openbsd
21 months agoOnly open /dev/vmm once in vmd(8).
dv [Sat, 14 Jan 2023 20:55:55 +0000 (20:55 +0000)]
Only open /dev/vmm once in vmd(8).

Have the parent process open /dev/vmm and send the fd to the vmm
child process. Only the vmm process and its resulting children
(guest vms) need it for ioctl calls.

ok kn@

21 months agoReplace comparisons/assignments to '3' with equivalent comparisons to RAW_PART
krw [Sat, 14 Jan 2023 18:21:46 +0000 (18:21 +0000)]
Replace comparisons/assignments to '3' with equivalent comparisons to RAW_PART
and assignment to RAW_PART + 1.

21 months agosync
deraadt [Sat, 14 Jan 2023 18:16:24 +0000 (18:16 +0000)]
sync

21 months agoAdd support for "enhanced descriptor" mode found on some variants of the
kettenis [Sat, 14 Jan 2023 17:02:57 +0000 (17:02 +0000)]
Add support for "enhanced descriptor" mode found on some variants of the
Synopsys DesignWare GMAC.

ok mlarkin@

21 months agoMove constants out of text segment into rodata to prepare for xonly support
deraadt [Sat, 14 Jan 2023 16:58:55 +0000 (16:58 +0000)]
Move constants out of text segment into rodata to prepare for xonly support
on amd64.  no pic handling is neccessary since amd64 has full reach.
ok kettenis

21 months agoUpdate the list of architectures where clang will accept the
deraadt [Sat, 14 Jan 2023 16:20:32 +0000 (16:20 +0000)]
Update the list of architectures where clang will accept the
--execute-only option, and also indicate which ones have enabled by
default now (in our naming convention, that is arm64 and riscv64)

21 months agoAllow people to try --execute-only on amd64 and sparc64. the default is
deraadt [Sat, 14 Jan 2023 16:15:43 +0000 (16:15 +0000)]
Allow people to try --execute-only on amd64 and sparc64.  the default is
changed.

21 months agoRemove unused Elliptic Curve code.
jsing [Sat, 14 Jan 2023 15:45:43 +0000 (15:45 +0000)]
Remove unused Elliptic Curve code.

For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While
ecp_nistp* was being compiled, it is disabled due to
OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand,
ecp_nistz* was not even being built.

We will bring in new versions or alternative versions of such code, if we
end up enabling it in the future. For now it is just causing complexity
(and grep noise) while trying to improve the EC code.

Discussed with tb@

21 months agoRewrite BN_CTX.
jsing [Sat, 14 Jan 2023 15:23:27 +0000 (15:23 +0000)]
Rewrite BN_CTX.

The current BN_CTX implementation is an incredibly overengineered piece of
code, which even includes its own debug system.

Rewrite BN_CTX from scratch, simplifying things things considerably by
having a "stack" of BIGNUM pointers and a matching array of group
assignments. This means that BN_CTX_start() and BN_CTX_end() effectively
do not fail. Unlike the previous implementation, if a failure occurs
nothing will work and the BN_CTX must be freed/recreated, instead of
trying to pick up at the point where the failure occurred (which does
not make sense given its intended usage).

Additionally, it has long been documented that BN_CTX_start() must be
called before BN_CTX_get() can be used, however the previous implementation
did not actually enforce this. Now that missing BN_CTX_start() and
BN_CTX_end() calls have been added to DSA and EC, we can actually make
this a hard requirement.

ok tb@

21 months agoGreatly simplify bn_expand_internal().
jsing [Sat, 14 Jan 2023 15:12:27 +0000 (15:12 +0000)]
Greatly simplify bn_expand_internal().

We have a function called recallocarray() - make use of it rather than
handrolling a version of it. Also have bn_expand() call bn_wexpand(),
which avoids some duplication.

ok tb@

21 months agoClean up and simplify EC_KEY handling, mostly from a BN_CTX perspective.
jsing [Sat, 14 Jan 2023 15:10:45 +0000 (15:10 +0000)]
Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective.

If we have a BN_CTX available, make use of it rather than calling BN_new().
Always allocate a new priv_key and pub_key, rather than having complex
reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end()
calls.

ok tb@

21 months agoregen
kettenis [Sat, 14 Jan 2023 12:19:11 +0000 (12:19 +0000)]
regen

21 months agoCreate /dev/efi on amd64 and arm64.
kettenis [Sat, 14 Jan 2023 12:15:12 +0000 (12:15 +0000)]
Create /dev/efi on amd64 and arm64.

ok yasuoka@

21 months agoImplement access to EFI variables and ESRT through an ioctl(2) interface
kettenis [Sat, 14 Jan 2023 12:11:10 +0000 (12:11 +0000)]
Implement access to EFI variables and ESRT through an ioctl(2) interface
that is compatible with what FreeBSD and NetBSD have.  Setting EFI
variables is only allowed at securelevel 0 and below.

Heavily based on work done by Sergii Dmytruk.

ok yasuoka@

21 months agoShell syntax fix. From ren mingshuai vi github PR#369.
dtucker [Sat, 14 Jan 2023 10:05:54 +0000 (10:05 +0000)]
Shell syntax fix.  From ren mingshuai vi github PR#369.

21 months agoInstead of skipping the all-tokens test if we don't have OpenSSL (since
dtucker [Sat, 14 Jan 2023 09:57:08 +0000 (09:57 +0000)]
Instead of skipping the all-tokens test if we don't have OpenSSL (since
we use it to compute the hash), put the hash at the end and just omit it
if we don't have it.  Prompted by bz#3521.

21 months agoAdd missing void to function definition
tb [Sat, 14 Jan 2023 07:36:16 +0000 (07:36 +0000)]
Add missing void to function definition

21 months agoadd protection-key violation error code for page-fault exceptions
jsg [Sat, 14 Jan 2023 03:37:13 +0000 (03:37 +0000)]
add protection-key violation error code for page-fault exceptions
ok deraadt@

21 months agorecognise protection keys for supervisor-mode (PKS) in cpuid
jsg [Sat, 14 Jan 2023 03:28:51 +0000 (03:28 +0000)]
recognise protection keys for supervisor-mode (PKS) in cpuid
ok deraadt@

21 months agosync cr4 and xcr0 bits with intel dec 2022 sdm
jsg [Sat, 14 Jan 2023 03:21:17 +0000 (03:21 +0000)]
sync cr4 and xcr0 bits with intel dec 2022 sdm
ok deraadt@

21 months agouse the notice from 4.4BSD-Lite
jsg [Sat, 14 Jan 2023 03:12:15 +0000 (03:12 +0000)]
use the notice from 4.4BSD-Lite
ok deraadt@ miod@

21 months agosysctl(2): KERN_CPUSTATS: zero struct cpustats before copyout
cheloha [Sat, 14 Jan 2023 01:04:55 +0000 (01:04 +0000)]
sysctl(2): KERN_CPUSTATS: zero struct cpustats before copyout

21 months agoSince the signal trampoline is now execute-only we no longer write it
kettenis [Fri, 13 Jan 2023 23:02:43 +0000 (23:02 +0000)]
Since the signal trampoline is now execute-only we no longer write it
into core dumps.  As a result backtraces through signal handlers no
longer work in gdb and other debuggers.

Fix this by keeping a read-only mapping of the signal trampoline in the
kernel and writing it into the core dump at the virtual address where it
is mapped in the process.

ok deraadt@, tb@

21 months agosync
deraadt [Fri, 13 Jan 2023 18:26:29 +0000 (18:26 +0000)]
sync

21 months agoDrop PICCY_SET() and RODATA() macros now that libc no longer needs them.
miod [Fri, 13 Jan 2023 17:53:30 +0000 (17:53 +0000)]
Drop PICCY_SET() and RODATA() macros now that libc no longer needs them.

ok kettenis@

21 months agoMove all data from .text section to .rodata, and update the code to
miod [Fri, 13 Jan 2023 17:52:08 +0000 (17:52 +0000)]
Move all data from .text section to .rodata, and update the code to
fetch them correctly when building PIC.

ok kettenis@

21 months agoMove all data tables from .text section to .rodata, and update the code to
miod [Fri, 13 Jan 2023 17:27:25 +0000 (17:27 +0000)]
Move all data tables from .text section to .rodata, and update the code to
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.

ok kettenis@

21 months agoMove all data tables from .text section to .rodata, and update the code to
miod [Fri, 13 Jan 2023 17:11:41 +0000 (17:11 +0000)]
Move all data tables from .text section to .rodata, and update the code to
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.

ok jsing@ kettenis@

21 months agoput man page in the right place
deraadt [Fri, 13 Jan 2023 15:49:26 +0000 (15:49 +0000)]
put man page in the right place

21 months agoUse extended header format for .wav files.
ratchov [Fri, 13 Jan 2023 15:14:24 +0000 (15:14 +0000)]
Use extended header format for .wav files.

According to Microsoft docs, it is needed if bits > 16 or if there are
more than 2 channels, which aucat supports and is the defaut. Fixes
errors reported by audio/sox port when trying to play .wav files
generated by aucat.

Reported by John Rigg <obsd at jrigg.co.uk> and others on misc@

21 months agoPrevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRING
tb [Fri, 13 Jan 2023 14:46:08 +0000 (14:46 +0000)]
Prevent 1-byte out-of-bounds read in i2c_ASN1_BIT_STRING

If an ASN.1 BIT STRING a of length > 0 contains only zero bytes in a->data,
this old code would end up reading from a->data[-1]. This may or may not
crash. Luckily, anton observed two openssl-ruby regress test failures in
the last few days, which could eventually be traced back to this (after a
lot of painful digging due to coredumps not working properly).

ok jsing

21 months agoFix a couple of auto allocation corner cases.
krw [Fri, 13 Jan 2023 14:24:17 +0000 (14:24 +0000)]
Fix a couple of auto allocation corner cases.

Don't stop counting free partitions just because a spoofed
partition is encountered.

Always check for (end - start) underflow after rounding
start/end to cylinder boundaries.

21 months agoRetake kernel lock in error paths of vmmioctl.
dv [Fri, 13 Jan 2023 14:15:49 +0000 (14:15 +0000)]
Retake kernel lock in error paths of vmmioctl.

From Christian Ludwig.

21 months agoAdd aspa-set to openbgpd config output.
claudio [Fri, 13 Jan 2023 08:58:36 +0000 (08:58 +0000)]
Add aspa-set to openbgpd config output.

Change the way the validated ASPA tree is built since OpenBGPD config
follows more the ASPA profile and puts the optional AFI to each provider
ASnum instead of duplicated everything into an IPv4 and IPv6 tree.
The JSON output of ASPA is still the same.

The inclusion of the aspa-set can currently be disabled by the -A flag.
OK tb@

21 months agofix double phrase in previous;
jmc [Fri, 13 Jan 2023 07:13:40 +0000 (07:13 +0000)]
fix double phrase in previous;

21 months agoshutdown(8): sig_atomic_t variables should be qualified 'volatile'
cheloha [Fri, 13 Jan 2023 07:02:16 +0000 (07:02 +0000)]
shutdown(8): sig_atomic_t variables should be qualified 'volatile'

21 months agotimeout(1): sig_atomic_t variables must also be 'volatile'; ok job@
cheloha [Fri, 13 Jan 2023 06:53:04 +0000 (06:53 +0000)]
timeout(1): sig_atomic_t variables must also be 'volatile'; ok job@

21 months agoMove scp path setting to a helper function.
dtucker [Fri, 13 Jan 2023 04:47:34 +0000 (04:47 +0000)]
Move scp path setting to a helper function.
The previous commit to add scp to the test sshd's path causes the t-envpass
test to fail when the test scp is given using a fully qualified path.  Put
this in a helper function and only call it from the scp tests.

21 months agoAdd scp's path to test sshd's PATH.
dtucker [Fri, 13 Jan 2023 04:23:00 +0000 (04:23 +0000)]
Add scp's path to test sshd's PATH.
If the scp we're testing is fully qualified (eg it's not in the system
PATH) then add its path to the under-test sshd's PATH so we can find it.
Prompted by bz#3518.

21 months agosparc64: switch to clockintr
cheloha [Fri, 13 Jan 2023 03:22:18 +0000 (03:22 +0000)]
sparc64: switch to clockintr

- Remove all use of timer(4/sparc64) from sparc64/clock.c.
- Don't map interrupts in timer_match(), effectively disabling
  timer(4/sparc64).  The driver will be completely removed in a
  later commit.
- Wire up tick_intrclock, stick_intrclock, and sys_tick_intrclock.
- All sparc64 machines now have a randomized statclock; stathz = hz,
  profhz = stathz * 10.

Very special thanks to miod@, without whom this would have been impossible.

sun4v testing by kmos@, mlarkin@, and kn@.  sun4u testing (%tick and the
oddball USIIe %stick) by miod@.  With input from miod@, mlarkin@, and
kettenis@.

v1: https://marc.info/?l=openbsd-tech&m=166776418803680&w=2
v2: https://marc.info/?l=openbsd-tech&m=167287772220176&w=2
v3: https://marc.info/?l=openbsd-tech&m=167322011602530&w=2

ok mlarkin@ kettenis@ miod@

21 months agoDocument "UserKnownHostsFile none". ok djm@
dtucker [Fri, 13 Jan 2023 03:16:29 +0000 (03:16 +0000)]
Document "UserKnownHostsFile none".  ok djm@

21 months agoAdd a "Host" line to the output of ssh -G showing the original host arg.
dtucker [Fri, 13 Jan 2023 02:58:20 +0000 (02:58 +0000)]
Add a "Host" line to the output of ssh -G showing the original host arg.
Inspired by patch from vincent at bernat.ch via bz#3343, ok djm@

21 months agoavoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none
djm [Fri, 13 Jan 2023 02:44:02 +0000 (02:44 +0000)]
avoid printf("%s", NULL) if using ssh -oUserKnownHostsFile=none
and a hostkey in one of the system known hosts file changes;
ok dtucker@

21 months agodrm/i915/dsi: fix MIPI_BKLT_EN_1 native GPIO index
jsg [Fri, 13 Jan 2023 02:03:06 +0000 (02:03 +0000)]
drm/i915/dsi: fix MIPI_BKLT_EN_1 native GPIO index

From Jani Nikula
0c84b7de26588f4032992ee2a1df6c3d367be829 in linux-6.1.y/6.1.5
6217e9f05a74df48c77ee68993d587cdfdb1feb7 in mainline linux

21 months agodrm/i915/dsi: add support for ICL+ native MIPI GPIO sequence
jsg [Fri, 13 Jan 2023 02:01:14 +0000 (02:01 +0000)]
drm/i915/dsi: add support for ICL+ native MIPI GPIO sequence

From Jani Nikula
c7229577d93d53870fd77e961143305aeec97a7b in linux-6.1.y/6.1.5
963bbdb32b47cfa67a449e715e1dcc525fbd01fc in mainline linux

21 months agodrm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not...
jsg [Fri, 13 Jan 2023 01:58:55 +0000 (01:58 +0000)]
drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0

From Samson Tam
d179f9d27f1e31fdcf6b02c4f1658dd69985f602 in linux-6.1.y/6.1.5
f3c23bea598ab7e8e4b8c5ca66598921310f718e in mainline linux

21 months agodrm/amd/display: Add check for DET fetch latency hiding for dcn32
jsg [Fri, 13 Jan 2023 01:56:44 +0000 (01:56 +0000)]
drm/amd/display: Add check for DET fetch latency hiding for dcn32

From Dillon Varone
4ac1437d64efdd2788f8c511276243f594e946fd in linux-6.1.y/6.1.5
6d4727c80947de0e6fad58b196a9d215e3b32608 in mainline linux

21 months agodrm/i915/gvt: fix vgpu debugfs clean in remove
jsg [Fri, 13 Jan 2023 01:54:11 +0000 (01:54 +0000)]
drm/i915/gvt: fix vgpu debugfs clean in remove

From Zhenyu Wang
44c0e07e3972e3f2609d69ad873d4f342f8a68ec in linux-6.1.y/6.1.5
704f3384f322b40ba24d958473edfb1c9750c8fd in mainline linux

21 months agodrm/i915/gvt: fix gvt debugfs destroy
jsg [Fri, 13 Jan 2023 01:52:52 +0000 (01:52 +0000)]
drm/i915/gvt: fix gvt debugfs destroy

From Zhenyu Wang
fe340500baf84b6531c9fc508b167525b9bf6446 in linux-6.1.y/6.1.5
c4b850d1f448a901fbf4f7f36dec38c84009b489 in mainline linux

21 months agodrm/amdkfd: Fix kernel warning during topology setup
jsg [Fri, 13 Jan 2023 01:50:53 +0000 (01:50 +0000)]
drm/amdkfd: Fix kernel warning during topology setup

From Mukul Joshi
306888b1246bf44e703b6f1ccc746c2746c1a981 in linux-6.1.y/6.1.5
cf97eb7e47d4671084c7e114c5d88a3d0540ecbd in mainline linux

21 months agodrm/plane-helper: Add the missing declaration of drm_atomic_state
jsg [Fri, 13 Jan 2023 01:49:06 +0000 (01:49 +0000)]
drm/plane-helper: Add the missing declaration of drm_atomic_state

From Ma Jun
c7041ec41036f64db5104f33348c45a1aedcf098 in linux-6.1.y/6.1.5
4e699e34f923188175986ad8a74ab99f7034075e in mainline linux

21 months agoRevert "drm/amd/display: Enable Freesync Video Mode by default"
jsg [Fri, 13 Jan 2023 01:46:41 +0000 (01:46 +0000)]
Revert "drm/amd/display: Enable Freesync Video Mode by default"

From Michel Daenzer
d54f66bc9c371e4765d78144c8dac568a59a31dd in linux-6.1.y/6.1.5
6fe6ece398f7431784847e922a2c8c385dc58a35 in mainline linux

21 months agodrm/amd/display: Report to ACPI video if no panels were found
jsg [Fri, 13 Jan 2023 01:42:45 +0000 (01:42 +0000)]
drm/amd/display: Report to ACPI video if no panels were found

From Mario Limonciello
adaf41b56803fe7a9a4ac625c7e41615ef23591f in linux-6.1.y/6.1.5
c573e240609ff781a0246c0c8c8351abd0475287 in mainline linux

21 months agodrm/amdkfd: Fix double release compute pasid
jsg [Fri, 13 Jan 2023 01:40:51 +0000 (01:40 +0000)]
drm/amdkfd: Fix double release compute pasid

From Philip Yang
a02c07b619899179384fde06f951530438a3512d in linux-6.1.y/6.1.5
1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5 in mainline linux

21 months agodrm/amdkfd: Fix kfd_process_device_init_vm error handling
jsg [Fri, 13 Jan 2023 01:38:35 +0000 (01:38 +0000)]
drm/amdkfd: Fix kfd_process_device_init_vm error handling

From Philip Yang
9d74d1f52e16d8e07f7fbe52e96d6391418a2fe9 in linux-6.1.y/6.1.5
29d48b87db64b6697ddad007548e51d032081c59 in mainline linux

21 months agodrm/amdgpu: Fix size validation for non-exclusive domains (v4)
jsg [Fri, 13 Jan 2023 01:37:01 +0000 (01:37 +0000)]
drm/amdgpu: Fix size validation for non-exclusive domains (v4)

From Luben Tuikov
8ba7c55e112f4ffd2a95b99be1cb1c891ef08ba1 in linux-6.1.y/6.1.5
7554886daa31eacc8e7fac9e15bbce67d10b8f1f in mainline linux

21 months agodrm/i915/gvt: fix double free bug in split_2MB_gtt_entry
jsg [Fri, 13 Jan 2023 01:34:34 +0000 (01:34 +0000)]
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

From Zheng Wang
1022519da69d99d455c58ca181a6c499c562c70e in linux-6.1.y/6.1.5
4a61648af68f5ba4884f0e3b494ee1cabc4b6620 in mainline linux

21 months agodrm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
jsg [Fri, 13 Jan 2023 01:32:39 +0000 (01:32 +0000)]
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()

From Dan Carpenter
20a07570c1667a48fe50fdfa59f4ece57775b69a in linux-6.1.y/6.1.5
3792fc508c095abd84b10ceae12bd773e61fdc36 in mainline linux

21 months agoadd acpi_video_report_nolcd() for 6.1.5 drm
jsg [Fri, 13 Jan 2023 01:27:41 +0000 (01:27 +0000)]
add acpi_video_report_nolcd() for 6.1.5 drm

21 months agoDisable double width and height escape sequences under SMALL_KERNEL.
nicm [Thu, 12 Jan 2023 20:39:37 +0000 (20:39 +0000)]
Disable double width and height escape sequences under SMALL_KERNEL.

ok miod

21 months agofree(NULL) has been allowed in the kernel since 5.4; remove checks.
miod [Thu, 12 Jan 2023 20:13:28 +0000 (20:13 +0000)]
free(NULL) has been allowed in the kernel since 5.4; remove checks.

21 months agoUpdate luna88k boot procedure; help & tweaks jmc@
miod [Thu, 12 Jan 2023 19:37:53 +0000 (19:37 +0000)]
Update luna88k boot procedure; help & tweaks jmc@

21 months agoHave tmux recognise pasted texts wrapped in bracket paste sequences,
nicm [Thu, 12 Jan 2023 18:49:11 +0000 (18:49 +0000)]
Have tmux recognise pasted texts wrapped in bracket paste sequences,
rather than only forwarding them to the program inside. From Andrew
Onyshchuk in GitHub issue 3431.

21 months agoSplit rde_filterstate_prep() into three functions.
claudio [Thu, 12 Jan 2023 17:35:51 +0000 (17:35 +0000)]
Split rde_filterstate_prep() into three functions.
- rde_filterstate_init(): initialize a filterstate to default values
- rde_filterstate_copy(): copy from a filterstate into a new state object
- rde_filterstate_prep(): set filtersate based on prefix passed as argument.

This makes the code a bit easier to read.
OK tb@

21 months agoOn '!', drop into a proper ksh(1) instead of a limited sh(1) lacking
kn [Thu, 12 Jan 2023 15:03:23 +0000 (15:03 +0000)]
On '!', drop into a proper ksh(1) instead of a limited sh(1) lacking
arithmetic expression `(( ... ))' and more.

OK deraadt

21 months agodiff from sobrado to use a full argument name for -s: after some discussion
jmc [Thu, 12 Jan 2023 14:08:39 +0000 (14:08 +0000)]
diff from sobrado to use a full argument name for -s: after some discussion
we used "signal", as per pkill/pgrep; also lift the descriptive text
from kill.1 to clarify that both signal name and number are accepted;

ok sobrado job

21 months agoBinding the accept socket in TCP input relies on the fact that the
bluhm [Thu, 12 Jan 2023 13:09:47 +0000 (13:09 +0000)]
Binding the accept socket in TCP input relies on the fact that the
listen port is not bound to port 0.  With a matching pf divert-to
rule this assumption is no longer true and could crash the kernel
with kassert.  In both pf and stack drop TCP packets with destination
port 0 before they can do harm.
OK sashan@ claudio@

21 months agoremove outdated "expected to be compliant"
jsg [Thu, 12 Jan 2023 12:56:07 +0000 (12:56 +0000)]
remove outdated "expected to be compliant"
ok miod@ kn@ deraadt@

21 months agoAdd CBT (cursor back tab) sequence, from Crystal Kolipe kolipe.c at
nicm [Thu, 12 Jan 2023 12:34:06 +0000 (12:34 +0000)]
Add CBT (cursor back tab) sequence, from Crystal Kolipe kolipe.c at
exoticsilicon dot com.

ok miod

21 months agoAdd aixterm bright colour sequences (SGR 90-97 and 100-107). From
nicm [Thu, 12 Jan 2023 12:28:08 +0000 (12:28 +0000)]
Add aixterm bright colour sequences (SGR 90-97 and 100-107). From
Crystal Kolipe kolipe.c at exoticsilicon dot com.

ok miod

21 months agoAdd some missing cursor movement and scrolling escape sequences that are
nicm [Thu, 12 Jan 2023 12:23:40 +0000 (12:23 +0000)]
Add some missing cursor movement and scrolling escape sequences that are
supported by xterm. From Crystal Kolipe kolipe.c at exoticsilicon dot
com.

ok miod

21 months agoUse solock() instead solock_shared() within sys_getsockopt(). Otherwise
mvs [Thu, 12 Jan 2023 10:59:36 +0000 (10:59 +0000)]
Use solock() instead solock_shared() within sys_getsockopt(). Otherwise
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is still fine for
getsockname(2) and getpeername(2).

Reported-by: syzbot+00a4824cb1b6a214c7d6@syzkaller.appspotmail.com
ok kn@ claudio@

21 months agoIn build_aspath() be more careful in the len == 0 case. For len == 0
claudio [Thu, 12 Jan 2023 08:47:07 +0000 (08:47 +0000)]
In build_aspath() be more careful in the len == 0 case. For len == 0
aspath->data should not be touched so just exit early.
While there also initalize source_as correctly in the rev case. This
does not matter here but is more correct.
Problem noticed by anton@
OK tb@

21 months agoUse proper sparc64 illtrap instruction as text sections filler, rather than
miod [Thu, 12 Jan 2023 07:25:29 +0000 (07:25 +0000)]
Use proper sparc64 illtrap instruction as text sections filler, rather than
the x86 one.

21 months agoFix trivial stack buf oflow
miod [Thu, 12 Jan 2023 07:18:25 +0000 (07:18 +0000)]
Fix trivial stack buf oflow

21 months agoCompiling kernel with witness option failed since drm update. Do
bluhm [Thu, 12 Jan 2023 00:27:26 +0000 (00:27 +0000)]
Compiling kernel with witness option failed since drm update.  Do
not define struct rwlock variable within function, witness needs
global access.
OK jsg@

21 months agoImplement X-only mappings on sun4u by not letting the dtlb miss handler
miod [Wed, 11 Jan 2023 19:57:17 +0000 (19:57 +0000)]
Implement X-only mappings on sun4u by not letting the dtlb miss handler
allow ttes with the "exec only" bit; joint work with deraadt@, unfortunately
no effect on sun4v due to the lack of software bits in ttes to fit an
"exec only" bit.

ok deraadt@ kettenis@

21 months agobe very paranoid like other architectures and force no-jump-tables
deraadt [Wed, 11 Jan 2023 17:16:33 +0000 (17:16 +0000)]
be very paranoid like other architectures and force no-jump-tables
came up in two seperate conversations with miod and kettenis

21 months agoAdd the validation state to the filterstate struct.
claudio [Wed, 11 Jan 2023 17:10:25 +0000 (17:10 +0000)]
Add the validation state to the filterstate struct.
Removes vstate argument from rde_filter().
Rename prefix_vstate() to prefix_roa_vstate().
OK tb@

21 months agoblock --execute-only on mips64 & sparc64 during the upcoming transition.
deraadt [Wed, 11 Jan 2023 17:00:20 +0000 (17:00 +0000)]
block --execute-only on mips64 & sparc64 during the upcoming transition.
a seatbelt, because libc build corruption is too painful.

21 months agobased upon inspection of obj/*.S ...
deraadt [Wed, 11 Jan 2023 16:36:44 +0000 (16:36 +0000)]
based upon inspection of obj/*.S ...
temporarily force sparc64 libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.

21 months agoput LD_SCRIPT in the canonical location
deraadt [Wed, 11 Jan 2023 16:33:36 +0000 (16:33 +0000)]
put LD_SCRIPT in the canonical location

21 months agoAdd ld.so linker scripts on the remaining platforms.
miod [Wed, 11 Jan 2023 16:31:46 +0000 (16:31 +0000)]
Add ld.so linker scripts on the remaining platforms.

21 months agotemporarily force hppa libcrypto to be built --no-execute-only because
deraadt [Wed, 11 Jan 2023 16:25:13 +0000 (16:25 +0000)]
temporarily force hppa libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
ok miod

21 months agoforce-disable jump tables in ld.so building on sparc64, to ease the
deraadt [Wed, 11 Jan 2023 16:21:32 +0000 (16:21 +0000)]
force-disable jump tables in ld.so building on sparc64, to ease the
exonly transition for people building through an upcoming commit series

21 months agothe kernel on mips64 (octeon, loongson) is in good enough shape to run
deraadt [Wed, 11 Jan 2023 15:14:01 +0000 (15:14 +0000)]
the kernel on mips64 (octeon, loongson) is in good enough shape to run
--execute-only ld.so (meaning FLAGS (1) on the LOAD line for the text
segment, in the ld.script).  the linker, when using built-in linker scripts,
is not ready yet for other libraries / binaries..

21 months agodo not need --execute-only anymore, it is now the default
deraadt [Wed, 11 Jan 2023 14:38:09 +0000 (14:38 +0000)]
do not need --execute-only anymore, it is now the default

21 months agoarm64 and riscv64 can now do --execute-only by default
deraadt [Wed, 11 Jan 2023 14:33:33 +0000 (14:33 +0000)]
arm64 and riscv64 can now do --execute-only by default
ok kettenis

21 months agohppa can switch over to --execute-only by default.
deraadt [Wed, 11 Jan 2023 14:30:47 +0000 (14:30 +0000)]
hppa can switch over to --execute-only by default.
ok kettenis

21 months agoAdd a somewhat extensive unittest for ASPA validation functionality.
claudio [Wed, 11 Jan 2023 13:55:08 +0000 (13:55 +0000)]
Add a somewhat extensive unittest for ASPA validation functionality.

21 months agoAdd ASPA validation functions to the RDE.
claudio [Wed, 11 Jan 2023 13:53:17 +0000 (13:53 +0000)]
Add ASPA validation functions to the RDE.

This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.

Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.

The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.

OK tb@

21 months agoRemove rasops_isgray, this is no longer used. From Crystal Kolipe
nicm [Wed, 11 Jan 2023 12:47:04 +0000 (12:47 +0000)]
Remove rasops_isgray, this is no longer used. From Crystal Kolipe
kolipe.c at exoticsilicon dot com.

ok miod

21 months agoMake sure we also remove read access in pmap_page_ro() when the new
kettenis [Wed, 11 Jan 2023 11:10:25 +0000 (11:10 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution.  Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.

ok deraadt@, mpi@

21 months agoMake sure we also remove read access in pmap_page_ro() when the new
kettenis [Wed, 11 Jan 2023 11:09:17 +0000 (11:09 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution.  Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.

ok drahn@, deraadt@, mpi@

21 months agomake REGRESS_CLEANUP consistent with REGRESS_CLEANUP found
sashan [Wed, 11 Jan 2023 08:11:07 +0000 (08:11 +0000)]
make REGRESS_CLEANUP consistent with REGRESS_CLEANUP found
in pf_state/Makefile.

discussed with anton@

OK anton@

21 months agoclamp the minimum buffer lengths and number of inflight requests too
djm [Wed, 11 Jan 2023 05:39:38 +0000 (05:39 +0000)]
clamp the minimum buffer lengths and number of inflight requests too

21 months agoignore bogus upload/download buffer lengths in the limits extension
djm [Wed, 11 Jan 2023 05:36:50 +0000 (05:36 +0000)]
ignore bogus upload/download buffer lengths in the limits extension

21 months agoClean up and simplify BIGNUM handling in DSA code.
jsing [Wed, 11 Jan 2023 04:39:42 +0000 (04:39 +0000)]
Clean up and simplify BIGNUM handling in DSA code.

This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks
before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls
BN_free() instead of BN_clear_free() (which does the same thing).

Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the
BN_CTX that is already available.

ok tb@

21 months agoSimplify BIGNUM handling in dsa_builtin_keygen().
jsing [Wed, 11 Jan 2023 04:35:26 +0000 (04:35 +0000)]
Simplify BIGNUM handling in dsa_builtin_keygen().

Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.

ok tb@

21 months agoReplace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().
jsing [Wed, 11 Jan 2023 04:26:24 +0000 (04:26 +0000)]
Replace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().

Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).

Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).

Now that none of the original code exists, replace the license and
copyright for this file.

ok tb@