 2024 02:14:25 +0000 (02:14 +0000)]
fix off-by-one in bounds test
found by "buffer overflow 'mvacc_cpu_freqs' 13 <= 13" smatch error
ok miod@
mvs [Mon, 12 Feb 2024 22:48:27 +0000 (22:48 +0000)]
Pass protosw instead of domain structure to soalloc() to get real
`pr_type'. The corresponding domain is referenced as `pr_domain'.
Otherwise dp->dom_protosw->pr_type of inet sockets always points
to inetsw[0].
ok bluhm
cheloha [Mon, 12 Feb 2024 22:07:33 +0000 (22:07 +0000)]
kernel: disable hardclock() on secondary CPUs
There is no useful work left for secondary CPUs to do in hardclock().
Disable cq_hardclock on secondary CPUs and remove the now-unnecessary
early-return from hardclock().
This change reduces every system's normal clock interrupt rate by
(HZ - HZ/10) per secondary CPU. For example, an 8-core machine
with a HZ=100 kernel should see its clock interrupt rate drop from
~1600 to ~960.
Thread: https://marc.info/?l=openbsd-tech&m=
170750140915898&w=2
ok kettenis@
uaa [Mon, 12 Feb 2024 21:37:25 +0000 (21:37 +0000)]
add Allwinner H616 support (and errata fix)
ok kettenis@
job [Mon, 12 Feb 2024 16:42:42 +0000 (16:42 +0000)]
Add showfilename set option
Pressing control-G all the time to understand 'what file is in what
window' might be tedious. Instead, offer a configurable option
(default off) to display the file name in the lower left corner.
OK millert@ otto@
mpi [Mon, 12 Feb 2024 15:12:09 +0000 (15:12 +0000)]
Fix tuple & string comparisons in maps.
mpi [Mon, 12 Feb 2024 15:11:06 +0000 (15:11 +0000)]
Trailing spaces
kettenis [Mon, 12 Feb 2024 10:46:10 +0000 (10:46 +0000)]
Revert the change that enables retpoline PLTs by default. While these
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective. Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.
ok deraadt@
jsg [Mon, 12 Feb 2024 02:57:14 +0000 (02:57 +0000)]
Intel and AMD use different cpuid bits for MSR_PRED_CMD IBPB
ok guenther@
guenther [Mon, 12 Feb 2024 01:18:17 +0000 (01:18 +0000)]
Retpolines are an anti-pattern for IBT, so we need to shift protecting
userspace from cross-process BTI to the kernel. Have each CPU track
the last pmap run on in userspace and the last vmm VCPU in guest-mode
and use the IBPB msr to flush predictors right before running in
userspace on a different pmap or entering guest-mode on a different
VCPU. Codepatch-nop the userspace bits and conditionalize the vmm
bits to keep working if IBPB isn't supported.
ok deraadt@ kettenis@
kn [Sun, 11 Feb 2024 21:56:10 +0000 (21:56 +0000)]
Enable disk encryption in unattended installations
Interactively keeps using bioctl(8)'s own prompt, in unattended mode
ask_passphrase() ensures non-empty responses or fails.
Unlike user passwords, autoinstall(8) only supports plaintext passphrases:
Encrypt the root disk with a (p)assphrase or (k)eydisk = passphrase
New passphrase = secret
Make sure to trust the install network or use a pre-configured key disk:
Encrypt the root disk with a (p)assphrase or (k)eydisk = keydisk
Which disk contains the key disk = sd2
Which sd2 partition is the key disk = a
initial diff from Chris Narkiewicz
OK afresh1
Feedback sthen
mvs [Sun, 11 Feb 2024 21:36:49 +0000 (21:36 +0000)]
Release `sb_mtx' mutex(9) before sbunlock().
ok bluhm
bluhm [Sun, 11 Feb 2024 21:29:12 +0000 (21:29 +0000)]
Remove needless includes of netinet6/ip6_var.h header in userland.
OK millert@
mvs [Sun, 11 Feb 2024 18:14:26 +0000 (18:14 +0000)]
Use `sb_mtx' instead of `inp_mtx' in receive path for inet sockets.
In soreceve(), we only touch `so_rcv' socket buffer, which has it's own
`sb_mtx' mutex(9) for protection. So, we can avoid solock() in this
path - it's enough to hold `sb_mtx' in soreceive() and around
corresponding sbappend*(). But not right now :)
This time we use shared netlock for some inet sockets in the soreceive()
path. To protect `so_rcv' buffer we use `inp_mtx' mutex(9) and the
pru_lock() to acquire this mutex(9) in socket layer. But the `inp_mtx'
mutex belongs to the PCB. We initialize socket before PCB, tcp(4)
sockets could exist without PCB, so use `sb_mtx' mutex(9) to protect
sockbuf stuff.
This diff mechanically replaces `inp_mtx' by `sb_mtx' in the receive
path. Only for sockets which already use `inp_mtx'. All other sockets
left as is. They will be converted later.
Since the `sb_mtx' is optional, the new SB_MTXLOCK flag introduced. If
this flag is set on `sb_flags', the `sb_mtx' mutex(9) should be taken.
New sb_mtx_lock() and sb_mtx_unlock() was introduced to hide this check.
They are temporary and will be replaced by mtx_enter() when all this
area will be converted to `sb_mtx' mutex(9).
Also, the new sbmtxassertlocked() function introduced to throw
corresponding assertion for SB_MTXLOCK marked buffers. This time only
sbappendaddr() calls it. This function is also temporary and will be
replaced by MTX_ASSERT_LOCKED() later.
ok bluhm
kettenis [Sun, 11 Feb 2024 16:01:09 +0000 (16:01 +0000)]
Fix potential out-of-bounds array access.
Found by smatch, reported by and ok jsg@
op [Sun, 11 Feb 2024 09:24:26 +0000 (09:24 +0000)]
unify smtpd and makemap table parser
These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.
Converge both to the simpler smtpd parser which doesn't handle
continuation lines nor escaping, and support comments only at the start
of the line.
improvements and ok millert@
tb [Sun, 11 Feb 2024 08:40:37 +0000 (08:40 +0000)]
sync with src
tb [Sun, 11 Feb 2024 08:40:06 +0000 (08:40 +0000)]
libz: more windows ifdef turd shining from upstream
jmc [Sun, 11 Feb 2024 06:40:46 +0000 (06:40 +0000)]
recue -> reduce (in comment); from andrius v
gkoehler [Sun, 11 Feb 2024 03:57:10 +0000 (03:57 +0000)]
In pkg-config, accept both "CFlags:" and "Cflags:"
matthieu@ noticed that "pkg-config libpkgconf --cflags" failed because
libpkgconf.pc has "CFlags:" with upper-case 'F', but we accepted only
"Cflags:" with lower-case 'f'. freedesktop.org's pkg-config accepts
both "C[Ff]lags", but is otherwise sensitive to case.
Accept "CFlags" by mapping it to "Cflags" when reading the file. Fail
if the file has more than one "C[Ff]lags".
ok millert@ matthieu@