openbsd
6 months agoWhile Qualcomm Snapdragon X Elite (X1E80100) claims to support 32 device-id
patrick [Sun, 23 Jun 2024 21:58:34 +0000 (21:58 +0000)]
While Qualcomm Snapdragon X Elite (X1E80100) claims to support 32 device-id
bits, it only seems to allow a 4k pagesize with 8 bytes per entry.  This is
not enough to handle all 32 device-id bits, but we also don't necessarily
need to handle all of them.  Hence clamp down the number of maximum device
IDs to as much as we can possibly configure in hardware.

ok kettenis@

6 months agoAdd support for ACPI firmware that provides the base address of individual
kettenis [Sun, 23 Jun 2024 15:37:31 +0000 (15:37 +0000)]
Add support for ACPI firmware that provides the base address of individual
GIC redistributors in the per-CPU GIC MADT table entries.

ok patrick@

6 months agorust-openssl: switch from deprecated config to config.toml
tb [Sun, 23 Jun 2024 13:53:21 +0000 (13:53 +0000)]
rust-openssl: switch from deprecated config to config.toml

6 months agoFix previous commit; add missing label
kettenis [Sun, 23 Jun 2024 13:11:51 +0000 (13:11 +0000)]
Fix previous commit; add missing label

6 months agoAdd RK3588 support.
kettenis [Sun, 23 Jun 2024 10:18:11 +0000 (10:18 +0000)]
Add RK3588 support.

ok patrick@

6 months agoEnable EPAN if it is available.
kettenis [Sun, 23 Jun 2024 10:17:16 +0000 (10:17 +0000)]
Enable EPAN if it is available.

ok patrick@

6 months agoopenssl ca: avoid double free for spkac files without default section
tb [Sun, 23 Jun 2024 07:50:52 +0000 (07:50 +0000)]
openssl ca: avoid double free for spkac files without default section

ok jsing

6 months agostrmode takes a mode_t, not an int; prompted by Collin Funk.
otto [Sun, 23 Jun 2024 07:08:26 +0000 (07:08 +0000)]
strmode takes a mode_t, not an int; prompted by Collin Funk.
ok kettenis@ deraadt@ tb@

6 months agolower parts of the manual page clearly say why using malloc() to
deraadt [Sat, 22 Jun 2024 17:19:05 +0000 (17:19 +0000)]
lower parts of the manual page clearly say why using malloc() to
allocate sigaltstack regions is bad... so the example code should
not use malloc()...
ok semarie

6 months agoRemove the less-than-useful change log.
jsing [Sat, 22 Jun 2024 16:38:31 +0000 (16:38 +0000)]
Remove the less-than-useful change log.

ok tb@

6 months agoRewrite BN_bn2mpi() using CBB.
jsing [Sat, 22 Jun 2024 16:33:00 +0000 (16:33 +0000)]
Rewrite BN_bn2mpi() using CBB.

The content is effectively a u32 length prefixed field, so use
CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually
padding if we need to extend and use sensible variable names so that the
code becomes more readable.

Note that since CBB can fail we now need to be able to indicate failure.
This means that BN_bn2mpi() can now return -1 when it would not have
previously (correct callers will check that BN_bn2mpi() returns a positive
length).

ok tb@

6 months agoSync bytestring from libssl.
jsing [Sat, 22 Jun 2024 15:32:51 +0000 (15:32 +0000)]
Sync bytestring from libssl.

6 months agoProvide CBB_add_u32_length_prefixed().
jsing [Sat, 22 Jun 2024 15:25:06 +0000 (15:25 +0000)]
Provide CBB_add_u32_length_prefixed().

This is needed for an upcoming change in libcrypto.

ok tb@

6 months agodelete ancient netbsd pcibios tweaking trash
deraadt [Sat, 22 Jun 2024 12:38:32 +0000 (12:38 +0000)]
delete ancient netbsd pcibios tweaking trash

6 months agocorrect elfcore_procinfo naming (in comments)
deraadt [Sat, 22 Jun 2024 12:26:17 +0000 (12:26 +0000)]
correct elfcore_procinfo naming (in comments)

6 months agoremove space between function names and argument list
jsg [Sat, 22 Jun 2024 10:22:29 +0000 (10:22 +0000)]
remove space between function names and argument list

6 months agoMy earlier commit [1.1169 of pf.c (2023/01/05)] makes pf(4) to report wrong
sashan [Fri, 21 Jun 2024 12:51:29 +0000 (12:51 +0000)]
My earlier commit [1.1169 of pf.c (2023/01/05)] makes pf(4) to report wrong
rule and anchor number when packet matches rule found and anchor depth 2
and more.  The issue has been noticed and reported by Giannis Kapetanakis
(billias _at_ edu.physics.uoc.gr), who also co-developed and tested
the final fix presented in this commit.

To fix the issue pf(4) must also remember the anchor where matching rule
belongs while rules are traversed to find a match for given packet.
The information on anchor is now kept in anchor stack frame.w

OK sthen@

6 months agorecognise Qualcomm Oryon; ok kettenis@
jsg [Fri, 21 Jun 2024 01:52:17 +0000 (01:52 +0000)]
recognise Qualcomm Oryon; ok kettenis@

6 months agoUpdate ruby-module.5 for default Ruby version switch to 3.3
jeremy [Thu, 20 Jun 2024 22:43:16 +0000 (22:43 +0000)]
Update ruby-module.5 for default Ruby version switch to 3.3

6 months agoInstead of allocating an arbitrary amount of extra space, let the EFI
kettenis [Thu, 20 Jun 2024 22:03:23 +0000 (22:03 +0000)]
Instead of allocating an arbitrary amount of extra space, let the EFI
devicetree fixup protocol less us how much space it needs.

Pointed out by Heinrich Schuchardt
ok tobhe@, mlarkin@

6 months agoInstead of allocating an arbitrary amount of extra space, let the EFI
kettenis [Thu, 20 Jun 2024 22:03:02 +0000 (22:03 +0000)]
Instead of allocating an arbitrary amount of extra space, let the EFI
devicetree fixup protocol less us how much space it needs.

Pointed out by Heinrich Schuchardt
ok tobhe@, mlarkin@

6 months agoInstead of allocating an arbitrary amount of extra space, let the EFI
kettenis [Thu, 20 Jun 2024 21:52:08 +0000 (21:52 +0000)]
Instead of allocating an arbitrary amount of extra space, let the EFI
devicetree fixup protocol less us how much space it needs.

Pointed out by Heinrich Schuchardt
ok tobhe@, mlarkin@

6 months agoAdd missing ref & reorder
job [Thu, 20 Jun 2024 20:15:02 +0000 (20:15 +0000)]
Add missing ref & reorder

OK tb@ claudio@

6 months agoRead IPv6 forwarding value only once while processing a packet.
bluhm [Thu, 20 Jun 2024 19:25:42 +0000 (19:25 +0000)]
Read IPv6 forwarding value only once while processing a packet.

IPv4 uses IP_FORWARDING to pass down a consistent value of
net.inet.ip.forwarding down the stack.  This is needed for unlocking
sysctl.  Do the same for IPv6.

Read ip6_forwarding once in ip6_input_if() and pass down IPV6_FORWARDING
as flags to ip6_ours(), ip6_hbhchcheck(), ip6_forward().  Replace
the srcrt value with IPV6_REDIRECT flag for consistency with IPv4.

To have common syntax with IPv4, use ip6_forwarding == 0 checks
instead of !ip6_forwarding.  This will also make it easier to
implement net.inet6.ip6.forwarding=2 for IPsec only forwarding
later.

In nd6_ns_input() and nd6_na_input() read ip6_forwarding once and
store it in i_am_router.  The variable name has been chosen to avoid
confusion with is_router, which indicates router flag of the packet.
Reading of ip6_forwarding is done independently from ip6_input_if(),
consistency does not really matter.  One is for ND router behavior
the other for forwarding.  Again use the ip6_forwarding != 0 check,
so when ip6_forwarding IPsec only value 2 gets implemented, it will
behave like a router.

OK deraadt@ sashan@ florian@ claudio@

6 months agoDo not send ICMP redirect if IP forwarding is IPsec only.
bluhm [Thu, 20 Jun 2024 19:25:04 +0000 (19:25 +0000)]
Do not send ICMP redirect if IP forwarding is IPsec only.

If sysctl net.inet.ip.forwarding is set to 2, only packets processed
by IPsec are forwarded.  I this case behave more like a router than
a host and do not accept ICMP redirect packets.

OK deraadt@ sashan@ florian@ claudio@

6 months agovmd(8): protect global vm and vcpu state with mutex.
dv [Thu, 20 Jun 2024 15:33:44 +0000 (15:33 +0000)]
vmd(8): protect global vm and vcpu state with mutex.

The vm process uses multiple pthreads to emulate vcpu and also drive
an event loop doing various io emulation. At points, one or the
other needs to read/write global vm state bits and toggle if a vcpu
is halted or "done."

This adds in a another mutex to protected the global state and
untangles areas where the mutex for protecting a condition variable
was being used around modifying some global state.

ok mlarkin@

6 months agoEnable uvm percpu caches on luna88k.
aoyama [Thu, 20 Jun 2024 10:46:11 +0000 (10:46 +0000)]
Enable uvm percpu caches on luna88k.

It survives 3.5 days "make build" and makes about 1.5% faster on 3 CPU
machine:-)

ok miod@ phessler@ dlg@

6 months agoWork around dbclient cipher and mac query bug.
dtucker [Thu, 20 Jun 2024 08:23:18 +0000 (08:23 +0000)]
Work around dbclient cipher and mac query bug.

Unlike earlier versions, recent Dropbear (at least v2024.85) requires
a host arg when querying supported ciphers and macs via "-c/-m
help".  Earlier versions accept but do not require it, so always
provide it.  If these queries fail, skip the test with a warning.

6 months agoRemove dropbear key types not supported by current OpenSSH.
dtucker [Thu, 20 Jun 2024 08:18:34 +0000 (08:18 +0000)]
Remove dropbear key types not supported by current OpenSSH.
Allows subsequent test runs to work if OpenSSH is rebuilt w/out OpenSSL.

6 months agostricter check for overfull tables in penalty record path
djm [Thu, 20 Jun 2024 00:18:05 +0000 (00:18 +0000)]
stricter check for overfull tables in penalty record path

6 months agoput back reaping of preauth child process when writes from the monitor
djm [Wed, 19 Jun 2024 23:24:47 +0000 (23:24 +0000)]
put back reaping of preauth child process when writes from the monitor
fail. Not sure how this got lost in the avalanche of patches.

6 months agoThe GICv3 redistributor spacing on the X1E80100 (Snapdragon X Elite)
patrick [Wed, 19 Jun 2024 22:10:45 +0000 (22:10 +0000)]
The GICv3 redistributor spacing on the X1E80100 (Snapdragon X Elite)
does not follow the regular scheme and needs to be read out of the
redistributor-stride property.

ok kettenis@

6 months agoAdd PNP IDs to handle the X1E80100 (Snapdragon X Elite) USB controllers.
patrick [Wed, 19 Jun 2024 21:31:10 +0000 (21:31 +0000)]
Add PNP IDs to handle the X1E80100 (Snapdragon X Elite) USB controllers.

ok kettenis@

6 months agoAdd _HID for X1E80100 (Snapdragon X Elite) SoCs.
patrick [Wed, 19 Jun 2024 21:27:22 +0000 (21:27 +0000)]
Add _HID for X1E80100 (Snapdragon X Elite) SoCs.

ok kettenis@

6 months agoThe X1E80100 (Snapdragon X Elite) joins the group of chips that require
patrick [Wed, 19 Jun 2024 21:25:41 +0000 (21:25 +0000)]
The X1E80100 (Snapdragon X Elite) joins the group of chips that require
the SMMU quirk.

ok kettenis@

6 months agoremove externs for global hibernate_state
jsg [Wed, 19 Jun 2024 13:27:26 +0000 (13:27 +0000)]
remove externs for global hibernate_state
removed in subr_hibernate.c rev 1.35

6 months agoKill the SIGPIPE signal handler which is installed around write opertations.
claudio [Wed, 19 Jun 2024 13:13:25 +0000 (13:13 +0000)]
Kill the SIGPIPE signal handler which is installed around write opertations.
Instead just SIG_IGN SIGPIPE in main.c for all of acme-client.
More work to be done here but at least this distraction is gone.
OK florian@ deraadt@ op@

6 months agoProvide defaults for ciphers and macs if querying for them fails since
dtucker [Wed, 19 Jun 2024 10:15:51 +0000 (10:15 +0000)]
Provide defaults for ciphers and macs if querying for them fails since
on some versions of Dropbear (at least v2024.85) "-m help" doesn't seem
to work.  Enable all supported pubkey algorithms in the server.

6 months agoUse ed25519 keys for kex tests since that's supported by OpenSSH even when
dtucker [Wed, 19 Jun 2024 10:10:46 +0000 (10:10 +0000)]
Use ed25519 keys for kex tests since that's supported by OpenSSH even when
built without OpenSSL.  Only test diffie-hellman kex if OpenSSH is compiled
with support for it.

6 months agoRework dropbear key setup to always generate ed25519 keys, other types
dtucker [Wed, 19 Jun 2024 10:08:34 +0000 (10:08 +0000)]
Rework dropbear key setup to always generate ed25519 keys, other types
only if OpenSSH has support for the corresponding key type.

6 months agox_all.c: remove a bunch of unnecessary parentheses
tb [Wed, 19 Jun 2024 08:00:53 +0000 (08:00 +0000)]
x_all.c: remove a bunch of unnecessary parentheses

6 months agoHandle interfaces going down and up again.
florian [Wed, 19 Jun 2024 07:42:44 +0000 (07:42 +0000)]
Handle interfaces going down and up again.

Missing feature reported by, testing & OK semarie

6 months agoBetter words for downloaded snap is older message.
otto [Wed, 19 Jun 2024 05:22:33 +0000 (05:22 +0000)]
Better words for downloaded snap is older message.
ok deraadt@ florian@ tb@

6 months ago#if notyet -> #ifdef notyet for consistency and -Wundef
jsg [Wed, 19 Jun 2024 01:32:24 +0000 (01:32 +0000)]
#if notyet -> #ifdef notyet for consistency and -Wundef

6 months agoStop trying to deprecate "test -L" in favour of "test -h" (or vice versa).
schwarze [Tue, 18 Jun 2024 16:41:39 +0000 (16:41 +0000)]
Stop trying to deprecate "test -L" in favour of "test -h" (or vice versa).
It's hopeless because POSIX requires both since Issue 6 (2001).
Both always worked on OpenBSD, no matter which base system shell was used.

According to research done by jsg@, it seems likely that actually,
"test -L" has precedence over "test -h" by about one year:
v8 (Feb 1985) had -L, SunOS 3.0 (Feb 1986) had -h; but SVR4 (1989)
already had both, so we are talking about 35 years of petrification.
More details: https://marc.info/?l=openbsd-bugs&m=171867441927989

Resolving a question raised by Tim dot theCHASEs dot com on bugs@.
OK deraadt@ millert@ jsg@ jmc@  and also works for Tim Chase.

6 months agoUse BUILDINFO to make sure we are not going backwards in time.
florian [Tue, 18 Jun 2024 14:57:59 +0000 (14:57 +0000)]
Use BUILDINFO to make sure we are not going backwards in time.

Input & OK deraadt

6 months agoremove prototypes with no matching function
jsg [Tue, 18 Jun 2024 12:37:29 +0000 (12:37 +0000)]
remove prototypes with no matching function

6 months agov3_generic_extension() use ASN1_STRING_set0()
tb [Tue, 18 Jun 2024 09:47:03 +0000 (09:47 +0000)]
v3_generic_extension() use ASN1_STRING_set0()

This aligns it with do_ext_i2d()

6 months agov3_generic_extension() rename the X509_EXTENSION
tb [Tue, 18 Jun 2024 09:41:33 +0000 (09:41 +0000)]
v3_generic_extension() rename the X509_EXTENSION

now that ext is free, we can use it like everywhere else

6 months agoRename 'ext' to 'name' in v3_generic_extension()
tb [Tue, 18 Jun 2024 09:35:09 +0000 (09:35 +0000)]
Rename 'ext' to 'name' in v3_generic_extension()

In this code 'ext' is usually used for an X509_EXTENSION object.

6 months agoremove wdc_ata_addref()/wdc_ata_delref() #if 0'd since rev 1.1
jsg [Tue, 18 Jun 2024 09:08:02 +0000 (09:08 +0000)]
remove wdc_ata_addref()/wdc_ata_delref() #if 0'd since rev 1.1

6 months agoMake local BIT_STRING_BITNAME variables const
tb [Tue, 18 Jun 2024 08:29:40 +0000 (08:29 +0000)]
Make local BIT_STRING_BITNAME variables const

There's no reason for them not to be const. This is a piece of a larger
diff that I carry in several of my trees to move more things to rodata
or relro. The full diff requires a change to a public header and it's
very annoying to have to 'make includes' and recompile the entire lib
all the time when hopping from tree to tree.

6 months agoRe-enable ssh-dss tests if ssh is compiled with DSA support
dtucker [Tue, 18 Jun 2024 08:11:48 +0000 (08:11 +0000)]
Re-enable ssh-dss tests if ssh is compiled with DSA support

6 months agoStop using DSA in dropbear interop tests.
anton [Tue, 18 Jun 2024 06:14:27 +0000 (06:14 +0000)]
Stop using DSA in dropbear interop tests.

6 months agox509_conf: rename ext_struc into ext_struct
tb [Tue, 18 Jun 2024 05:56:37 +0000 (05:56 +0000)]
x509_conf: rename ext_struc into ext_struct

requested by jsing on review

6 months agox509_conf: rename all ext_nid to nid
tb [Tue, 18 Jun 2024 05:39:52 +0000 (05:39 +0000)]
x509_conf: rename all ext_nid to nid

There are no nid variables in this file, so no need to disambiguate.

6 months agodo_ext_i2d(): move empty line to the proper place
tb [Tue, 18 Jun 2024 05:37:24 +0000 (05:37 +0000)]
do_ext_i2d(): move empty line to the proper place

6 months agodo_ext_i2d(): malloc -> calloc
tb [Tue, 18 Jun 2024 05:35:30 +0000 (05:35 +0000)]
do_ext_i2d(): malloc -> calloc

requested by jsing on review

6 months agodo_ext_i2d(): populate ext_oct with ASN1_STRING_set0()
tb [Tue, 18 Jun 2024 05:34:09 +0000 (05:34 +0000)]
do_ext_i2d(): populate ext_oct with ASN1_STRING_set0()

ok jsing

6 months agodo_ext_i2d(): avoid leaks and add some missing error checking
tb [Tue, 18 Jun 2024 05:32:38 +0000 (05:32 +0000)]
do_ext_i2d(): avoid leaks and add some missing error checking

If ASN1_OCTET_STRING_new() failed, ext_der would be leaked, fix this.
If i2d(foo, NULL) succeeded, the same is not guaranteed for the second
with appropriately sized buffer since i2d() may make further allocations
internally. So use the proper error check. Also transfer the ownership of
ext_der to the octet string to avoid a now possible double free.

ok jsing

6 months agoIndent labels in x509_conf.c
tb [Tue, 18 Jun 2024 05:24:24 +0000 (05:24 +0000)]
Indent labels in x509_conf.c

6 months agodo_ext_i2d(): make various NULL checks explicit
tb [Tue, 18 Jun 2024 05:22:37 +0000 (05:22 +0000)]
do_ext_i2d(): make various NULL checks explicit

ok jsing

6 months agodo_ext_i2d(): unwrap a line
tb [Tue, 18 Jun 2024 05:19:01 +0000 (05:19 +0000)]
do_ext_i2d(): unwrap a line

6 months agoiked: do not attempt to read multiple SANs
tb [Tue, 18 Jun 2024 05:08:41 +0000 (05:08 +0000)]
iked: do not attempt to read multiple SANs

No extension in a valid certificate appears more than once per RFC 5280
section 4.2. So don't go walking the extension stack and try to inspect
multiple subject alternative names because crappy OpenSSL API encourages
you to do so. Instead call the API in the only correct way possible and
report multiple SANs in log_info(). This is unlikely to be hit since the
extension caching in LibreSSL has rejected repeated OIDs in a cert for a
long time.

ok tobhe

6 months agoQuiet compiler warnings when built with WARNINGS=Yes
millert [Tue, 18 Jun 2024 02:11:03 +0000 (02:11 +0000)]
Quiet compiler warnings when built with WARNINGS=Yes
Most are from functions that take no args but used the old
K&R style foo() instead of foo(void).  From espie@

6 months agogrow the iso again
deraadt [Tue, 18 Jun 2024 01:31:48 +0000 (01:31 +0000)]
grow the iso again

6 months agoRename mf_fgets() and cu_fgets() to mf_getline() and cu_getline().
millert [Tue, 18 Jun 2024 00:32:22 +0000 (00:32 +0000)]
Rename mf_fgets() and cu_fgets() to mf_getline() and cu_getline().
These functions now use getline(), not fgets().  From espie@

6 months agoInvalidate the right stack[] member
tb [Mon, 17 Jun 2024 18:54:36 +0000 (18:54 +0000)]
Invalidate the right stack[] member

There was a shift of the index in the for loop, and invalidating the wrong
member could result in a double free in auth_tree_free() on process exit.

ok claudio job

6 months agoPut back NULL checks in crl_get() and build_chain()
tb [Mon, 17 Jun 2024 18:52:50 +0000 (18:52 +0000)]
Put back NULL checks in crl_get() and build_chain()

Turns out filemode still relies on these. Rather than adding to the
spaghetti in filemode.c, begrudgingly put back the NULL checks with
an additional XXX.

ok claudio job

6 months agoDocument the new argument .St -p1003.1-2024 introduced in st.c rev. 1.15
schwarze [Mon, 17 Jun 2024 15:35:33 +0000 (15:35 +0000)]
Document the new argument .St -p1003.1-2024 introduced in st.c rev. 1.15
and polish the description of .St -p1003.1-2008 a bit.
OK job@ jmc@

6 months agoremove one more mention of DSA
naddy [Mon, 17 Jun 2024 13:50:18 +0000 (13:50 +0000)]
remove one more mention of DSA

6 months agoFix typo: s/fetesteexcept/fetestexcept/
tim [Mon, 17 Jun 2024 12:59:28 +0000 (12:59 +0000)]
Fix typo: s/fetesteexcept/fetestexcept/

6 months agoIn vmx(4) TSO must pullup headers into first mbuf.
bluhm [Mon, 17 Jun 2024 11:13:43 +0000 (11:13 +0000)]
In vmx(4) TSO must pullup headers into first mbuf.

Forwarding IPv6 packets from vmx with LRO to vmx with TSO did not
work.  vmx(4) has the requirement that all headers are in the first
mbuf.  ip6_forward() is quite dumb.  It calls m_copym() to create
a mbuf that might be used for sending ICMP6 later.  After passing
the forwarded packet down to ether_encap(), m_prepend() is used to
restore the ethernet header.  As the mbuf cluster has been copied,
it is read only now.  That means m_prepend() does not provide the
empty space at the beginning of the cluster, but allocates a new
mbuf that contains only the ethernet header.  vmx(4) cannot transmit
such a TSO packet and drops it.

Solution is to call m_pullup() in vmxnet3_start().  If we ended up
in such a miserable condition, use the first mbuf in the chain and
move all headers into it.

OK jan@

6 months agoKNF
kettenis [Mon, 17 Jun 2024 09:37:07 +0000 (09:37 +0000)]
KNF

6 months agoKNF
kettenis [Mon, 17 Jun 2024 09:36:04 +0000 (09:36 +0000)]
KNF

6 months agoWhen loading a device tree using the "mach dtb" command, give firmware
kettenis [Mon, 17 Jun 2024 09:12:45 +0000 (09:12 +0000)]
When loading a device tree using the "mach dtb" command, give firmware
a chance to make modifications (such as applying memory reservations)
by using the EFI devicetree fixup protocol.

ok jca@

6 months agoThe fix comes from Giannis Kapetanakis (bilias _from_ edu.physics.uoc.gr).
sashan [Mon, 17 Jun 2024 08:36:56 +0000 (08:36 +0000)]
The fix comes from Giannis Kapetanakis (bilias _from_ edu.physics.uoc.gr).
When relayd(8) handles 'host disable/enable' command issued by relayctl(8),
it disables redirect it finds in tables for particular host.  However there can
be multiple redirect instances which use the same host in relayd(8) tables.
This change makes relayd(8) to walk through all tables and disable all redirects
which match the host.

OK giovanni@, OK sashan@

6 months agodisable the DSA signature algorithm by default; ok markus@
djm [Mon, 17 Jun 2024 08:30:29 +0000 (08:30 +0000)]
disable the DSA signature algorithm by default; ok markus@

(yes, I know this expands to "the Digitial Signature Algorithm
signature algorithm)

6 months agopromote connection-closed messages from verbose to info log level;
djm [Mon, 17 Jun 2024 08:28:31 +0000 (08:28 +0000)]
promote connection-closed messages from verbose to info log level;
they could be the only record of the connection terminating if the
client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@

6 months agoChange adds a 'log' option to relayd.conf(5) rule. The relayd(8) then uses
sashan [Mon, 17 Jun 2024 08:02:57 +0000 (08:02 +0000)]
Change adds a 'log' option to relayd.conf(5) rule. The relayd(8) then uses
the option to set corresponding `log` action in pf(4) rules it generates
to handle network traffic.

The patch comes from Giannis Kapetanakis (bilias _from_ edu.physics.uoc.gr).

OK sashan@

6 months agodrm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms
jsg [Mon, 17 Jun 2024 07:32:32 +0000 (07:32 +0000)]
drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms

From Lang Yu
3194771798ef256af75577a0a8a2e8ce45726c78 in linux-6.6.y/6.6.34
2a705f3e49d20b59cd9e5cc3061b2d92ebe1e5f0 in mainline linux

6 months agoRevert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices"
jsg [Mon, 17 Jun 2024 07:30:48 +0000 (07:30 +0000)]
Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices"

From Alex Deucher
bb430ea4ba31dcc439d26e02bcbc4473cad4c6d9 in linux-6.6.y/6.6.34
dd2b75fd9a79bf418e088656822af06fc253dbe3 in mainline linux

6 months agodrm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms
jsg [Mon, 17 Jun 2024 07:29:10 +0000 (07:29 +0000)]
drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms

From Mario Limonciello
7bc52dce073222c1b6dd23a1e76a68495fc14794 in linux-6.6.y/6.6.34
267cace556e8a53d703119f7435ab556209e5b6a in mainline linux

6 months agodrm/amdgpu/atomfirmware: add intergrated info v2.3 table
jsg [Mon, 17 Jun 2024 07:26:39 +0000 (07:26 +0000)]
drm/amdgpu/atomfirmware: add intergrated info v2.3 table

From Li Ma
4eff07025c844dfeaab8adbb6fbb617775a42423 in linux-6.6.y/6.6.34
e64e8f7c178e5228e0b2dbb504b9dc75953a319f in mainline linux

6 months agodrm/fbdev-generic: Do not set physical framebuffer address
jsg [Mon, 17 Jun 2024 07:24:10 +0000 (07:24 +0000)]
drm/fbdev-generic: Do not set physical framebuffer address

From Thomas Zimmermann
bd2ad553f18c43acd57d1ea46c59a1ecd860cea6 in linux-6.6.y/6.6.34
87cb4a612a89690b123e68f6602d9f6581b03597 in mainline linux

6 months agodrm/amdgpu: add error handle to avoid out-of-bounds
jsg [Mon, 17 Jun 2024 07:21:57 +0000 (07:21 +0000)]
drm/amdgpu: add error handle to avoid out-of-bounds

From Bob Zhou
5b0a3dc3e87821acb80e841b464d335aff242691 in linux-6.6.y/6.6.34
8b2faf1a4f3b6c748c0da36cda865a226534d520 in mainline linux

6 months agodrm/i915/hwmon: Get rid of devm
jsg [Mon, 17 Jun 2024 07:20:12 +0000 (07:20 +0000)]
drm/i915/hwmon: Get rid of devm

From Ashutosh Dixit
cfa73607eb21a4ce1d6294a2c5733628897b48a2 in linux-6.6.y/6.6.34
5bc9de065b8bb9b8dd8799ecb4592d0403b54281 in mainline linux

6 months agodefine CONFIG_PM_SLEEP to 1 for IS_ENABLED()
jsg [Mon, 17 Jun 2024 05:39:26 +0000 (05:39 +0000)]
define CONFIG_PM_SLEEP to 1 for IS_ENABLED()

6 months agoReplace x with x509_exts in X509V3_add1_i2d() and X509V3_get_d2i()
tb [Mon, 17 Jun 2024 05:38:08 +0000 (05:38 +0000)]
Replace x with x509_exts in X509V3_add1_i2d() and X509V3_get_d2i()

requested by jsing on review

6 months agoRewrite X509V3_get_d2i()
tb [Mon, 17 Jun 2024 05:31:26 +0000 (05:31 +0000)]
Rewrite X509V3_get_d2i()

This API is wrapped by nine *_get{,1}_ext_d2i() functions and they all
have the same defect: if an idx variable is passed in, multiple extensions
are handled incorrectly.

Clean up the mess that was the current implementation by replacing the
reimplementation of X509v3_get_ext_by_NID() with extra twists by actual
calls to the real thing. This way the madness is implemented explicitly
and can be explained in comments. The code still gets shorter.

In brief: always call this API with a known nid, pass crit, and a NULL idx.
If NULL is returned, crit != -1 is an error (malformed cert or allocation
failure).

ok jsing

6 months agoAdd regress coverage for X509V3_get_d2i()
tb [Mon, 17 Jun 2024 05:04:54 +0000 (05:04 +0000)]
Add regress coverage for X509V3_get_d2i()

6 months agoAdd note about timeout(1)'s standards compliance
job [Sun, 16 Jun 2024 18:33:56 +0000 (18:33 +0000)]
Add note about timeout(1)'s standards compliance

OK jmc@

6 months agoAdd new argument for IEEE 1003.1-2024 aka POSIX.1
job [Sun, 16 Jun 2024 18:33:05 +0000 (18:33 +0000)]
Add new argument for IEEE 1003.1-2024 aka POSIX.1

OK jmc@ schwarze@

6 months agoDisable MSI on Zhaoxin ZX-100/ZX-200/ZX-E StorX to unhang SSD
kn [Sun, 16 Jun 2024 18:00:08 +0000 (18:00 +0000)]
Disable MSI on Zhaoxin ZX-100/ZX-200/ZX-E StorX to unhang SSD

The Unchartevice 6640MA's BIOS forces one of three SATA speeds:
- Gen1/2: bsd.rd reaches installer, but SSD does not attach
- Gen3:   bsd.rd attaches SSD but hangs

MSI works for iwm(4) and and xhci(4), only ahci(4) bugs out, so add a quirk
for this controller as done for a few other devices already:

 ahci0 at pci0 dev 15 function 0 "Zhaoxin StorX AHCI" rev 0x01: apic 9 int 21, AHCI 1.3.1
-ahci0: device not communicating on port 0
+ahci0: port 0: 6.0Gb/s
 scsibus0 at ahci0: 32 targets
+sd0 at scsibus0 targ 0 lun 0: <ATA, 256GB SSD, V1.3> naa.5000000000000000
+sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin

OK kettenis

6 months agozap a stray space
tb [Sun, 16 Jun 2024 17:57:08 +0000 (17:57 +0000)]
zap a stray space

6 months agoregen
kn [Sun, 16 Jun 2024 16:21:39 +0000 (16:21 +0000)]
regen

6 months agoAdd Zhaoxin vendor and AHCI product found in Unchartevice 6640MA notebook
kn [Sun, 16 Jun 2024 16:20:51 +0000 (16:20 +0000)]
Add Zhaoxin vendor and AHCI product found in Unchartevice 6640MA notebook

https://www.devicekb.com/hardware/pci-vendors/ven_1d17 shows
"ZX-100/ZX-200/ZX-E StorX AHCI Controller" and the notebook has a bunch of
other devices, but only this one needs fixing so far.

Feedback jsg
OK deraadt

6 months agoMake GENERIC boot on ZHAOXIN KaiXian KX-6640MA
kn [Sun, 16 Jun 2024 14:01:26 +0000 (14:01 +0000)]
Make GENERIC boot on ZHAOXIN KaiXian KX-6640MA

The Unchartevice 6640MA notebook comes with such a CentaurHauls CPU,
installs via RAMDISK_CD (with AHCI fix), but GENERIC would hang after
cpu0: 4MB 64b/line 16-way L2 cache

Pretty sure Intel TPM sensor code should run on Intel CPUs, anyway.

Idea from brynet
OK deraadt brynet

6 months agosame treatment for this test
djm [Sun, 16 Jun 2024 11:54:49 +0000 (11:54 +0000)]
same treatment for this test

6 months agopenalty test is still a bit racy
djm [Sun, 16 Jun 2024 08:18:06 +0000 (08:18 +0000)]
penalty test is still a bit racy